1.
Controller
The Addis Ababa Food and Drug Authority ("AAFDA," "we," "us," or "our"), is the data controller responsible for the processing of your personal data collected through the AAFDA licensing and regulatory portal and associated mobile application (collectively, the "System").
2.
Introduction
This Privacy Policy describes how AAFDA collects, uses, discloses, and protects the personal information of Health Professionals, representatives of Health Facilities, and representatives of Food and Health-Related Institutions (hereinafter, "you" or "Applicant") in the context of licensing applications, renewals, and regulatory oversight activities. By submitting information through this System, you acknowledge that you have read and understood this Privacy Policy and you consent to the collection and use of your information as described herein.Submission of data is mandatory for the purpose of obtaining a license and complying with regulatory requirements.
3.
Information We Collect
We collect information necessary to assess eligibility, grant licenses, and perform our regulatory mandate. The types of information collected include:
a.
Personal Identification and Professional Information
For Individuals/Professionals: Full name, date of birth, gender, photograph, national identification number, professional license numbers, educational history, qualifications, certificates, work experience, curriculum vitae (CV), signature.
For Institutional Representatives & Key Personnel: Full name, position/title, national ID, professional license, contact details, and evidence of eligibility for the role.
b.
Contact Information
: Business address, personal address (if applicable), email address, telephone number.
c.
Sensitive Personal Data (Special Category Data)
Professional Fitness Information
Details of professional conduct history, disciplinary actions, criminal records (as required by law for licensing), and health status or disability information only where relevant and necessary to assess fitness to practice or to provide reasonable accommodations during inspections or hearings
Institutional Operational Data
Information about services offered, patient safety records (in the context of inspections), complaint details, and compliance history.
d.
Financial and Transactional Information
: Payment information for license fees (note: while we process payment instructions, we may not store full credit card details). Transaction records of applications and renewals.
4.
Legal Basis for Processing
AAFDA processes your personal data based on the following legal grounds under applicable Ethiopian law, including the Ethiopian Data Proclamation and relevant health regulations:
Legal Obligation
Processing is necessary for compliance with the laws and regulations governing the licensing and regulation of health professionals and facilities in Addis Ababa.
Public Interest
Processing is necessary for the performance of a task carried out in the public interest, specifically the protection of public health and safety through licensing and oversight.
Performance of a Contract
Processing is necessary for the steps taken at your request to enter into a licensing agreement.
Vital Interest
In rare circumstances, processing may be necessary to protect the vital interests of a data subject or another person (e.g., in a public health emergency).
Consent
We will rely on your explicit consent for any purpose not covered by the above bases, such as for certain marketing communications. You may withdraw consent at any time.
5.
How We Use Your Information
We use the information we collect strictly for the following purposes
To process, evaluate, and verify applications for licenses and renewals
To maintain a public register of licensed professionals and institutions as required by law.
To conduct regulatory oversight, including audits, inspections, investigations, and disciplinary proceedings.
To communicate with you regarding your application, license status, regulatory requirements, and important public health information.
To process payments and maintain financial records.
To ensure the security and integrity of our System and to prevent fraud.
To comply with our legal and reporting obligations.
6.
How We Share and Disclose Your Information
Given our regulatory role, we may share your information with specific third parties under strict conditions:
Public Disclosure
As required by law, certain information (e.g., name, license type, license status, institution name, address) will be published in public registers to ensure transparency and public safety
With Other Government Bodies
With Service Providers
We engage trusted third-party service providers (e.g., IT hosting, software maintenance, payment processors) who act as data processors on our strict instructions. They are bound by contracts requiring them to protect your data and not use it for any other purpose.
For Legal and Emergency Reasons
We will disclose information if required to do so by law, to protect the rights and safety of AAFDA and the public, or in response to a valid legal request (e.g., court order, subpoena).
7.
International Data Transfers
Your data is processed and stored primarily within Ethiopia. Should any transfer of data outside Ethiopia be necessary, it will only occur with appropriate safeguards in place as required by Ethiopian law.
8.
Data Security
AAFDA implements robust technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls (role-based permissions), regular security assessments, and mandatory training for staff on data confidentiality.
9.
Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including compliance with legal, regulatory, accounting, or reporting requirements. Retention periods are defined based on the type of record and legal mandates. Typically, licensing and regulatory records are retained for a significant period after the expiration of a license or the closure of a facility to fulfill our historical regulatory and public safety (mission).
10.
Your Data Rights
Under applicable data protection laws, you may have the right to:
Access your personal data.
Rectify inaccurate or incomplete data.
Erase your data ("right to be forgotten") in certain limited circumstances (this right is not absolute and may be overridden by our legal obligation to retain data).
Restrict the processing of your data.
Object to processing based on public interest or legitimate interest grounds.
Data Portability, where applicable.
To exercise these rights, please contact us using the details below. Please note that we may require proof of your identity and we may deny requests that conflict with our legal obligations.
11.
Changes to This Policy
We may update this policy to reflect changes in our practices or the law. We will notify you of any material changes by posting the new policy on our website and within the System and updating the "Last Updated" date.
12.
Contact Us & Data Protection Officer
For questions, concerns, or to exercise your data rights, please contact our Data Protection Officer (or equivalent officer) at:
Addis Ababa Food and Drug Authority (AAFDA)
Arada Sub city, Behind Tourist hotel, 4 Kilo street
Email:
Proflisence@gmail.com
Phone:
0118284038 / 8864
13.
Complaints
You have the right to lodge a complaint with the relevant Ethiopian supervisory authority for data protection matters.