LOGO CWN
  • HOME
    • WHO WE ARE
    • WHAT WE DO
    • OUR NETWORKS
    • WHERE WE WORK
    • RESOURCES
    • EVENTS
  • Button link
  • CWN PORTAL
  • CONTACT

COMMONWEALTH WOMEN'S NETWORK
Privacy Policy

We take your privacy very seriously. This Privacy Policy describes the information and privacy practices of Commonwealth Women’s Network, Org. (CWN,” “we”, “us” or “our”) and how we handle personal information that we collect through our websites and partners link to this Privacy Policy (collectively, the “Service”), as well as through social media, our civil society activities and other activities described in this Privacy Policy. This Privacy Policy also describes your choices and rights with respect to your personal information in accordance with Commonwealth principles, CWN Governance Handbook and values and international best practice and respecting local law.

We may provide additional, different or supplemental privacy notices for specific services, or other business activities that we offer or in which we are engaged. For example, if you enroll in a foreign study program that we conduct, we may provide you with a privacy notice that governs how your personal information may be collected, used, and shared in connection with the study.

You can download a printable copy of this Privacy Policy

Approach to Data Protection

The CWN (hereinafter referred to as “the Secretariat”, “we”, “us”) acknowledges the right to protection of Personal Data and the respect for privacy. This notice sets out the relevant principles and standards which guide the Secretariat's Processing of Personal Data.
This notice reflects the principles and values in the Commonwealth Charter. It follows best practice to secure human dignity and protection of human rights and fundamental freedoms in the context of a person's right to control his or her Personal Data and in the Processing of such Personal Data.
The right to the protection of Personal Data is not an absolute right: it must be balanced against other rights, interests and fundamental freedoms. For example, the right to data protection must be balanced against the right to freedom of expression, including the right to hold opinions and to receive and impart information.

Definitions

(a) “Agreed Governance Handbook” means the Revised Agreed Memorandum on the establishment and functions of the Commonwealth Secretariat, last revised in 2013;
(b) “Process(es/ing/ed)” means any operation or set of operations performed on Personal Data, such as the collection, storage, preservation, alteration, retrieval, disclosure, making available, erasure, or destruction of, or the carrying out of logical and/or arithmetical operations on such data;
(c) “Personal Data” means any information that relates to (PD) an identified or identifiable individual; (d) “Third Party” means any individual, group of individuals, organisation or other entity which is not part of the CWN or its staff nor the CWN Chair.
(e) “Working Day(s)” means normal working days of CWN.

Data Protection

In order to ensure best practice, the Secretariat has adopted and is guided by the following overarching data protection;
(i) Legitimacy and fair Processing: Processing must be proportionate to the legitimate purpose pursued and reflect a fair balance between all interests concerned, whether public or private, and the rights and freedoms at stake.
(ii) Transparency: Personal Data must be processed fairly, and in a transparent manner (PD) when considering whether information relates to a person, we will take a number of factors into account including the content of the information, the purpose or purposes of the processing and the likely impact or effect of the processing on the individual.
(iii) Purpose limitation and Data minimisation: Personal Data must be collected for explicit, specified and legitimate purposes and not Processed in a manner which is incompatible with those purposes. It must not be excessive in relation to the purposes for which it is Processed.
(iv) Accuracy: Personal Data must be accurate and, where necessary, kept up to date.
(v) Retention and Storage Limitation: Personal Data should only be retained for as long as necessary for the purposes for which it was Processed. Once the Personal Data is no longer needed, it should be safely disposed of, archived or anonymised.
(vi) Security (Integrity and Confidentiality): Personal Data should be Processed in a manner which ensures appropriate data security, including using reasonable and proportionate technical and organisational measures in order to avoid unauthorised or unlawful Processing, loss, destruction of or damage to Personal Data.

Requests regarding your Personal Data

The Secretariat has established a process in order for individuals to make requests about their Personal Data. Individuals are able to;
(a) Be informed about the Processing of their Personal Data;
(b) Request access to Personal Data;
(c) Request to have Personal Data corrected or updated;
(d) Request to have Processing of Personal Data restricted;
(e) Request to have Personal Data deleted;
(f) Object to the Processing of Personal Data
(g) Where the Personal Data is Processed on the basis of consent, to withdraw consent.

Submitting a request regarding your Personal Data

Please use the web form accessible on our Privacy Policy webpage to make a request regarding your Personal Data.
On receipt of a request, the Secretariat may need to undertake some validation steps. This may require: (a) Verification of identity: We may need to satisfy ourselves that we know the identity of the requester. This is in order to ensure that the Personal Data is not disclosed to an individual who has no right to access it. If a Third Party is making the request on your behalf, it is the Third Party's responsibility to provide evidence of their authority to make the request on your behalf; and/or (b) Clarification of the request: Sometimes the request made may not be clear to the Secretariat. For example, the request may be too broad for us to understand the relevant 4 action to undertake. In these cases, we may need further clarification from you regarding your request in order to deal with it. We will aim to respond to your request within 60 working days. Where there is a justifiable reason for not responding to your request within this timeframe, we will write to you within the initial timeframe to explain the reason(s) for the delay and provide you with an updated timeframe. Where a request needs to be validated in accordance with the latter, the timescales for responding will not begin until we have the relevant means to confirm identification or until we have sufficient clarification of the request. Rejecting a Request SPDP 4. There may be some limited occasions where it is necessary to reject a request. This is where: (a) We cannot authenticate identity in accordance with SPDP 2 (a); (b) We do not receive sufficient information to clarify the request in accordance with SPD paragraph 2(b); (c) The request is too broad or excessive when balanced against the impact on the CWN's resourcing and finances. A request is too broad or excessive when balanced against the impact on the Secretariat's resourcing or finances where the time spent finding the relevant information, reading it and considering and applying appropriate redactions would be likely to take in excess of 100 hours. Where this is the case, the Secretariat may request that you narrow the scope of your request so that it comes within the appropriate limit; (d) Your Personal Data cannot be located as a result of reasonable and proportionate searches; or (e) The request is a repeat of a previous request or is vexatious. SPD paragraph 5 If SPD paragraphs 4 applies to your request, the Secretariat will contact you to let you know the reason why it has rejected your request. This will be done within 60 working days. You have the opportunity to request a review of this decision, in accordance with SPD paragraph 7 below. Exemptions SPD paragraph 6 Where SPD paragraph 4 does not apply, and then your request will be considered and actioned. However, you should be aware that there are relevant exemptions from the rights set out at SPD paragraph 2 which may apply, depending on the circumstances.

10. How to contact us

Contact us

11. Notice At Collection

Like many companies, we use services that help deliver interest-based ads to you, as we have described above. Our use of some of these services may be classified under Government law as “Sharing” of your Personal Information from which you have the right to opt-out as described below in our Notice of the Right to Opt-Out of the Sale/Sharing of Your Personal Information.

Personal information that we collect, use and disclose.
The chart below summarizes the Personal Information we may collect by reference to the statutory categories of Personal Information specified in the CCPA, and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The categories of personal information, sources, purposes of collection/use/disclosure and third parties listed in the chart below are described in more detail above. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.

Statutory_category Statutory_category Statutory_category

We may also share the categories of personal information described above with our professional advisors, authorities and others and business transferees as described above in How we share your personal information.

Data Retention.
As discussed above, we generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

Notice of Right to Requests to Delete, Requests to Correct, and Requests to Know
Right to Information, Access, Correction and Deletion.

  • Information. You have the Right to Know what personal information we have collected about you, including the categories of information detailed below. You can request the following information about how we have collected and used your Personal Information on or after January 1, 2023:
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting, selling or sharing Personal Information.
    • The categories of third parties with whom we share personal information.
    • The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
    • The specific pieces of personal information we have collected about you.
  • Access. You have the right to request a copy of the Personal Information that we have collected about you.
  • Correction. You have the right to ask us to Correct the Personal Information that we have collected from you if it is inaccurate.
  • Deletion. You have the right to ask us to delete the Personal Information that we have collected. Note that we will comply with such a request regardless of whether you are located in California or elsewhere and we will complete the deletion within forty-five days. You may submit requests to exercise your Right To Know, Right To Correct and Right To Deletion of information we have collected and maintained about you described above via email to privacy@cbwa-sl.org.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the privacy laws of the state where you reside.
  • Deidentified data. We do not to attempt to reidentify deidentified information that we derive from personal information, except that we may do so to test whether our deidentification processes comply with applicable law.
  • Information for Authorized Agents You can authorize an agent to exercise your state privacy rights on your behalf. To submit a request to us as Authorized Agent, please email us at privacy@cbwa-sl.org. . Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of proof that the consumer gave the agent signed permission to submit the request or proof that you have provided the authorized agent with power of attorney.
  • Notice to Users from province other than Freetown. As noted above, we generally apply the opt out and other provisions of this privacy policy to all users, regardless of whether they are residents of Freetown or otherwise. Those provisions are intended to comply not only with the requirements of Freetown city law, but also with the requirements of recently enacted Bo, Kono, Kanema and western city law regardless of whether they are currently effective. We will interpret our promises above broadly so that opting out of the use of Sensitive Personal Information will also implement an opting out of profiling under Kono law, and the term “sharing” will include “processing for targeted advertising” as used in Bo law. In addition, we will respond to any requests to appeal our privacy decisions that comply with Virginia law in accordance with our obligations thereunder.

12. Notice to European users

The information provided in this “Notice to European users” section applies only to individuals in the European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland, which we refer to in this notice collectively as “Europe”.

Personal information.
References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller.
Glow is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation (including, the EU GDPR and the so-called ‘UK GDPR’ (as and where applicable, the “GDPR”)). See the ‘How to contact us’ section above for our contact details.

Data Protection Officer.
We have appointed a “Data Protection Officer”, this is a person who is responsible for independently overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Privacy Policy). If you want to contact our Data Protection Officer directly, you can email: cbwadataprotectionofficer@cbwa-sl.org.

Legal bases for processing.
We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Legal bases for processing.

Use for new purposes.
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information.
Where the collection of your sensitive personal information is required to operate the Service, we obtain your explicit consent to collect such information about you. Sensitive information includes information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership. You are free to make sensitive information public on the Community Forum (such as your political opinions and religious beliefs) but remember that this information is visible to other users.

Automated Decision-Making and Profiling.
We are not making automated decisions about you. We may use profiling in regard to your personal information required to operate some of our services, for example, to the extent needed to predict health-related effects that you may experience from one month to the other. You can object to such profiling by contacting us at support@cbwa-sl.org


Your rights.
European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be described to you, if applicable, at the time of your request.
  • Portability. Port a machine-readable copy of your personal information to you or a third party of your choice, in certain circumstances. Note that this right only applies to automated information for which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Restrict. Restrict the processing of your personal information, if, (i) you want us to establish the personal information’s accuracy; (ii) where our use of the personal information is unlawful but you do not want us to erase it; (iii) where you need us to hold the personal information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
  • Object. Object to our processing of your personal information where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedom – you also have the right to object where we are processing your personal information for direct marketing purposes.
  • Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising These Rights.
You may submit these requests by email to privacy@cbwa-sl.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.

Your Right to Lodge a Complaint with your Supervisory Authority.
. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

Cross-border data transfer.
After collecting personal information directly from you, we further transfer your personal information to some recipients which may be located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under EEA/UK data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.
Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). For example, the United States is a Restricted Country. Where we transfer your personal information to a recipient in a Restricted Country, we will either:

  • enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable);
  • rely on other appropriate means permitted by the EU GDPR/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal information against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

You may ask for a copy of such appropriate data transfer agreements by contacting us using the contact details below.

info@Commonwealthwomennetworkorg