Legal

GDPR & Data Protection Policy

Your rights under the General Data Protection Regulation and how to exercise them.

Last updated: March 2026

1. Who This Applies To

Betta Health Cameroon is a company registered in the Republic of Cameroon and is subject to Cameroonian data protection law administered by the CNDP (Commission Nationale pour la Protection des Données Personnelles). For users in the European Union or EEA, we additionally comply with the General Data Protection Regulation (GDPR) to the extent applicable to data processing activities that affect EU residents.

2. Special Category Data (Health Data)

  • Medical and health data is classified as 'special category data' under Article 9 of the GDPR and requires a higher level of protection.
  • We process your health data solely on the basis of your explicit written consent, provided during account registration and case submission.
  • You may withdraw this consent at any time by contacting info@bettahealth.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Health data is accessible only to the assigned specialist, and authorised administrative staff (CMO/Admin) on a need-to-know basis.

3. Your Rights Under GDPR

  • Right of Access (Art. 15): You have the right to request a copy of all personal data we hold about you, including your case history and specialist reports.
  • Right to Rectification (Art. 16): You have the right to request correction of any inaccurate personal data.
  • Right to Erasure / 'Right to be Forgotten' (Art. 17): You may request deletion of your personal data. Note that medical records may be subject to mandatory retention periods under applicable law (typically 10 years).
  • Right to Restriction of Processing (Art. 18): You may request that we temporarily suspend processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format (JSON/PDF).
  • Right to Object (Art. 21): You may object to processing based on legitimate interests.
  • Right Not to be Subject to Automated Decision-Making (Art. 22): We do not use automated decision-making or profiling that produces legal or similarly significant effects.

4. How to Exercise Your Rights

Submit a written request to info@bettahealth.com with the subject line 'GDPR Data Request'. Include your full name and registered email address. We will respond within 30 days. We may request proof of identity to protect against unauthorised access. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.

5. International Data Transfers

  • Supabase (primary storage): data is hosted in the EU/EEA. Supabase complies with GDPR and provides Standard Contractual Clauses (SCCs).
  • Stripe (payments): a US company operating under the EU-US Data Privacy Framework and SCCs.
  • Vercel (hosting): operates under SCCs for any EU-to-US data flows.
  • We do not transfer health data outside of these approved, contracted third parties without your explicit consent.

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware. If the breach is likely to result in a high risk to you, we will notify you directly without undue delay, describing the nature of the breach and the steps we are taking to mitigate it.

7. Supervisory Authority

  • Cameroon users: Commission Nationale pour la Protection des Données Personnelles (CNDP) — cndp.cm. Complaints may be filed with the CNDP regarding how we handle your personal data.
  • EU/EEA users: you may also lodge a complaint with your national data protection authority (e.g. CNIL in France, BfDI in Germany, ICO in the UK).
  • You also have the right to seek a judicial remedy before the competent courts of Yaoundé, Cameroon.

8. Cookie Compliance

We use only strictly necessary cookies (authentication tokens and preference storage). No advertising or tracking cookies are deployed. A consent banner is shown on your first visit to our public-facing pages. You can withdraw cookie consent at any time by clearing your browser cookies.

9. Data Protection Contact

For all data protection inquiries, contact us at info@bettahealth.com. Please mark the subject line 'Data Protection Inquiry'. We aim to respond within 5 business days.

Questions?

For any questions regarding this policy, contact us at: info@bettahealth.com or write to: Betta Health Cameroon, Entrée Ministre, NKOZOA, Yaoundé, Cameroon.