Website Privacy Statement

1. INTRODUCTION

Thank you for visiting IGAD (Intergovernmental Authority on Development) websites. Data Protection is a high priority for IGAD and it’s possible to use our websites without collection of personal data. However, if you (data subject) wishes to use certain services in our website, processing of personal data could become necessary. Where the processing of personal data is necessary, we adhere to a statutory basis for such processing, we generally obtain consent from data subject.

The collecting and processing of personal data such as first name, last name, address, e-mail address, telephone numbers of the data subject shall be accordance with IGAD’s Data Protection Policy which is aligned to the General Data Protection Regulation (EU-GDPR), and IGAD Member States’ data protection/privacy laws and regulations.

IGAD, through this privacy statement, therefore seeks to inform the general public of the nature, scope and purpose of the personal data it collects, uses and processes. The privacy statement also informs data subjects of their rights.

IGAD as a data controller has implemented several technical and organizational measures to ensure protection of personal data processed through its websites. However, internet-based data transmission has many security threats and absolute protection may not be guaranteed. Therefore, IGAD cannot guarantee the security of personal data as it is transmitted to and is, e. by telephone or physically.

Privacy Statement Definitions:

i. Account means a unique account created for you to access our service or parts of our service.
ii. Organization (referred to as either “the Organization”, “We”, “Us” or “Our” in this privacy statement) is IGAD.
iii. Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website through to many other websites.
iv. Country refers to the Republic of Djibouti.
v. Device means any device that can access the Service such as a computer, a smartphone, or a tablet.
vi. Individual means any information that relates to an identified or identifiable individual.
vii. Service refers to the Website.
viii. Service Provider means any natural or legal person who processes the data on behalf of the Organization. It means to third party companies or individuals employed by the Organization to facilitate the Service, to provide the Service on behalf of the Organization, to perform services related to the Service. or to assist the Organization in analyzing how the Service is used.
ix. Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to to use the Service.
x. Usage Data refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
xi. Website refers to IGAD, accessible from https://www.igad.int/ and/or other institutional website.
xii. You means the individual accessing or using the Service, or the Organization, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Protection Policy Definitions

i. Data subject: this is any living individual whose personal data is collected, held or processed by an organization.
ii. Data controller: this is the organization which determines the purposes for which and how personal data is processed.
iii. Data processor: this is the organization that processes personal data only on behalf of the data controller. The data processor is usually a third party external to the organization.
iv. Joint Controller: this is when together with one or more organizations, the organization jointly determines why and how personal data should be processed.
v. Sensitive Personal Information: Sensitive Personal Information is any personal data to be used to identify the data subject to whom such information relates. It might be directly or indirectly linked to a data subject.
vi. Personal data: Personal data can include: Name; Home address; Work address; Telephone number; Mobile number; Email address; Passport number; National ID card; Social Security Number (or equivalent); Driver’s license; Physical, physiological, mental, or social condition; Health information; Financial information; Personal numbers; Tax file number; Work address; Credit/Debit card numbers; Social media posts; IP address; Location/GPS data and Cookies.

Non-Sensitive PII: is information that is available in public sources, the disclosure of which cannot reasonably be expected to result in personal harm.

Sensitive personal data: means data revealing the natural person’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property data, marital status, family details including name of the person’s children, parents, spouse or spouses, sex or the sexual orientation of the data subject. Sensitive PII is a combination of PII elements, which if lost, compromised, or disclosed without authorization could be used to a substantial harm, embarrassment, inconvenience, or unfairness to an individual.

Sensitive PII is any information or compilation of Information (aggregate collection), in electronic, non-electronic, or other form that includes:
a) An individual’s first and last name or first initial and last name in combination with any of the following data elements:

• Home address or telephone number; (including personal cell phone number, work phone, personal email addresses)
• Mother’s maiden name
• Month, day, and year of birth;
  b) A social security number (in whole or in part), driver’s license number, passport number, or alien registration number or other government-issued unique identification number.
  c) Unique biometric data such as a fingerprint, voice print, a retina or iris image, or any other unique physical representation.
  d) A unique account identifier, including a financial account number or credit or debit card number; electronic identification number, user name, or routing code.
  e) Any combination of the following data elements:
• An individual’s first and last name or first initial and last name.
• A unique account identifier, including a financial account number or credit or debit card number, electronic identification number, username, or routing code;
• Any security code, access code, or password, or source code that could be used to generate such codes or passwords.
  f) Health data: means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about his or her health status.

vii. Data Protection Officer (DPO): a role that is responsible for the collection and processing of personal data. DPOs are responsible for educating the organization and its employees about compliance, training staff involved in data processing, coordinating with agencies and conducting regular security audits.
viii. Processing: means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
ix. Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
x. Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, normally written.
xi. Personal data: means any information relating to an identified or identifiable natural person (known as the data subject); including, leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
xii. Biometric data: means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as fingerprints, retina or iris patterns, voiceprints, or DNA.
xiii. Pseudonymization: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, and such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Name and Address of the Data Controller

IGAD (Intergovernmental Authority on Development)
Avenue Georges Clemenceau
P.O Box 2653, Djibouti

Telephone: +253-21354050
Email: info@igad.int
Website: www.igad.int

Name and Address of the Data Protection Officer

Data Protection Officer
IGAD (Intergovernmental Authority on Development)
Avenue Georges Clémenceau
P.O Box 2653, Djibouti

Telephone: +253 21354050
Email: cpo@igad.int
Website: www.igad.int

2. PURPOSE

a) This Website Privacy Statement will be displayed on all IGAD websites when a user selects the Privacy Statement link.
b) It links to the more detailed Cookie Policy and Data Protection Policy and summarized critical data protection and privacy concerns. The organization especially in relation to the website usage by all who visit IGAD websites.
c) The text under the website privacy statement will appear as a downloadable pdf document. The text will be in a language that is comprehensible to the user. As the formatting may be edited to suit the viewer, the content must stay the same.

3. SCOPE

This Privacy Statement applies to all IGAD corporate and institutions’ websites.

3.1 Privacy Statement

This Privacy Statement describes our policies and procedures on the collection, use and disclosure of your information when you use this website service and tells you about your privacy rights and choices.
We use your personal data to provide and improve the website services. By using the website services, you agree to the collection and use of information in accordance with this Privacy Statement.

3.2 Children’s Privacy

Our Service does not address anyone under the age of 13 for EU citizens and 18 Years for IGAD member states. We do not knowingly collect personally identifiable information from anyone under the age of 13 for EU and 18 Years for IGAD member states. Different countries constitutions specify the age of a child. IGAD’s Data protection policy framework requires that Children data is only collected and processed with consent of a parent or guardian or authorized administrator. If you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 for EU and 18 for IGAD Member States without verification of parental consent, we will take steps to remove that information from our servers. Some websites may be set to ask for your age before you proceed.

3.3 Collection and Use of Personal Data and Information

3.3.1 Usage Data

Usage Data is collected automatically when using the Service. IGAD websites collect personal data and information when a data subject or automated system calls up the website, this data is known as usage data. The general data and information (usage data) are stored in the server log files. The data collected includes:
a) the browser types and versions used, and information sent by browsers to our servers,
b) the operating system used by the accessing system,
c) the website from which an accessing system reaches our website (so-called referrers),
d) the sub-websites,
e) the date and time of access to the Internet site,
f) the time spent on our websites,
g) an Internet protocol address (IP address),
h) unique device identifiers and other diagnostics,
i) the browser type and version used, the operating system, and
j) any other similar data and information that may be used in the event of attacks on our information technology systems.

When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device operating system, the type of mobile network you are using, your IP address, and the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

When using these general data and information, IGAD does not draw any conclusions about the data subject. Rather, this information is needed to:
i. deliver the content of our website correctly,
ii. optimize the content of our website as well as its advertisement/banners,
iii. ensure the general availability of our information technology systems and website technology, and
iv. provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

IGAD analyzes anonymously collected data and information statistically, with the aim of increasing the data quality and the range of our services, but does not draw any personal legal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

IGAD websites and internet pages use cookies and tracking technologies to collect and process usage data.

3.3.2 Cookies and Tracking Technologies

The internet pages of IGAD use cookies and other tracking technologies to track the activity on our Service and store certain information. Cookies are text files that are stored in a computer system via an internet browser while tracking technologies used are beacons, tags and scripts to collect and track information and to improve and analyze our Service. Cookies and tracking technologies are widely used by many internet sites and servers. Cookies contain cookies and server log files, which each cookie is contained in a header string in the internet pages and servers are assigned to specific internet browser in which cookies are stored. This enables visited internet sites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. Cookies help identify and recognize specific internet browsers using unique cookie ID.

Our websites use cookies and tracking technologies to provide users with more user-friendly services that would not be possible without cookies. Cookies enable us to recognize our website users and makes it easier for users to use our website. When you use cookies, you can for example save your login information or your preferences. If you do not accept cookies, we may be unable to provide you with the services we have already stored on the user’s computer system.

Data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used and thus permanently deny setting of cookies. Data subjects can also delete already set stored cookies on the internet browser at any time. When you delete cookies, you lose some functions of our website and renders some services unusable.

3.3.3. Cookie Statement

We use cookies to improve user experience and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy.

You can change your cookie settings at any time by clicking “Cookie Preferences.”

3.3.4. Cookie Pop-Up Banner

What we use Cookies For

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. By clicking “Reject” you can continue to use our website but some features of our website may not be available to you. By clicking “Customize”, you allow some cookies, and clicking Allow enables all the cookies.

Privacy Policy Cookie Policy
Reject
Customize
Allow

The cookies and tracking technologies that our websites use may include:
a) Cookies or Browser Cookies: A cookie is a small file placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our Service. Unless you have adjusted your browser setting so that it will refuse cookies, our Service may use cookies.
b) Flash Cookie: Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about your preferences or your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies.
c) Web Beacons: Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Organization, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while Session cookies are deleted as soon as you close your web browser.
We use both Session and Persistent cookies for the purposes set out below:
a) Necessary / Essential Cookies
Type: Session Cookies
Purpose: These Cookies are essential to provide you with services available through the Website and to enable You to use some of its features. They help us to recognise You when You visit the Website, remember Your preferences (for example, language) and provide security features. These Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.
b) Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
c) Functionality Cookies
Type: Persistent Cookies
Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re enter your preferences every time you use the Website.

For more information about the cookies, we use and your choices regarding cookies, please visit our Cookies Policy.

3.3.5. Personally Identifiable Information

IGAD website service may ask you to provide certain personally identifiable information that can be used to contact or identify you. Personally identifiable Information may include, but is not limited to:

• Email address
• First name and last name
• Phone number

3.3.6 Possibility of Contact via the Website

The IGAD website contains information that enables a quick electronic contact to our organization, as well as direct communication with us, which includes a general address and telephone and a phone mail contact address. It is also subject contents the possibility of telephone, e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

3.3.7 Data Protection for Applications and the Application Procedures

IGAD shall collect and process the personal data of applicants for the purpose of the processing of Contracts, Jobs, Grants, Internships etc. procedures. The processing may also be carried out electronically. This is the case if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. Whether electronically or in paper form, the data of the applicant are being processed in accordance with compliance with legal requirements. The application data shall be changed in accordance with IGAD Records and Archives Management Policy regulations and IGAD Records retention and disposition schedules.

3.3.8 Data protection provisions about the application and use of Google Analytics (with anonymization function)

IGAD website has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so called referrer), which sub-pages were visited, to how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and to carry out a cost-benefit analysis of Internet advertising. The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. For the web analytics through Google Analytics the controller uses the application “gat _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a sub-page of the IGAD European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

3.4 Data Protection Provisions about the Use of Social Media Sites connected to IGAD

Our Service may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy and terms of use, which we have provided for information and responsibility for the content, privacy policies or practices of any third-party sites or services.

a) Data protection provisions about the application and use of Twitter

IGAD website has integrated components of Twitter and IGAD has a twitter account. Twitter is a multilingual, publicly accessible microblogging service on which users may publish and spread so-called “tweets”, e.g. short messages, which are limited to 140 characters. These short messages are available for everyone, including those who are not logged on to Twitter. Twitter is a social network that allows users to communicate with each other and with other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links, or retweets.

The operating company of Twitter is Twitter, Inc., 1335 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter may collect, process and store data, the page of which is accessed by the user in subject.

When the data subject clicks on the twitter link on IGAD website, The Twitter Data protection and privacy policies apply. IGAD will not be liable for Twitter related data collection, storage, processing, and protection. The applicable data protection provisions of Twitter may be accessed at https://twitter.com/privacy-policy?lang=en.

b) Data protection provisions about the application and use of Meta Platforms (Facebook and WhatsApp)

IGAD website has integrated components of Meta platforms particularly Facebook and WhatsApp and IGAD has Facebook and WhatsApp accounts.

Facebook

Facebook is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called “posts”. Facebook comes with a messenger which allows users to chat directly. They can post text, photos and multimedia which are shared with any other users who have agreed to be their friends. Users can also join common-interest groups, and receive notifications on the activities of their Facebook friends and pages they follow. These posts are available for everyone, including those who are not logged on to Facebook.

The operating company of Facebook is Meta, Inc., Menlo Park, California, UNITED STATES.

Further information about the Facebook buttons is available under https://www.facebook.com/business/resource. During the course of this technical procedure, Facebook gains knowledge of what specific sub-page of our website was visited by the data subject. Facebook uses cookies and their cookies policy is available at https://www.facebook.com/policy/cookies/.

When the data subject clicks on the Facebook link on IGAD website, The Facebook Data protection and privacy policies apply. IGAD will not be liable for Facebook related data collection, storage, processing or protection. The applicable data protection provisions of Facebook may be accessed under https://m.facebook.com.

WhatsApp
WhatApp, Messenger, or simply WhatsApp, is an American freeware, cross-platform centralized instant messaging and voice-over-IP service owned by Meta Platforms. It allows users to send text messages and voice messages, make voice and video calls, and share images, documents, user locations, and other content.

The operating company of Facebook is Meta, Inc., Menlo Park, California, UNITED STATES.

When the data subject clicks on the WhatsApp link on IGAD website, The WhatsApp Data protection and privacy policies apply. IGAD will not be liable for Facebook related data collection, storage, processing, and protection. However, IGAD may be liable for Messages and attachments shared. Whatsapp privacy policy can be found at https://www.whatsapp.com/legal/privacy-policy?lang=en.

c) Data protection provisions about the application and use of YouTube

IGAD website has integrated components of YouTube and IGAD has a YouTube Channel. YouTube is a free online video sharing and viewing platform. YouTube allows users to share videos of their users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, which can be viewed and shared by users around the world.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. Tel: 650-253-0000, Fax: 650-253-0001, Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

When the data subject clicks on the YouTube link on IGAD website, The YouTube Data protection and privacy policies apply. IGAD will not be liable for YouTube related data collection, storage, processing, and protection. YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.

d) Data protection provisions about the application and use of Linkedin

IGAD Website has integrated components of the Linkedin and has a Linkedin account. Linkedin is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use Linkedin. Thus, Linkedin is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of Linkedin is Linkedin Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible

Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugs. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.

LinkedIn provides under https://www.linkedin.com/setting/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings, LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, ComScore, Eloqua, and Lotame, The setting of such cookies may be used under https://www.linkedin.com/legal/cookie-policy.

When the data subject clicks on the LinkedIn link on IGAD website, The LinkedIn Data protection and privacy policies apply IGAD will not be liable for LinkedIn related data collection, storage, processing and protection, The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

3.5. Rights of the Data Subject

In collecting, processing, storing and / or transmitting personal data, IGAD shall ensure that the rights of the data subjects are known and protected by doing the following
i. The right to be informed: IGAD shall communicate concisely and in plain language to individuals about what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
ii. The right of access: IGAD is committed to providing a copy of any personal data held concerning the individual as long as the requests are submitted with to manifestly unfounded, repetitive or excessive requests.
iii. The right to rectification: IGAD is committed to ensuring when an individual discovers is being collection and on the individual is being the complete and the requests that it be updated.
iv. The right to erasure (the right to be forgotten): IGAD is committed to ensuring when an individual requests to have their data deleted, where they withdraw consent or when the data is no longer required, the data is securely disposed off, or per the Secure Disposal Procedure and the Information Classification standard.
v. The right to restrict processing: Where necessary, IGAD is committed to limit the way data is used or processed upon request by a data subject.
vi. The right to data portability: Where data is provided by way of a contract or consent, then individuals can ask and IGAD shall ensure that they are permitted to obtain and reuse their personal data for their own purposes across different services.
vii. The right to object: IGAD shall permit and offer the data subject with an easy process for them to register their objection to the processing of their personal data.
viii. IGAD shall respect the rights related to automated decision making with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals and institute adequate controls including providing for permissions for data subjects to challenge and request a review of the processing if they believe the rules have not been followed.
ix. Right to confidentiality of electronic communications: IGAD shall ensure by means of technical controls such as encryption and authentication controls that all electronic communications are kept confidential, and the data being transmitted is protected from unauthorized access or manipulation.
x. Right to Withdraw Consent
Each data subject shall have the right to withdraw his or her consent to processing of his or her personal data at any time as guaranteed in the EU GDPR and IGAD Member state data protection laws and regulations.
Should the data subject wish to withdraw their consent to collecting and processing of their personal data by IGAD, He or she is free to directly contact our Data Protection Officer at IGAD or another employee of IGAD (controller)

3.6 Categories of Data Subjects

IGAD has several categories of data subjects such as:
a) Staff & IGAD Institutions: By contracts, data is stored in Registries, Record Centers, and Databases.
b) Development Partners: By partnerships, MOUs, Contracts – Data is stored in Registries, Record Centers, and Databases.
c) Contractors and Grantees: By procurement and grants contracts – Data is stored in Registries, Record Centers, and Databases.
d) Task Forces Members, Projects and Initiatives: By collaborations – Data is stored in Registries.
e) Membership: By Registration to receive alerts – Contracts and representatives of corporate, institutional and individual members are stored in our database.
f) Event Participants: By registering for our events – Data is stored in our Databases.
g) General Public: By requests – Data is stored in our Databases.

3.7 Use of Your Personal Data

IGAD may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage Your Account to manage Your registration to a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service.
• To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or services offered, including the security updates, when necessary or reasonable for their implementation.
• To provide You with news, special offers and general information about other goods, services, and events which we offer that we similar to those that you have already purchased or required about unless You have opted not to receive such information.
• To manage Your requests: To attend and manage Your requests to Us.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends and to evaluate and improve our Service, and your experience.

3.8 Sharing your personal information

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
• With Affiliates: We may share Your information with Our Affiliates, in which case they will be subject to all the laws of the Republic of Kenya and the laws of the country of their location. Our institutions, research partners, development partners or other companies that We control or that are under common control with Us.
• With Your Consent: We may disclose Your personal information for any other purpose with Your consent.

3.9 Retention of Personal Data

We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Statement. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service. We may retain and use Your Personal Data for a longer period in the periods. All retention and disposal of data will be guided by IGAD’s records retention and disposition Schedule.

3.10 Transfer of Your Personal Data

Your information, including personal data, is processed at the Organization’s offices and in any other places where we perform activities. The processing is based, it seems that this information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

Your consent to this Privacy Statement followed by your submission of such information represents your agreement to that transfer.

The Organization will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement and the IGAD Data Protection Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

3.11 Disclosure of Your Personal Data

a) Business Transactions
We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
b) Law enforcement
Under certain circumstances, the Organization may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
c) Other legal requirements
The Organization may disclose your Personal Data in the good faith if we believe that such action is necessary to:

• Comply with a legal obligation.
• Protect and defend the rights or property of the Organization.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of users of the Service or the public.
• Enforce legal obligations liability.
  d) Security of Your Personal Data
  The security of your Personal Data is important to us, but there is no method of transmission over the Internet, or method of electronic storage which is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

3.12 Changes to this Privacy Policy

We may update our Privacy Statement and policies from time to time. We will notify you of any changes by posting the new Privacy Statement on IGAD Websites.
We will notify via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Statement.
You are advised to review this Privacy Statement periodically for any changes. Changes to this Privacy Statement are effective when they are posted on this page.

3.13 Contact Us

If you have any questions about this Privacy Statement, verification, withdrawal of consent, or data breach, you can contact the address below:

Data Protection Officer
IGAD (Intergovernmental Authority on Development)
Avenue Georges Clemenceau
P.O Box 2653, Djibouti

Telephone: +253-215-4050
Email: dpo@igad.int
Website: www.igad.int