Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
32 views5 pages

Taye Prepared Proc.

Uploaded by

tayeamsalu21
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
32 views5 pages

Taye Prepared Proc.

Uploaded by

tayeamsalu21
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Part Four

Data Protection and Privacy

Section 1: Personal Data Protection

Article 20: Rights of data subjects

1. (a) Data subjects shall have the right to be informed about the collection and
processing of their personal data, including the purpose and duration of such
processing.

(b) They shall have the right to request correction or updating of their personal data if
it is inaccurate or incomplete.

(c) They shall have the right to request the deletion of their personal data when it is
no longer necessary for the purposes for which it was collected or if consent is
withdrawn.
(d) They shall have the right to request the restriction of processing of their data
under specified circumstances.

2. Subject sub (1) of the above article data controllers and processors have obligations:

(a) Data controllers and processors shall process personal data lawfully, fairly, and
transparently.
(b) They shall implement appropriate technical and organizational measures to ensure
data security and prevent unauthorized access, disclosure, or destruction.
(c) Personal data shall not be retained for longer than necessary for the purpose for
which it was collected.
Article 21: Data storage and processing standards

1. Data shall primarily be stored within the territory of Ethiopia unless expressly permitted
by relevant authorities.
2. Cross-border data transfer shall be allowed only in compliance with prescribed security
and privacy standards.
3. Data Controllers and Processors must implement appropriate technical and organizational
measures to ensure data security, including encryption, access controls, and regular
audits.
4. Any breach of data security shall be reported to the relevant authority within 72 hours of
detection.
5. Any violation of the above article shall result in administrative fines and, where
applicable, criminal liability.

Article 22: Anonymization and data minimization

1. Data Controllers and Processors shall implement anonymization techniques to ensure


personal data cannot be re-identified.
2. Anonymized data shall be used when full personal identification is not required for
processing purposes.
3. Data Controllers and Processors shall collect and retain only the minimum amount of
personal data necessary to fulfill the specified purpose.
4. Data shall not be collected or retained beyond the stated requirements, unless mandated
by law.

Article 23: The rights of data subjects

1. Data subjects shall have the right to: Obtain confirmation from Data Controllers as to
whether their personal data is being processed and access their personal data and receive
a copy of the information held about them
2. They also right to rectification: Data subjects shall have the right to request rectification
of inaccurate or incomplete personal data and Data Controllers shall respond to such
requests without undue delay.
3. Data subjects shall have the right to request the deletion of their personal data when:

(a) The data is no longer necessary for the purposes for which it was collected.
(b) Consent is withdrawn, and there is no other legal basis for processing.
(c) The data has been unlawfully processed.

Article 24: Obligation to notify consumers

1. Suppliers shall provide consumers with the following information prior to completing a
transaction:

a) Supplier’s full legal name, address, and contact details.


b) Detailed description of goods or services offered, including key features and
specifications.
c) Total price, inclusive of taxes, delivery fees, and any additional charges.

2. Suppliers shall issue a confirmation notice to consumers upon order placement, which
must include:

a) Transaction identification number.


b) Details of the purchased goods or services.
c) Total cost breakdown and payment confirmation.
d) Estimated delivery date and tracking information.

3. Suppliers shall notify consumers of any changes or delays in order fulfillment and
provide timely updates on:

a) Shipping status.
b) Cancellation or refund processing
c) Changes to delivery schedules.

Article 25: Reporting procedures and protocols.

1. Suppliers shall maintain and make available records of:


a) Business registration and licensing details
b) Terms and conditions of sale.
c) Privacy and data protection policies.
d) Payment systems and security measures.
2. Suppliers must report to the relevant authorities any incidents involving:

a) Data breaches or unauthorized access to consumer information.


b) Fraudulent activities or security breaches.
c) Service disruptions affecting transaction processing.
d) Consumer complaints that remain unresolved after initial resolution efforts.

You might also like