We take your privacy very seriously. This Privacy Policy describes the information and privacy practices of Commonwealth Women’s Network, Org. (CWN,” “we”, “us” or “our”) and how we handle personal information that we collect through our websites and partners link to this Privacy Policy (collectively, the “Service”), as well as through social media, our civil society activities and other activities described in this Privacy Policy. This Privacy Policy also describes your choices and rights with respect to your personal information in accordance with Commonwealth principles, CWN Governance Handbook and values and international best practice and respecting local law.
We may provide additional, different or supplemental privacy notices for specific services, or other business activities that we offer or in which we are engaged. For example, if you enroll in a foreign study program that we conduct, we may provide you with a privacy notice that governs how your personal information may be collected, used, and shared in connection with the study.
You can download a printable copy of this Privacy Policy
The CWN (hereinafter referred to as “the Secretariat”, “we”, “us”) acknowledges the right to protection of Personal Data and the respect for privacy.
This notice sets out the relevant principles and standards which guide the Secretariat's Processing of Personal Data.
This notice reflects the principles and values in the Commonwealth Charter. It follows best practice to secure human dignity and protection of human rights and fundamental freedoms in the context of a person's right to control his or her Personal Data and in the Processing of such Personal Data.
The right to the protection of Personal Data is not an absolute right: it must be balanced against other rights, interests and fundamental freedoms. For example, the right to data protection must be balanced against the right to freedom of expression, including the right to hold opinions and to receive and impart information.
(a) “Agreed Governance Handbook” means the Revised Agreed Memorandum on the establishment and functions of the Commonwealth Secretariat, last revised in 2013;
(b) “Process(es/ing/ed)” means any operation or set of operations performed on Personal Data, such as the collection, storage, preservation, alteration, retrieval, disclosure, making available, erasure, or destruction of, or the carrying out of logical and/or arithmetical operations on such data;
(c) “Personal Data” means any information that relates to (PD) an identified or identifiable individual; (d) “Third Party” means any individual, group of individuals, organisation or other entity which is not part of the CWN or its staff nor the CWN Chair.
(e) “Working Day(s)” means normal working days of CWN.
In order to ensure best practice, the Secretariat has adopted and is guided by the following overarching data protection;
(i) Legitimacy and fair Processing: Processing must be proportionate to the legitimate purpose pursued and reflect a fair balance between all interests concerned, whether public or private, and the rights and freedoms at stake.
(ii) Transparency: Personal Data must be processed fairly, and in a transparent manner (PD) when considering whether information relates to a person, we will take a number of factors into account including the content of the information, the purpose or purposes of the processing and the likely impact or effect of the processing on the individual.
(iii) Purpose limitation and Data minimisation: Personal Data must be collected for explicit, specified and legitimate purposes and not Processed in a manner which is incompatible with those purposes. It must not be excessive in relation to the purposes for which it is Processed.
(iv) Accuracy: Personal Data must be accurate and, where necessary, kept up to date.
(v) Retention and Storage Limitation: Personal Data should only be retained for as long as necessary for the purposes for which it was Processed. Once the Personal Data is no longer needed, it should be safely disposed of, archived or anonymised.
(vi) Security (Integrity and Confidentiality): Personal Data should be Processed in a manner which ensures appropriate data security, including using reasonable and proportionate technical and organisational measures in order to avoid unauthorised or unlawful Processing, loss, destruction of or damage to Personal Data.
The Secretariat has established a process in order for individuals to make requests about their Personal Data.
Individuals are able to;
(a) Be informed about the Processing of their Personal Data;
(b) Request access to Personal Data;
(c) Request to have Personal Data corrected or updated;
(d) Request to have Processing of Personal Data restricted;
(e) Request to have Personal Data deleted;
(f) Object to the Processing of Personal Data
(g) Where the Personal Data is Processed on the basis of consent, to withdraw consent.
Please use the web form accessible on our Privacy Policy webpage to make a request regarding your Personal Data.
On receipt of a request, the Secretariat may need to undertake some validation steps.
This may require: (a) Verification of identity: We may need to satisfy ourselves that we know the identity of the requester. This is in order to ensure that the Personal Data is not disclosed to an individual who has no right to access it. If a Third Party is making the request on your behalf, it is the Third Party's responsibility to provide evidence of their authority to make the request on your behalf; and/or (b) Clarification of the request: Sometimes the request made may not be clear to the Secretariat. For example, the request may be too broad for us to understand the relevant 4 action to undertake. In these cases, we may need further clarification from you regarding your request in order to deal with it.
We will aim to respond to your request within 60 working days. Where there is a justifiable reason for not responding to your request within this timeframe, we will write to you within the initial timeframe to explain the reason(s) for the delay and provide you with an updated timeframe. Where a request needs to be validated in accordance with the latter, the timescales for responding will not begin until we have the relevant means to confirm identification or until we have sufficient clarification of the request. Rejecting a Request SPDP 4. There may be some limited occasions where it is necessary to reject a request. This is where: (a) We cannot authenticate identity in accordance with SPDP 2 (a); (b) We do not receive sufficient information to clarify the request in accordance with SPD paragraph 2(b); (c) The request is too broad or excessive when balanced against the impact on the CWN's resourcing and finances. A request is too broad or excessive when balanced against the impact on the Secretariat's resourcing or finances where the time spent finding the relevant information, reading it and considering and applying appropriate redactions would be likely to take in excess of 100 hours. Where this is the case, the Secretariat may request that you narrow the scope of your request so that it comes within the appropriate limit; (d) Your Personal Data cannot be located as a result of reasonable and proportionate searches; or (e) The request is a repeat of a previous request or is vexatious. SPD paragraph 5 If SPD paragraphs 4 applies to your request, the Secretariat will contact you to let you know the reason why it has rejected your request. This will be done within 60 working days. You have the opportunity to request a review of this decision, in accordance with SPD paragraph 7 below. Exemptions SPD paragraph 6 Where SPD paragraph 4 does not apply, and then your request will be considered and actioned. However, you should be aware that there are relevant exemptions from the rights set out at SPD paragraph 2 which may apply, depending on the circumstances.
Like many companies, we use services that help deliver interest-based ads to you, as we have described above. Our use of some of these services may be classified under Government law as “Sharing” of your Personal Information from which you have the right to opt-out as described below in our Notice of the Right to Opt-Out of the Sale/Sharing of Your Personal Information.
Personal information that we collect, use and disclose.
The chart below summarizes the Personal Information we may collect by reference to the statutory categories of Personal Information specified in the CCPA, and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The categories of personal information, sources, purposes of collection/use/disclosure and third parties listed in the chart below are described in more detail above. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.
We may also share the categories of personal information described above with our professional advisors, authorities and others and business transferees as described above in How we share your personal information.
Data Retention.
As discussed above, we generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.
Notice of Right to Requests to Delete, Requests to Correct, and Requests to Know
Right to Information, Access, Correction and Deletion.
The information provided in this “Notice to European users” section applies only to individuals in the European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland, which we refer to in this notice collectively as “Europe”.
Personal information.
References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller.
Glow is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation (including, the EU GDPR and the so-called ‘UK GDPR’ (as and where applicable, the “GDPR”)). See the ‘How to contact us’ section above for our contact details.
Data Protection Officer.
We have appointed a “Data Protection Officer”, this is a person who is responsible for independently overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Privacy Policy). If you want to contact our Data Protection Officer directly, you can email: cbwadataprotectionofficer@cbwa-sl.org.
Legal bases for processing.
We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
Use for new purposes.
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information.
Where the collection of your sensitive personal information is required to operate the Service, we obtain your explicit consent to collect such information about you. Sensitive information includes information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership. You are free to make sensitive information public on the Community Forum (such as your political opinions and religious beliefs) but remember that this information is visible to other users.
Automated Decision-Making and Profiling.
We are not making automated decisions about you. We may use profiling in regard to your personal information required to operate some of our services, for example, to the extent needed to predict health-related effects that you may experience from one month to the other. You can object to such profiling by contacting us at support@cbwa-sl.org
Your rights.
European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
Exercising These Rights.
You may submit these requests by email to privacy@cbwa-sl.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Your Right to Lodge a Complaint with your Supervisory Authority.
. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.
Cross-border data transfer.
After collecting personal information directly from you, we further transfer your personal information to some recipients which may be located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under EEA/UK data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.
Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). For example, the United States is a Restricted Country. Where we transfer your personal information to a recipient in a Restricted Country, we will either:
info@Commonwealthwomennetworkorg