Privacy Policy

Effective Date: 10/02/2024
Last Updated: 11/20/2025

1. Who We Are

This Privacy Policy applies to the Organization for the Smallest Economies in the World (“OSEW”, “we”, “us”, “our”).

OSEW is an international, not-for-profit, non-governmental organization incorporated in:

Organization for the Smallest Economies in the World Inc. (OSEW)
99 Wall Street, #1493
New York, NY 10005
United States
EIN: 32-0791473
E-mail: info@osew.org

OSEW works to support the socio-economic development of 93 of the world’s smallest economies.

This Privacy Policy applies to:

• the website https://www.osew.org (the “Site”),
• OSEW programs, events, registrations, surveys, online forms, newsletters, communications, and partner activities (collectively, the “Services”).

By using our Site or Services, you agree to this Privacy Policy.

2. The Personal Data We Collect

We collect the following categories of personal data depending on how you interact with us:

2.1. Information You Provide to Us

• Contact information: name, email address, organization, position, phone number, photo.
• Event and meeting registration data
• Survey responses (including WTO–OSEW Forum responses)
• Application or partnership information (e.g., universities, hubs, ministries, missions)
• Newsletter subscriptions
• Correspondence sent to us via email or forms
• Documents voluntarily submitted (e.g., CVs, proposals, academic materials)

2.2. Automatically Collected Information

• IP address
• Browser type, device type, OS
• Pages visited, time spent on site, referring URL
• Cookies and tracking technologies (see Section 10)
• We do not intentionally collect data from children under 13.

3. Purposes for Processing Personal Data

• We process personal data for the following purposes:
• To operate the Site and provide Services
• To respond to enquiries sent via contact form or email
• To organize programs such as the WTO–OSEW Trade Empowerment Forum
• To send newsletters and informational updates (with consent, where required)
• To conduct surveys, consultations, and research relevant to small economies
• To coordinate academic, governmental, and institutional partnerships
• To maintain event records and provide follow-up materials
• To improve our website and analytics
• To comply with legal obligations
• To ensure the security of our systems, data, and users

4. Legal Bases for Processing (GDPR, UK GDPR, LGPD)

• For individuals in the EU/EEA, UK, and Brazil, we rely on:

4.1. Consent

• For newsletters, optional surveys, cookies (where required), and certain partner communications.

4.2. Legitimate Interests

• To operate our NGO, run programs, engage with governments and universities, conduct research, and maintain our website.

We ensure our interests do not override your rights.

4.3. Contract

If we enter into agreements with institutions, partners, or service providers.

4.4. Legal Obligation

To comply with U.S. and international nonprofit-sector requirements.

5. How We Share Personal Data

We may share data with:

5.1. Service Providers

Strictly for performing services on our behalf (e.g., email newsletter providers, analytics, website hosting).

5.2. Program Partners

Including universities, governmental institutions, international organizations, and regional hubs that participate in OSEW initiatives.

We share only what is necessary for program coordination.

5.3. Event or Forum Participation

If you participate in OSEW or WTO–OSEW events, your name, affiliation, or public contribution (e.g., survey responses) may be shared with relevant program stakeholders.

5.4. Legal Requirements

We may disclose data if required by law, regulation, court order, or to protect our rights.

We do not sell personal data.

6. International Data Transfers

OSEW is headquartered in New York, USA, and our operations involve partners across 93 countries.

If you are located outside the United States, your data may be transferred to the United States or to other countries where our partners operate.

Where required (e.g., EU/EEA or UK), we use:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Appropriate safeguards recognized under GDPR or equivalent laws

By using our Site or Services, you acknowledge that your data may be processed in jurisdictions with different data-protection laws than your home country.

7. Data Retention

We retain data only for as long as necessary:

• Contact and inquiry data: up to 3 years
• Newsletter subscribers: until you unsubscribe
• Event and forum data: 3–5 years, unless longer retention is justified
• Analytics data: according to cookie provider policies

• Legal or compliance-related data: as required by law
• When retention ends, data is securely deleted or anonymized.

8. Your Rights

Depending on your location (e.g., EU/EEA, UK, Brazil, certain U.S. states), you may have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion
• Restrict or object to processing
• Withdraw consent at any time
• Receive a copy of your data (data portability)
• Lodge a complaint with your local supervisory authority

To exercise any rights, contact us at info@osew.org

We may require proof of identity before fulfilling requests.

9. Security

We apply reasonable technical and organizational measures to protect personal data, including:

• encrypted communication (HTTPS)
• restricted system access
• secure storage and deletion policies
• monitoring for unauthorized access

However, no system is fully secure, and we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

Our Site may use:

• essential cookies (necessary for operation)
• analytics cookies (e.g., Google Analytics or similar tools)
• third-party embedded content (e.g., maps, videos, forms)

Depending on your jurisdiction, we may display a cookie consent banner allowing you to opt in or out of non-essential cookies.

You can manage cookies via your browser settings at any time.

11. Third-Party Links

Our Site may contain links to external websites or platforms.

OSEW is not responsible for the privacy practices of external sites.

We encourage you to review their privacy policies.

12. Children’s Privacy

We do not knowingly collect personal data from children under:

• 13 years old (United States COPPA standard)
• 16 years old (EU/UK GDPR standard)

If you believe we have collected such data, contact info@osew.org and we will promptly delete it.

13. Updates to This Policy

We may update this Privacy Policy from time to time.

If substantial changes are made, we will:

• update the effective date
• post the revised policy on this page
• notify users via our Site or email if appropriate

14. Additional Disclosures for U.S. State Privacy Laws and Other Jurisdictions

This Section applies to individuals located in U.S. states with comprehensive privacy laws (including, where applicable: California, Colorado, Connecticut, Utah, Virginia, Oregon, and Texas), and to individuals in jurisdictions that grant similar statutory privacy rights.

These rights apply in addition to the rights described in Section 8 of this Privacy Policy.

14.1. Categories of Personal Data We Collect

Depending on your interaction with OSEW, we may collect the following categories of personal data as defined under applicable U.S. state privacy laws:

• Identifiers (e.g., name, email address, contact information)
• Professional or organizational information (e.g., affiliation, position)
• Internet or network activity (e.g., IP address, browser type, site usage data)
• Geolocation information (approximate, derived from IP address)
• Audio, visual, or communication content voluntarily provided to us
• Survey responses, registration data, and program participation data
• Inferred data used to understand user engagement or preferences

We do not collect biometric data, financial information, or precise geolocation.

14.2. Sensitive Data

We do not intentionally process “sensitive data” as defined under U.S. state laws (e.g., health data, race/ethnicity, immigration status, sexual orientation, biometric identifiers).

If sensitive data is voluntarily provided during participation in OSEW programs, such data is processed only for the purposes expressly described in this Privacy Policy and never for commercial purposes.

14.3. Purposes for Processing Personal Data

We process personal data for the operational and nonprofit purposes described in Section 3, including:

• To provide our programs and services
• To coordinate events (including WTO–OSEW forums), surveys, and partnerships
• To maintain communications, newsletters, and updates
• To secure our systems
• To comply with legal obligations

We do not sell personal data and do not use personal data for targeted advertising.

14.4. Your Rights Under U.S. State Privacy Laws

Subject to the exceptions in relevant laws, you may have the right to:

• Access the personal data we hold about you
• Know the categories of data collected, sources, and purposes
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Obtain a portable copy of your personal data
• Opt out of:
• The sale of personal data (OSEW does not sell data),
• Sharing of personal data for targeted advertising (OSEW does not engage in such practices),
• Profiling in furtherance of automated decisions with legal or significant effects
• Limit the use of sensitive data (where applicable)

You may exercise any of these rights by contacting us at info@osew.org

14.5. Verification of Requests

Before fulfilling a rights request, we may reasonably require you to verify your identity to prevent unauthorized access or deletion.

The verification steps depend on the nature of your request and applicable law.

14.6. Authorized Agents (California Residents)

If permitted under local law, you may designate an authorized agent to submit a request on your behalf.

OSEW may require proof of authorization and direct confirmation from you.

14.7. Right to Appeal

If we deny your request, you have the right to appeal our decision.

To appeal, email info@osew.org

14.8. Non-Discrimination

We do not discriminate against individuals for exercising their privacy rights.

We will not deny services, charge different prices, reduce service quality, or take any retaliatory actions based on your exercise of statutory privacy rights.

14.9. Additional International Rights

Depending on your jurisdiction outside the United States, you may have additional rights under local privacy laws, such as:

• The right to lodge a complaint with your national supervisory authority
• The right to object to certain processing
• The right to withdraw consent at any time
• The right to additional transparency or data portability obligations imposed by your country

OSEW will honor these rights to the extent required by applicable law.

15. Data Breach Notification

OSEW implements reasonable technical and organizational measures to protect personal data.

However, in the event of a personal data breach, we will take action in accordance with the laws that apply to the individuals whose data may be affected, including but not limited to the New York SHIELD Act, relevant U.S. state privacy and breach-notification laws, GDPR/UK GDPR, LGPD, and other applicable international regulations.

A “personal data breach” means any confirmed or reasonably suspected incident involving the unauthorized access, acquisition, alteration, disclosure, or destruction of personal data.

15.1. Notification to Authorities

Where required by law, OSEW will notify the appropriate supervisory authority or regulatory body without undue delay, and in any event:

• Within 72 hours for individuals protected under GDPR/UK GDPR, unless the breach is unlikely to result in a risk to individuals’ rights and freedoms.
• Within timeframes required by other applicable jurisdictions, including U.S. state laws and Brazil’s LGPD.

15.2. Notification to Affected Individuals

Where the breach is likely to result in a substantial, material, or significant risk of harm to individuals, OSEW will notify affected individuals without undue delay and consistent with applicable laws.

Notifications may include:

• A description of the incident
• The categories of personal data affected
• The steps taken to address and mitigate the breach
• How individuals can protect themselves
• Contact information for additional support

15.3. Documentation and Mitigation

OSEW maintains internal records of all personal data breaches and conducts investigations, reviews, and mitigation measures, including:

• Containing the incident
• Restoring system integrity
• Assessing and improving security controls
• Communicating with service providers and partners as necessary

15.4. Third-Party Breaches

If a breach occurs at one of our service providers or partners, OSEW will ensure that:

• We are promptly notified as required under contract or law, and
• We notify affected individuals or authorities when required by applicable legal obligations.

16. Data Received From Government Agencies and Public Institutions

OSEW may receive personal data from government ministries, diplomatic missions, public-sector agencies, intergovernmental bodies, or other state institutions in connection with our programs, including but not limited to the WTO–OSEW Trade Empowerment Forum, academic partnerships, and capacity-building activities.

This Section clarifies how OSEW processes such data.

16.1. Applicability of Privacy Laws

Although certain public-sector privacy or administrative laws may apply only to the state institutions that collected the data, OSEW becomes a separate, independent data controller once that personal data is transferred to us.

Accordingly, OSEW processes government-provided data in accordance with:

• This Privacy Policy
• GDPR / UK GDPR (when applicable)
• U.S. federal and state privacy and security laws
• LGPD (Brazil)
• Other applicable international privacy regulations
• Any contractual obligations governing the program or data-transfer arrangements

16.2. Categories of Data Received from State Entities

Depending on the program, OSEW may receive:

• Names, titles, and official contact information of government officials
• Delegation or mission rosters
• Survey responses or program-related submissions
• Documents related to participation in OSEW programs
• Other information voluntarily provided by government representatives

OSEW does not request or process classified or restricted governmental information.

16.3. Purpose Limitation

OSEW processes such information solely for nonprofit and programmatic purposes, including:

• Coordinating events, consultations, and invitations
• Facilitating communication and collaboration among participating states
• Managing academic or institutional partnerships
• Implementing development, research, and trade-empowerment activities
• Complying with legal or reporting obligations

We do not use government-provided data for commercial purposes.

16.4. Data Minimization and Security

All personal data originating from state agencies is handled using the same safeguards applied to all personal data processed by OSEW, including:

• Role-based access controls
• Secure storage
• Encrypted communications
• Retention limits defined in Section 7
• Breach-response procedures described in Section 16

16.5. Rights of Individuals Represented in Government Data

Individuals whose data is shared with OSEW by state institutions may exercise all rights described in Section 8 and Section 15, as permitted under the laws that govern their data.

Requests may be submitted directly to OSEW at info@osew.org, even if the data was originally collected by a government body.

16.6. International Transfers

Where data is provided by a foreign government or public institution, OSEW may transfer such data internationally as necessary for program administration, subject to the safeguards described in Section 6.

17. Jurisdictions With Specialized or High-Sensitivity Privacy Laws

OSEW operates globally and may interact with individuals located in jurisdictions that maintain specialized, sector-specific, or heightened personal-data protection frameworks.

These include, but are not limited to:

• Japan (Act on the Protection of Personal Information – APPI)
• People’s Republic of China (Personal Information Protection Law – PIPL)
• Saudi Arabia (Personal Data Protection Law – PDPL)
• South Korea (PIPA)
• United Arab Emirates (Federal Decree-Law No. 45 of 2021)
• Qatar (Law No. 13 of 2016)
• Turkey (KVKK)
• Other jurisdictions with comparable specialized privacy regulations

17.1. Application of Local Laws

These laws may apply to OSEW only to the extent that our processing activities fall within their territorial or material scope.

OSEW does not maintain servers, offices, or operational headquarters in these jurisdictions and does not conduct commercial activities targeted at their residents.

However, to the extent that individuals located in such jurisdictions interact with our Site or Services, OSEW will:

• Provide transparent notice of our data practices (this Privacy Policy)
• Process personal data only for legitimate nonprofit and programmatic purposes
• Apply appropriate safeguards for international transfers
• Respect individual rights to the extent required under applicable law

• Respond to privacy or data-access requests submitted to info@osew.org

17.2. Local Data Transfer and Storage Requirements

Certain jurisdictions (e.g., China PIPL, Saudi PDPL) impose restrictions on cross-border transfers or local hosting of critical or sensitive data.

OSEW does not process or store sensitive national-security information, state secrets, or regulated sectoral data within the meaning of those laws.

If OSEW receives personal data from individuals located in such jurisdictions, data may be transferred to the United States or other countries as permitted under:

• Applicable transfer mechanisms (e.g., contractual safeguards)
• Nonprofit operational exceptions
• Explicit consent or voluntary submission by the individual
• Any other legal grounds recognized under relevant local laws

17.3. Individual Rights Under Specialized Laws

Where local privacy laws grant individuals additional or unique rights—such as:

• Enhanced consent requirements (Japan APPI; China PIPL)
• Special categories or restricted processing rules (Saudi PDPL; South Korea PIPA)
• Limitations on automated processing or profiling
• Specific notice obligations

OSEW will honor such rights to the extent legally required and to the extent consistent with:

• Our nonprofit mission
• International operations
• Applicable public-interest or research exemptions

Requests to exercise such rights may be submitted to info@osew.org

17.4. Precedence of Local Law Where Mandatory

If a mandatory provision of a specialized national privacy law applies to our processing of personal data relating to an individual in that jurisdiction, that provision will take precedence over any conflicting term in this Privacy Policy.

18. Ongoing Review and Regulatory Updates

OSEW operates in a rapidly evolving global privacy landscape.

Privacy, data-protection, cybersecurity, and cross-border data-transfer laws may be amended or newly enacted in various jurisdictions each year.

To maintain continual compliance with applicable legal and regulatory requirements, OSEW will commit to:

18.1. Annual Review

OSEW will review this Privacy Policy at least once per year to ensure it remains accurate, up to date, and aligned with current international data-protection standards.

18.2. Updates Following Material Legal Changes

Where significant developments occur—such as the introduction of a new privacy law, a revision to an existing law, or a regulation that begins to apply extraterritorially to OSEW’s activities—OSEW may update this Privacy Policy to reflect such changes.

Such extraterritorial applicability is uncommon and typically arises only when a foreign jurisdiction’s privacy law expressly covers organizations outside its borders under specific conditions. If such a situation arises, OSEW will assess its obligations and amend this Privacy Policy as needed.

18.3. Notice of Updates

If updates are made, OSEW will:

• revise the “Last Updated” date at the top of this Policy,
• publish the updated Policy on the OSEW website, and
• provide additional notice where required by law.

18.4. No Waiver of Rights or Obligations

Nothing in this Section limits the rights of individuals or the obligations of OSEW under applicable privacy laws. Updates to this Policy are intended to ensure ongoing transparency and global compliance but do not constitute a waiver of any legal rights.

19. Contact Us

For any questions, rights requests, or concerns, please contact:

OSEW – Organization for the Smallest Economies in the World Inc.
99 Wall Street, #1493
New York, NY 10005
United States
Email: info@osew.org