GDPR

Learn about our commitment to data privacy and processing.

01: Data Management

Explore what data Without Code manages and collects about you and your site visitors.

02: Cookies

Learn about how we use cookies. What are cookies and how do they apply to GDPR?

01: Data Management

Action-Obesity Africa may collect automatically received browser or mobile platform information, including your location, IP address, cookie information, and activity on the site. Analytics, including IP addresses are anonymized wherever possible. This information is processed in order to enhance the functionality of this site and services.

Finally, our website creation component, acts as a sub-processor for some of your data, including analytics information, contact form submissions.

How does Action-Obesity Africa collect and store site visitors information?

Personal information collected by us about site visitors is used for operational needs to provide the service; this is never shared externally. Analytics, contact form submissions.

• Analytics: This includes Google Analytics and other internal analytics. The IP's are anonymized, and they can also be disabled; send the Wits Health HUBB team an email requesting this.
• Contact Form: When you submit a contact form to our site, the submitted personal information will be stored. This allows us to retrieve form responses but can be deleted at any time.

How do I update or delete my data?

Any requests for update or deletion can be made to Action-Obesity Africa at any point. We will provide written confirmation that this has been updated or removed from our system, as well that the relevant items have been update or removed from our web creation component.

• Contact Form : Send  us an e-mail requesting deletion of your form responses, and we will provide written confirmation that this has been done.

International Transfer of Data

Overview

We may transfer and process your data, out of the EU and/or Switzerland to another country. This transfer is required for additional resources provided on our website. According to the GDPR, you are known as the data exporter, ACTION-OBESITY AFRICA is known as the data importer, while our website creation component and other third-party companies act as sub-processors on our behalf. Through Standard Contractual Clauses (SCC), you agree to allow us to transfer your data on your behalf and we guarantee that Action-Obesity Africa along with sub-processors, provide an adequate level of data protection. As well, the SCCs lay out the path for claim of compensation for website users.



Data Processing Agreement

Obtain a Data Processing Agreement (DPA) and the relevant SCCs between Action-Obesity Africa, as the Data Importer and you, as the Data Exporter;

Request Data Processing Agreement here.

Request Standard Contractual Clauses here.

(Please note that the SCC must be signed in conjunction with the DPA above and sent to us by e-mail)

Sub-processors

The Action-Obesity Africa's site builder platform uses the following sub-processors for the core application, as well as supporting systems. You may request a copy of a signed agreement between the Site Builder and a sub-processor by emailing gudani.mukoma@wits.ac.za. Costs will apply and for your account. In the event that a sub-processor provides their agreements in their Terms of Use or Privacy Policy, we will send the relevant URL for your reference.

Core Application

Siteground (SG Hosting Inc.)

Cloud Hosting & Data Storage (app.wocode.com), Email Hosting

Data Location: Iowa, USA

Duda, Inc.

Cloud Website Creation and Hosting Services 

Location: California, USA

Google Inc.

Cloud Hosting & Data Storage (WOC Media Drive), Visitor Analytics

Location: California, USA

Stripe, Inc.

Payment Processing and Card Storage

Location: California, USA

Supporting Systems

Help Scout (Help Scout PBC)

Customer Support and Ticketing

Location: Boston, USA

Dropbox, Inc.

Cloud File Storage

Location: California, USA

JotForm, Inc.

Data Collection Forms (Customer Communication

Location: California, USANew Paragraph

SendGrid (Owned by Twilio, Inc.)

Email Delivery Services

Location: California, USA

Xero, Inc

Purpose: Cloud Based Accounting & Bookkeeping

Location: New Zealand

Supporting Systems

Slack Technologies, Inc. 

Customer & Internal Communications

Location: California, USA

Tucows.com Co.

Email Hosting Services

Location: Toronto, Canada

Facebook, Inc.

Advertising

Location: California, USA

Campaign Monitor

Email Marketing / Communications

Location: New South Wales, Australia

HelloSign

Contract Delivery and Signatures

Location: California, USA

02: Cookies

What are cookies and how do they apply to GDPR?

Cookies are small data files that are stored on a users computer when they visit a website. They contain data specific to that user or website and are often used to track a user's progress through a site (e.g. the items in their cart during a checkout) or to record browsing activity / analytics such as which buttons are clicked, or what pages they have visited in the past.

Cookie policy is not governed by the GDPR, rather the ePrivacy Directive. For the purpose of this article we will refer to the requirements related to cookies as the Cookie Law.

What is the Cookie Law?

The Cookie Law requires that website visitors give consent prior to a third-party cookie being placed on their computer (first-party cookies are exempt). This is typically achieved through the use of a banner or notification informing users of the websites Cookie Policy. Consent must be a clear and defined action. Common consent actions may include:

• Navigating beyond a cookie banner or scrolling through the page
• Clicking a button agreeing to the cookie policy
• Closing or dismissing the banner

Your Cookie Policy must detail the purpose for the installation of cookies, and outline the category and purpose of all third-party cookies, including links to their respective privacy policies. You are not required to list each individual third-party cookie.

What are exempt (or first-party) cookies?

First-party cookies are exempt from the consent requirements, and can be placed on a computer without prior consent. Cookies that fall into this category are typically those used to remember user's data and preferences. These may include:

1. Cookies that are necessary to provide the requested service, such as session ID cookies, authentication cookies, UI customisation cookies and social media content sharing cookies.
2. Statistical cookies that are managed by your business and are not used for personal data tracking (i.e. cannot be used to identify a specific user).

What are third-party cookies?

Overview

Third-party cookies are those set and controlled by companies outside of your own. These typically include cookies for advertisements, analytics or embedded services (such as video or audio players). Consent is required before your website can place a third-party cookie on a user's website.

We are not required to list each individual third-party cookie used on our site. The law does not require us to manage consent for all third-party cookies directly, but rather inform you as a users of their usage and link to their individual privacy policies. This approach gives you as a user the ability to disable / withdraw consent through the individual service providers.

Read about our Cookie Declaration

All major third-party service providers have integrated GDPR compliant options into their services.

For example, YouTube videos on this site has been embedded using "Privacy-Enhanced mode" to avoid the use of tracking cookies.

Google Analytics may track personal user data, such as IP addresses and geographic information. This is considered personally identifiable information and is subject to prior consent. To avoid this, we enabled IP anonymization through Google tag manager.