Women20 (W20) is committed to protecting the personal data of users of its websites, which are an essential tool for advancing our mission and programme of work.

This privacy policy describes the types of personal data we collect, how we use it, who has access and for how long. It also provides information on the rights provided to website users under our data protection rules. Some activities supported by our websites are further subject to specific data protection notices.

How we collect and use personal data

We collect personal data through the use of our websites in two ways: data you directly provide to us and data generated by your activity on the website.

Data you directly provide: You can choose to voluntarily provide us personal data in the context of registering, subscribing to online newsletters. This data enables us to provide the services you have requested and may include your name, physical address, email address, phone number.

Data generated by your activity: In order to ensure the effective functioning and security of our website and to better understand visitor behavioural patterns, as you browse our website we automatically collect:

• Log information such as the pages you visit, the time/date of your visit as well as your internet protocol (IP) address, and
• Device and software information such as your browser specifications and operating system,

This information is collected through the use of various technologies, including cookies which are small text files stored in your browser. If you have registered and are logged-in, your browsing activity is linked to your user credentials so that we can personalise your experience on our websites, including for future visits.

 Access and storage

In general, access to your personal data is limited to appropriate staff within the organisation. In some circumstances we make your data available outside the W20, such as for:

• Analytics: We use third-party services Google Analytics to help us understand visitor behaviour by allowing the service access to the data generated by your activity and store it using cookies. This data is processed in a way that does not directly identify you.
• Email communications: We use third party services on various platforms each year, depending on the Presidency that year, eg MailChimp,for sending bulk email communications such as newsletters, platform alerts, and event notifications. These services store contact information that you provide to us via W20 as well as information about your interactions with these emails; such as opens and clicks.
• Online surveys: We occasionally use the Presidency’s chosen survey platform, such as Survey Monkey, to run online surveys of user views.
• Online communities: We occasionally use third party services to provide you online networking environments. These services store contact information that you provide and data generated by your activity and store it using cookies.

Data you provide directly is typically kept until either (1) you unsubscribe from the service requested or until (2) two years after your last transaction. We store data about your activity on our websites for two years, after which time it is deleted. We keep data on email activity for two years, after which time it is deleted.

Links to other websites

Where we provide links to websites of other organisations, this privacy policy does not cover how those organisations processes personal data. For example, we link to our profiles on a number of social media platforms such as Twitter, Facebook, LinkedIn, Instagram and YouTube. We are not responsible for the privacy policies or content on third-party websites and encourage you to read the privacy notices of other websites you visit.

Additional rules on personal data processing

Below are additional rules and practices of personal data processing for W20, which apply as well to the entities and bodies within the W20 framework such as the current Presidency and future Presidencies, where there are no specific rules listed on their own websites. For example, where https://w20brazil.org.br/ website has their own Privacy Policy and Cookie Policy then that applies to their website and these rules apply to the global Women20 website https://www.women20.org. Where a Presidency does not have their own Privacy and Cookie Policy then these rules will apply.

Personal Data being processed

The W20 and the entities and bodies within the W20 framework process personal data in the course of delivering their respective public interest missions. W20 -processes data regarding users of W20 websites, which is described in the privacy policy and visitors to the organisation as described in this notice. Similarly, the entities and bodies within the W20 framework may process data as described in the privacy policies on their respective websites.

Other types of processing include data needed to facilitate participation in meetings and events, and to access and comment on documents. Personal data may also be processed as part of the evidence gathering process to support policy making, for example, through surveys of individuals. Such data uses may be the subject of separate data protection notices as appropriate.

The W20’s Data Protection Rules

All W20 Delegates are required to implement transparent and appropriate measures to protect individuals in relation to the processing of their personal data. The W20 Data Protection Rules apply to the processing of personal data by or on behalf the W20.

The Rules require that personal data be processed in a transparent manner for legitimate purposes to deliver the relevant mission and work programme. Personal data are to be adequate, relevant, kept up-to-date, limited to what is needed and retained for no longer than necessary. The Rules also require that the responsible staff ensures that contractors processing personal data on W20’s behalf provide guarantees on the implementation of appropriate technical and organisational measures. There are significant limitations related to the processing of special category personal data, and for high-risk processing.

Risk Assessment is mandatory, with data protection by design and default integrated into the process. Security risks are addressed through technical and organisational measures reasonably appropriate to the risk. In the event of a personal data breach, notification requirements would be triggered. Personal data can only be transferred outside the organisation subject to appropriate safeguards that should ensure, in particular, effective data subject rights and legal remedies.

Individual Rights

The Rules provide rights for individuals with respect to their personal data. In addition to transparency and information, those rights cover access, rectification, erasure, and objection, which individuals can assert directly with the responsible staff. There is also a process for settling claims submitted by individuals.

Implementation and Oversight

As an accountable organisation, the W20 has developed a Privacy Management Programme to structure its approach to implementing its Rules.

The W20 Data Protection Commissioner (DPC) is the current year’s Presidency’s Head of Delegation. She enforces the Rules, with powers of investigation and correction to be exercised in full independence during a five-year fixed term of their Presidency.

The Data Protection Officer (DPO) is the Co-Head of the Presidency Delegation, or where there is none the Chair of the Presidency Delegation, and provides information and advice to individuals, as well as exercising an independent compliance role to support the DPC.

How to contact us or exercise your rights

Under our data protection rules, you have rights to access and rectify your personal data, as well as to object to its processing, request erasure, and obtain data portability in certain circumstances. To exercise these rights in connection with your use of this website please contact the DPO or DPC below.

Data Protection Officer (DPO): Adriana Carvalho, contato@w20brazil.org.br

Data Protection Commissioner (DPC): Janaina Gama, contato@w20brazil.org.br

W20 is not responsible for certain events outside our control

W20, and the current year’s W20 Presidency, is not responsible for certain events unrelated to the use of the W20 website and iSAW portal:

1. a) Equipment infected or invaded by attackers;
2. b) Equipment damaged at the time-of-service consumption;
3. c) Computer protection;
4. d) Protection of information based on users’ computers;
5. e) Abuse of users’ computer use;
6. f) Illegal monitoring of users’ computers;
7. g) Existing vulnerabilities or instabilities in users’ systems;
8. h) Insecure perimeter.

Under no circumstances will the W20 or W20 Presidency be responsible for the installation of malicious codes (viruses, trojans, malware, worms, bots, backdoors, spyware, rootkits, or any others that may be created) on the user’s equipment or that of third parties, resulting from the user’s internet browsing.

Cookie Policy

To improve your experience on the platform and provide personalized services, we use cookies.

Strictly necessary cookies:

These cookies enable core functionality such as security, identity verification, and network management. These cookies cannot be deactivated in our systems. Although they are necessary, you can block these cookies directly in your browser, but this may compromise your experience and impair the website’s functionality.

Performance cookies:

They aim to improve the performance of the website by collecting anonymized data on navigation and use of available resources. If you do not allow the collection of these cookies, this data will not be used to improve the website.

Third-party cookies:

The W20 website depends on services offered by third parties that allow W20 and users to:

• Improve information campaigns;
• Offer interactive content;
• Improve usability and facilitate content sharing on social networks;
• Watch videos and animated presentations directly on the W20 portal.

The third-party cookies on the W20 website are all Google advertising and multimedia cookies. These third parties will also collect and use browsing data for their own purposes. The user can deactivate them directly on the Google website.

• Google’s official third-party cookie advisory (https://policies.google.com/technologies/cookies?hl=en-US  ).
• Google Policy (https://policies.google.com/privacy?hl=en-US ).

Google Analytics on the W20 website may have advertising reporting features enabled, which collects additional information, such as web activity and device advertising IDs (app activity) (https://support.google.com/ analytics/answer/2799357)

The W20 website has no control over which third-party cookies are activated. Some third-party cookies that may be found when accessing the portal:

Domains- Google, Youtube.

Setting cookies in the browser- You can disable them by changing your browser settings.

To manage cookies, one alternative is configuring the browser. Tutorials on the topic can be found in the links below:

If you use Internet Explorer

If you use Firefox

If you use Safari

If you use Google Chrome

If you use Microsoft Edge

If you use Opera

Information on Cookies used for social networks

The W20 portal incorporates videos and other media files from Instagram, YouTube, and Google. Users can search for more information about the cookies used by these social networks and how personal data is processed by them. Below are links to access the Privacy Policies of each social network.

Instagram

Youtube

Google

Twitter

Last updated: 1^st May, 2024