COMESA Data Privacy Policy

Division of Information and Networking

COMESA DATA PRIVACY POLICY

1

ARTICLE 1

PURPOSE

  1. The Data Protection and Privacy Policy ( the Policy’) describes how the COMESA Secretariat collects, uses and shares information provided to the Organization in the course of conducting its business and managing its websites.

  1. In this Policy, when reference is made to COMESA Secretariat or “we"/"us”/“our" it means the Secretariat of the Common Market for Eastern and Southern Africa (’COMESA Secretariat’)

  1. The Policy may be revised at any time or according to COMESA Policy review cycle.

ARTICLE 2 POLICY OVERVIEW

The Policy shall be addressing the following:

  1. Information that COMESA collects
  2. How COMESA uses the information collected
  3. Sharing the information with third parties
  4. Protecting the data
  5. Keeping the information secure g        Choices and rights
  1. Compliance
  2. Review

ARTICLE 3

INFORMATION  THAT COMESA COLLECTS

COMESA collects and processes personal information received from staff. bidders and service providers via email, websites and post mail service delivery.

  1.         Personal information " is defined as any information that can be used to identify you or that we can link to you and which we have in our possession or control i.e., data we collect from you, the way in which it is collected and the purposes for which it is collected and used.

  1. Upon signing up for services on COMESA’s website when signing up for newsletters webinars, events or participate in COMESA meetings or when you contact us with queries or respond to our communications, the personal information you provide may include your full name, job title, telephone number, email address and content, date and time of your correspondence and information about your firm or your business.

  1. During the recruitment process, when one applies for a vacancy from COMESA the applicant        provides        his full name, date of birth, nationality, education and qualification details, gender, curriculum vitae , photograph, passport details, marital status, home address and home telephone number, mobile telephone number and other details set out in your application.

2

  1. COMESA also obtains information from other sources such as records of personal information relating to past employment, qualifications and education, opinions from third parties about you, past employment history and other details about you, which may be provided to us by a third party that provides background screening services to us.

ARTICLE 4

USAGE OF COLLECTED INFORMATION

COMESA may use the collected personal information for the following purposes:

  1. To keep you informed about our programmes and latest developments in the region and this may include sending you newsletters, updates, event invitations and other information that may be of interest to you;
  2. Where you have applied for a position with us, to review and process your job application;
  3. To comply with legal or regulatory obligations that we must discharge;
  4. To establish, exercise or defend our legal rights, or for the purposes of legal proceedings;
  5. Log your use of our website or our other online services for our internal business purposes, which may include the analysis of usage, measurement of site performance and generation of reports;

     To look into any complaints or queries you may have;

9) To prevent and respond to actual or potential fraud or illegal activities; and

h) To collate, process and share any statistics based on an aggregation of information held by us, provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.

ARTICLE 5

GROUNDS FOR USING THE PERSONAL INFORMATION

COMESA relies upon the following legal grounds to process the personal information, namely:

  1. Performance of a contract - We may need to collect and use your personal information to enter into a contract with you or to perform our obligations under a contract with you.
  2. Legitimate interests - We may use your personal information for our legitimate interests, some examples of which are given above.
  3. Compliance with law or regulation - We may use your personal information as necessary to comply with applicable laws/regulations.
  4. Consent - We may (but usually do not) need your consent to use your personal information. However, you may withdraw your consent by contacting us (CONTACT).

3

ARTICLE 6

SHARING INFORMATION WITH THIRD PARTIES

  1. COMESA may share received personal information with her Policy Organs and Institutions and the COMESA Liaison Ogice in Brussels

  1. COMESA may also share personal information outside the COMESA Secretariat and this may include, but is not limited to, the following:

  1. Third party agents/suppliers or contractors, bound by obligations of confidentiality, in connection with the processing of your personal information for the purposes described in this Policy.
  2. IT and communications service providers.
  3. Third parties relevant to the services that we provide.
  4.         Counterparties to litigation, professional service providers, sponsors of our events, regulators, authorities and governmental institutions.

ARTICLE 7

PROTECTING DATA (INCLUDING THAT OF EUROPEAN UNION CITIZENS)

  1. COMESA may transfer data that is collect from you to third-party data processors in countries that are outside the European Union (EU) i.e. COMESA Institutions as this may be required, for example, in order to fulfil your order, process your payment details or provide support services.

  1. In doing so, COMESA has procedures in place to ensure that the collected data receives the same protection as if it were being processed inside the EU. For example, COMESA contracts with third parties stipulate the standards they must follow at all times.

  1. All service providers dealing with private and sensitive data are required to sign the COMESA Non -Disclosure Agreement.

  1. Any transfer of personal data will follow applicable laws and be processed in accordance with guiding principles of this Privacy Policy.

ARTICLE 8

KEEPING OF INFORMATION AND INFORMATION SECURITY

  1. The duration that COMESA hold personal information held will vary and depend principally on:

  1. The purpose for which we are using your personal information - We will need to keep the information for as long as is necessary for the relevant purpose; and
  2. Legal obligations - Laws or regulations may set a minimum period for which we have to keep your personal information.

4

  1. You have legal rights in relation to the personal information that COMESA holds  about you and you may exercise those rights by contacting COMESA using the details set out below.

  1. These legal rights include the following:

  1. Obtaining information regarding the processing of your personal information and access to the personal information which we hold about you.
  2. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information and specifically , information that is subject to legal professional privilege will not be disclosed other than to authorized personnel.

) Requesting that we correct your personal information if it is inaccurate or incomplete.

  1. Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are under a legal obligation to retain it.
  2. Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are under a legal obligation to refuse that request.

     In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit such information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.

  1. Withdrawing your consent, although in certain circumstances it may  be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
  2. Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us.
  3. We may , on request, advise you which data protection authority is relevant to the processing of your personal information.

ARTICLE 9 COMPLIANCE

  1. COMESA will avoid breaches of legal, statutory, regulatory or contractual

obligations related to information security and of any security requirements.

  1. The Secretariat shall take technical and organizational measures to protect personal data against accidental or unlawful destruction, or accidental loss or alteration, and unauthorized disclosure or access. In particular, the Secretariat takes measures that are intended to ensure that:
  1. Anyone managing and handling personal data understands that they are contractually responsible for following good data protection practice;
  2. Everyone managing and handling personal data is appropriately trained to do so; and
  3. Everyone managing and handling personal data is appropriately supervised.

ARTICLE 10 REVIEW

This Policy will be reviewed annually by the Information Technology Division

ARTICLE 11 ENFORCEMENT

Any employee found to have violated this Policy shall be subject to disciplinary action

ARTICLE 12 POLICY COMPLIANCE

A violation of any of the constraints of this Policy or procedures will be considered a security breach and depending on the nature of the violation, various sanctions shall be taken in line with the organization’s Staff Rules and Regulations or as provided for in the contract of the implicated staff member.

CONTACT:

Director Information Technology Division COMESA Secretariat

Ben Bella Road,

P.O. Box 30051, Lusaka,

Zambia

Phone: +260 211 229725/32 /Direct: +260-211-225052 - Ext: 7439

Fax: +260 211 225107

APPROVED BY:

Secretary General

APPROVED ON: 6” August 2021 EFFECTIVE ON:

REVIEW CYCLE:

Annual (As Needed)

6