WCO Identity and Access Management Server - Cookie Policy

About WCO Identity and Access Management Server

WCO Identity and Access Management Server (referred to as “WCO IAM” within this policy) is the Identity and Access Management that allows users to connect through the different online services of the WCO connected to this system.

Without being limitative, the WCO IAM is currently used for the following websites:

• WCO Bookshop
• WCO TradeTools

Cookie Policy

WCO IAM uses cookies so that it can provide the best user experience for you and identify you for security purposes.

How does WCO IAM process cookies?

WCO IAM stores and retrieves information on your browser using cookies. This information is used to provide a better experience. These cookies serve the primary purposes of allowing a user to log in to the system, maintaining sessions, and keeping track of activities you do within the login session.

The primary purpose of some cookies used in WCO IAM is to personally identify you as this is the main function of the WCO IAM. However the cookie lifetime ends once your session ends i.e., after you log-out, or after the session expiry time has elapsed.

Some cookies are simply used to give you a more personalised web experience and these cookies can not be used to personally identify you or your activities.

This cookie policy is part of the WCO IAM Notice on Personal Data Protection.

What is a cookie?

A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we use the term “cookies” to discuss all of these technologies.

What does WCO IAM use cookies for?

Cookies are used for two purposes in WCO IAM.

1. To identify you and provide security accross the applications of the WCO associated with this IAM (as this is the main function of WCO IAM).
2. To provide a satisfying user experience.

WCO IAM uses cookies for the following purposes listed below.

Preferences

WCO IAM uses these cookies to remember your settings and preferences, and to auto-fill the form fields to make your interactions with the site easier.

These cookies can not be used to personally identify you.

Security

• WCO IAM uses selected cookies to identify and prevent security risks. For example, WCO IAM may use these cookies to store your session information in order to prevent others from changing your password without your username and password.
  
  
• WCO IAM uses session cookies to maintain your active session.
  
  
• WCO IAM may use temporary cookies when performing multi-factor authentication and federated authentication.
  
  
• WCO IAM may use permanent cookies to detect that you have previously used the same device to log in. This is to calculate the “risk level” associated with your current login attempt. This is primarily to protect you and your account from possible attack.

Performance

WCO IAM may use cookies to allow “Remember Me” functionalities.

Analytics

WCO IAM on its own does not use cookies for analytical purposes.

Third party cookies

Using WCO IAM may cause some third-party cookies to be set in your browser. WCO IAM has no control over how any of them operate. The third-party cookies that may be set include:

• Any social login sites. For example, third-party cookies may be set when WCO IAM is configured to use “social” or “federated” login, and you opt to login with your “Social Account”.
• Any third party federated login.

WCO strongly advises you to refer to the respective cookie policy of such sites carefully as WCO has no knowledge or use on these cookies.

What type of cookies does WCO IAM use?

WCO IAM uses persistent cookies and session cookies. A persistent cookie helps WCO IAM to recognize you as an existing user so that it is easier to return to the Identity and Access Management (or any application of the WCO connected to it) or interact with WCO IAM without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by WCO IAM when you return to WCO IAM.

A session cookie is a cookie that is erased when the user closes the web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user's computer.

How do I control my cookies?

Most browsers allow you to control cookies through their settings preferences. However, if you limit the given ability for websites to set cookies, you may worsen your overall user experience since it will no longer be personalized to you. It may also stop you from saving customized settings like login information. On some specific occasions it may also prevent you from accessing some information from the applications of the WCO.

Most likely, disabling cookies will make you unable to use authentication and authorization functionalities offered by WCO IAM.

If you have any questions or concerns regarding the use of cookies, please contact WCO's Data Protection Officer.

What are the cookies used?

Cookie Name	Purpose	Retention
JSESSIONID	To keep your session data in order to give you a good user experience.	Session
MSGnnnnnnnnnn	To keep some messages that are shown to you in order to give you a good user experience. The “nnnnnnnnnn” reference in this cookie represents a random number e.g., MSG324935932.	Session
requestedURI	The URI you are accessing.	Session
current-breadcrumb	To keep your active page in session in order to give you a good user experience.	Session