Privacy Policy - Amma

Privacy Policy

Amma – The Virtual Pharmacist Assistant

Effective Date: 1st May 2025

Last Updated: N/A

1. DEFINITIONS

1.1 “Act” means the Data Protection Act, 2012 (Act 843) of the Republic of Ghana.

1.2 “Controller” means Aide Chemists Limited, responsible for determining the purposes and means of processing Personal Data.

1.3 “Personal Data” means any information relating to an identifiable natural person as defined under the Act.

1.4 “Processing” means any operation performed on Personal Data, including collection, recording, storage, retrieval, disclosure, and erasure.

1.5 “Service” means Amma, the Virtual Pharmacist Assistant, provided by the Controller.

2. SCOPE AND APPLICATION

2.1 This Policy governs all Processing activities by the Controller in relation to the Service.

2.2 This Policy applies to all Users who access or interact with the Service, whether directly or through a third-party platform.

3. PRINCIPLES OF DATA PROCESSING

3.1 The Controller shall adhere to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability as prescribed by the Act.

3.2 Personal Data shall only be Processed where a valid legal basis exists under the Act.

4. LAWFUL BASIS FOR PROCESSING

4.1 Consent: Processing based on the User’s explicit consent for one or more specified purposes.

4.2 Contractual Necessity: Processing necessary for the performance of a contract to which the User is a party.

4.3 Legal Obligation: Processing necessary for compliance with a legal obligation to which the Controller is subject.

4.4 Legitimate Interests: Processing necessary for the legitimate interests pursued by the Controller, excluding fundamental rights and freedoms of the User.

5. CATEGORIES OF PERSONAL DATA

5.1 Non-sensitive Personal Data: anonymized identifiers, device metadata, usage logs.

5.2 User-Provided Data: health queries, uploaded documents, feedback.

5.3 Special Categories of Personal Data: sensitive health information provided voluntarily by the User, subject to enhanced protection measures.

6. PURPOSES OF PROCESSING

6.1 To deliver and enhance the Quality of Service, including AI training and feature improvement.

6.2 To comply with legal, regulatory, or contractual obligations.

6.3 To safeguard the Service against fraud, abuse, or security incidents.

6.4 To respond to User requests, inquiries, and support needs.

7. DATA RETENTION AND ERASURE

7.1 Data Retention Periods:

    (a) Usage Logs and Anonymized Data: Retained for up to twelve (12) months.

    (b) Uploaded User Documents: Retained for a maximum of thirty (180) days unless retention is required by law.

    (c) Special Categories Data: Retained only as necessary and with explicit consent.

7.2 The Controller shall implement procedures to securely delete or anonymize Personal Data upon expiry of the retention period.

8. USER RIGHTS

8.1 Right to Access: Users may obtain confirmation of Processing and access to their Personal Data.

8.2 Right to Rectification: Users may request correction of inaccurate or incomplete Personal Data.

8.3 Right to Erasure: Users may request deletion of Personal Data where Processing is no longer justified.

8.4 Right to Restrict Processing: Users may request limitation of Processing under certain conditions.

8.5 Right to Data Portability: Users may request to receive their Personal Data in a structured, commonly used format.

8.6 Right to Object: Users may object to Processing based on legitimate interests or direct marketing.

8.7 Right to Withdraw Consent: Where Processing is based on consent, Users may withdraw consent at any time.

9. DATA SECURITY MEASURES

9.1 The Controller shall implement appropriate technical and organizational measures, including encryption, access controls, and regular security assessments, to protect Personal Data from unauthorized access, disclosure, alteration, or destruction.

9.2 Third-party Service Providers shall be contractually bound to maintain equivalent data security standards.

10. DATA SHARING AND INTERNATIONAL TRANSFERS

10.1 The Controller shall not transfer Personal Data outside Ghana unless:

    (a) Adequate safeguards are in place (e.g., standard contractual clauses).

    (b) The transfer is required by law or permitted by the Act.

10.2 Personal Data may be disclosed to law enforcement, regulatory authorities, or in response to a valid court order.

11. USE OF AI AND AUTOMATION

11.1 The Service leverages AI models trained on anonymized data; no automated decision-making producing legal or similarly significant effects shall occur without human intervention.

11.2 Regular audits and bias assessments shall be conducted to ensure ethical use of AI.

12. MINORS

12.1 The Service is not directed at individuals under the age of eighteen (18).

12.2 If Personal Data of a minor is inadvertently collected, the Controller shall securely delete such data without undue delay.

13. POLICY GOVERNANCE AND ACCOUNTABILITY

13.1 The Controller shall appoint a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and the Act.

13.2 The Controller shall maintain internal records of Processing activities and conduct periodic compliance audits.

14. AMENDMENTS TO POLICY

14.1 The Controller reserves the right to modify this Policy. Material amendments shall be communicated to Users via the Service and website prior to implementation.

14.2 Continued use of the Service after notification constitutes acceptance of the updated Policy.

15. CONTACT INFORMATION

For questions or exercise of rights under this Policy, contact:

Data Protection Officer
Aide Chemists Limited
V194 Broccoli Street
Ashale Botwe, Accra, Ghana
Email: [email protected]
Tel: +233 50 144 8667

Scroll to Top