1. INTRODUCTION

In compliance with the EU Pillar Assessment No. 9 on Personal Data Protection, IGAD has aligned its cookie policy to the the ePrivacy Directive (also known as the EU cookie law). The EU cookie law regulates the use of data by websites, companies and service providers, how they are allowed to handle it, use it and for what purpose they are allowed to share it.

A cookie is a small data file that a website places on its users’ devices (computer, phone and tablet), which enables it to recognize them and know things about them. It’s positioned between a website and its users.>

In general terms, there are different ways of categorizing cookies. The first way is in the originator and owner of the cookies.

  • First-party cookies are those placed on a user’s computer by the website that he or she has visited.
  • Third-party cookies are those cookies belonging to a third party with access to the first-party site.

The other way to categorize cookies is on how long the cookie stays on the user’s browser for:

  • Session cookies are temporary cookies that are only stored on a user’s device for the duration of their stay on a given website, their session. The minute they click away, these cookies expire.
  • Persistent cookies, on the contrary, are cookies that linger on the user’s browser for much longer than merely a session, sometimes even for years. These are often “necessary cookies” and “preference cookies” that handle things like user log-in or language settings on a website, but they might also be “analytics cookies”, “advertisement cookies”, and “social media cookies” that enable actions such as personal profiling and targeted online marketing.

IGAD will post a Cookies Notice on its websites that is separate from the Privacy Policy.

Anyone who visits an IGAD website should be:

  • Notified that IGAD is using cookies.
  • Given information about the type of cookies IGAD is using.
  • Informed of what options are available to them if they want to opt out of having the website's cookies stored on their devices.

It is important to note that:

  • It is a must to acquire consent before placing cookies on a user's device. User consent must be given through affirmative action. This means that they must be asked for consent through an opt-in checkbox or by allowing users to configure cookies preferences from the Settings section of the website. User consent cannot be assumed or implied.
  • It must be easy to opt out of use of cookies. The website must give users an easy way to opt out of cookies, even after consent has been given. If consent was asked through options in the Settings section, then it should be possible to withdraw consent in the same section.

2. OBJECTIVE

The purpose of this document is to lay the necessary foundation and framework from which IGAD will develop its Cookie implementation on its corporate website and any other website it owns.

It describes the statements that are to be made public as per the requirement of the IGAD Data Protection Policy.

3. SCOPE

This policy shall apply to all of IGAD’s publicly available websites including the corporate website and the institution’s websites.

All staff, website developers (outsourced or internal) who may be involved in the design and development of an IGAD website are required to adhere to the requirements of this policy.

4. POLICY STATEMENTS

4.1 What are Cookies

In the context of computers, cookies are small files that contain information about browsing activity. Whenever you visit a website, the website sends a cookie to the device you're using to access the website. Your device automatically stores the cookie in a file that's located within your web browser.

When you revisit a site, the website will respond in a more personalized way, remembering your preferences, providing faster page load times and so forth.

4.2 Types of cookies used by IGAD

This Website uses “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.

These cookies are not essential but they help to personalize and enhance your online experience with IGAD. They help us to remember your preferences e.g. language preference and thus save you from having to reenter information that you had already shared with us. Deletion of these cookies may result in limited functionality of our service.

4.3 The purpose of using the cookies

This document informs Users about the technologies that help this Website to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Website.

For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate. For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.

Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.

This Website uses Trackers managed directly by the Owner (“first-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them. The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.

4.4 Opting out of Cookies or Withdrawing Consent

There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:

Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.

Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget.

It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.

Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.

With regard to any third-party Trackers, Users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.

4.4.1 Locating Tracker Settings

Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:

  • Google Chrome
  • Mozilla Firefox
  • Apple Safari
  • Microsoft Internet Explorer
  • Microsoft Edge
  • Opera

Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings, such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings, view and look for the relevant setting).

4.5 Cookies Notice

Displaying a banner pop-up box on the IGAD website is an effective way of letting visitors know that IGAD is using cookies. It's important that the information in the pop-up is clear and easy to understand.

IGAD will provide a cookies notice to users as soon as they arrive at the corporate website in the form of the banner pop-up box. This notice will include:

  • Information about your use of cookies,
  • A link to your Privacy Policy and/or Cookies Policy,
  • Information about how cookies settings can be adjusted, and
  • A method for users to consent to or decline your use of cookies

This will be done via a popup bar appearing at the bottom of the web page that is conspicuous enough without significantly blocking the webpage and creating an experience for the website user that makes them feel like consent is a prerequisite to viewing the website content.

The pop-up banner content shall be the same as or closely resemble that in Appendix A of this Policy.

5. ROLES AND RESPONSIBILITIES

  • All stakeholders submitting Exception approval requests, should authorize and accept the residual risks for which the Exception process is sought.
  • The final approval of the Exception will be obtained only from the functional heads.
  • Information Technology, Data Protection Officer and Risk functions would act as a Coordinator to collate and track Exception closure.
  • Data Protection Officer will ensure that there is no exception to any policies, procedures or standards that would lead to the loosening of controls against breach of PII or the exposure of PII to threats.

6. COMPLIANCE

Noncompliance with this policy may result in breach of applicable legislation, loss of revenue, image and/or reputation. Any breach of this policy will be dealt with according to IGAD HR disciplinary policy and procedures and may lead to termination of employment. Where required, illegal activities may also be reported to the appropriate authorities

7. EXCEPTIONS

Where systems, procedures or processes are not able to meet the requirements of this policy and an appropriate business justification exists, an exception should be raised for review and approval according to the Policy Exception Handling Procedure

8. REVISION

This policy will be reviewed at regular intervals in order to ensure relevance and general responsiveness especially to new and emerging issues. Other areas of interests will be incorporated from time to time. IGAD will attempt to notify users of any modifications by an appropriate communication means, or any other where possible.