1) IMPORTANT INFORMATION AND WHO WE ARE
Overeaters Anonymous (OA) is a worldwide fellowship, with different bodies making up the service structure to support local groups. The service structure is fully described here: https://oa.org/service-bodies/.
The WSBC, attended by delegates from around the world, meets annually each April or May to conduct the business of OA and to elect the Board of Trustees. This 17-member board acts on behalf of all members of the OA Fellowship. The World Service Office works with the Board of Trustees to provide quality support and services to the entire OA Fellowship.
Overeaters Anonymous, Inc. is the corporation that runs the World Service Office (WSO). It is a registered company located in New Mexico, USA. OA, Inc. is the legal entity that is the data controller for your personal information.
If you have any questions about this privacy notice or our data protection practices, please contact us at firstname.lastname@example.org.
2) THE DATA WE COLLECT ABOUT YOU
a) Attending WSBC in a personal capacity
We collect your name and contact details for the purposes of distributing the WSBC business materials and communicating with you about the WSBC, both beforehand and after WSBC has finished.
Our legal basis for processing this information is our legitimate interest in carrying out the routine administration and business of the WSBC. We keep this information for seven years after the last day of the Conference.
b) Delegates to WSBC
Delegates are chosen in accordance with the process set out in Article VIII of the OA, Inc. Bylaws, Subpart B. This is a service position that extends beyond attendance at the WSBC. You are the contact point between your group/intergroup/service board/region and the OA WSO, the Board of Trustees, and OA, Inc.
Your details will be kept securely on file for this purpose, and you may be contacted by the OA WSO, the trustees, current registered delegates, your region, or committees during this time.
We also use your personal information to establish quoracy at WSBC.
Our legal basis for processing your information is our legitimate interest in carrying out the business of WSBC with elected representatives. We keep your details on file for seven years after the last day of the WSBC.
If you resign your service position and wish for your details to be deleted, then please contact us at email@example.com.
c) Data you can choose to share
In our experience, people who attend WSBC often wish to offer wider service to the Fellowship. This might be through volunteering to support a committee or undertaking some of the work of OA. If you do volunteer or offer service to OA in any other way, then we will need to keep your contact information so that we can keep in touch with you. The legal basis on which we process this information is your consent, which you will be asked for at the time you sign up for service. Your contact information will be kept securely for seven years from the closing date of WSBC and will then be deleted unless you give further consent for us to keep it. You can also ask for your contact details to be deleted at any time.
3) HOW WE USE YOUR PERSONAL DATA
We will only use your personal data for the purposes for which we collected it as described above. Only authorized people are permitted to access your data, which is kept secure and confidential for the time period as described above, and then deleted/destroyed using secure methods.
4) HOW WE SHARE YOUR PERSONAL DATA
We do not share your data with anyone outside OA unless you have specifically consented to this or we are required to share the information by law.
Your contact information will be shared with all other WSBC delegates.
We make use of IT tools (e.g. email, cloud-hosted storage), which means that your data is processed by third parties (e.g. Google), but we always have GDPR-compliant data processing agreements in place to protect the privacy of your data.
5) INTERNATIONAL TRANSFERS
OA encompasses countries outside the European Economic Area, so your data may be transferred outside the EEA. It is necessary to tell you this because countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to personal data, so European law has prohibited transfers of the personal data of EEA residents outside of the EEA unless the transfer meets certain criteria.
We will only transfer your data outside the EEA on the following, lawful, grounds:
a) The country has been approved by the EU as having an adequate standard of data protection.
b) You are a resident of a non-EEA country, so we must process your information outside the EEA in order to communicate with you.
c) We are using a third-party data processor which stores or processes information outside the EEA (e.g. Google processes information in the US). We will only use such a processor if there are EU-approved safeguards for the security of data, e.g. the processor has signed up to the EU-US Privacy Shield or our processing contract incorporates EU-approved Standard Contractual Clauses.
d) You have explicitly consented to the transfer of your information, and you have been warned of the possible risks of the transfer.
Important note about transfers outside the EEA under (d) above (consent)
As stated above, your personal information may be shared with the OA trustees, WSO, current registered delegates, your region, or committees. Due to the global scope of OA, this will include individuals who come from areas outside the EEA. In carrying out the business of OA, these individuals will need to communicate via email. We also use [Microsoft 365, Dropbox, Google Docs]. If an OA member receives an email containing personal data outside the EEA or makes use of a shared folder to access personal data from outside the EEA, they will be transferring that data outside the EEA.
Depending on the country where the OA member is based, the EU may have made a finding that there are adequate data protection standards in place. However, it is possible that the OA member is based in a country where there is no such finding.
We only share information between OA members where this is genuinely and reasonably needed to conduct the business of OA. For example, the WSO Member Services Manager will access the list of email addresses in order to send out minutes.
In order for us to carry out the business of OA lawfully, we need to address the possibility that your personal data is accessed by an OA member who is based outside the EEA in a country where the EU has not made a finding of adequacy. We, therefore, need your consent for your personal data to be accessed from outside the EEA. At the bottom of this form, you will be asked to give your consent.
6) YOUR LEGAL RIGHTS
Under certain circumstances, you have these rights under data protection laws in relation to your personal data:
a) The right to receive a copy of the personal data we hold about you;
b) The right to request rectification or erasure of your personal data, or restriction of processing concerning you, or to object to processing;
c) Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
d) The right to lodge a complaint with a Supervisory Authority for data protection in the UK. This is the Information Commissioners Office: www.ico.org.uk.
If you would like to exercise any of these rights, then please contact us at firstname.lastname@example.org.
Please check the box(es) and sign below to show that you have read and understood this privacy notice. Please contact us if you have any questions.