This privacy notice provides information on the Overeaters Anonymous Virtual Region, which collects and processes the personal data you supply when registering for the events. We process your data in accordance with the General Data Protection Regulation (EU) 2016/679.
1. IMPORTANT INFORMATION AND WHO WE ARE
Overeaters Anonymous (OA) is a worldwide fellowship, with different bodies making up the service structure to support local groups. The service structure is fully described here: https://oa.org/service-bodies/
The Virtual Region comprises groups, intergroups, and service boards worldwide. The Virtual Region is the controller and is responsible for your personal data. Our full name is “Overeaters Anonymous Virtual Region.”
The Region is served by the Virtual Region Service Board, the OA Trustee for the Virtual Region and the various Virtual Region Committees. Each committee is made up of at least one Board member and one committee chair and then also the individual OA committee members who give service on the committee of their choice.
If you have any questions about this privacy notice or our data protection practices, please contact us at data@oavirtualregion.org.
2. THE DATA WE COLLECT ABOUT YOU
Attending an event in a personal capacity.
We collect your name and contact details for the purposes of distributing any documents and information and communicating with you about the event (both beforehand, during and after it has finished).
Our legal basis for processing this information is our legitimate interest in carrying out the routine administration and business of the event. We keep this information for four months after the event’s last day.
3. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data for the purposes for which we collected it, as described above. Within the Virtual Region, only authorized service volunteers are permitted to access your data, which is kept secure and confidential for the time period as described above and then deleted/destroyed using secure methods.
4. HOW WE SHARE YOUR PERSONAL DATA
We do not share your data with anyone outside the OA Virtual Region unless you have specifically consented to this, or we are required to share the information by law.
We make use of technology tools (e.g., email, cloud-hosted storage), which means that your data is processed by third-party service providers of the Virtual Region, but we take measures to have in place General Data Protection Regulation compliant data processing agreements to protect the privacy of your personal data. The list of third-party service providers of the Virtual Region can be found at https://oavirtualregion.org/vr-privacy-data-protection.
5. INTERNATIONAL TRANSFERS
The Virtual Region encompasses countries outside the European Economic Area, so your personal data may be transferred outside the European Economic Area. We need to tell you this because countries outside of the European Economic Area do not always offer the same levels of protection to personal data, so European law has prohibited transfers of personal data outside of the European Economic Area unless the transfer meets certain criteria.
We will only transfer your personal data outside the European Economic Area on the following lawful grounds:
a. The country where your data is held or used has been approved by the European Union as having an adequate standard of data protection; or
b. You have explicitly consented to the transfer of your information, and you have been warned of the possible risks of the transfer in the following circumstances:
1. You yourself are a resident of a non-European Economic Area country, and so we must process your information outside the European Economic Area in order to communicate with you; or
2. We are using a third-party data processor that stores or processes information outside the European Economic Area. We take reasonable measures to only use third-party processors who have European Union approved safeguards for the security of personal data; or
3. We have service volunteers who reside outside the European Economic Area and who store or process (use) personal information outside the European Economic Area. Our privacy release form for service volunteers contains the policies and procedures to ensure these OA service members protect their personal data at all times.
Important note about transfers outside the European Economic Area under (b) above (consent):
Virtual Region committees may include OA members who come from areas outside the European Economic Area due to the wide geographical scope of the Virtual Region. In carrying out the business of the Virtual Region, the Virtual Region committees or the Board may need to communicate with you via email. For example, if a committee member responds to an email received from outside the European Economic Area containing personal data, this service volunteer will be transferring personal data outside the European Economic Area.
Depending on the country where the board member or service volunteer is based, the European Union may have found that there are adequate data protection standards in place. However, it is possible that the Board member or service volunteer is based in a country where there is no such finding.
We only share information between Committee members and sub-committee members where this is genuinely and reasonably needed to conduct the business of the Virtual Region Convention. All Virtual Region Convention Committee members are bound by data protection policies and information security policies and will be required to use and delete personal data as directed by the Virtual Region Board from time to time.
In order for us to carry out the business of the Virtual Region lawfully, we need to address the circumstance where your personal data is accessed by a Committee or sub-committee member (service volunteer) who is based outside the European Economic Area in a country where the European Union has not made a finding of adequacy.
6. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
a) the right to receive a copy of the personal data we hold about you;
b) the right to request rectification or erasure of your personal data, or restriction of processing concerning you, or to object to processing;
c) where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
d) the right to lodge a complaint with a supervisory authority for data protection. For instance, in the United Kingdom, this is the Information Commissioner’s Office (https://www.ico.org.uk).
If you have any questions or would like to exercise any of these rights, then please contact us at data@oavirtualregion.org.
Version Date: December 14, 2023
Thanks to your 7th Tradition contributions,
we can spread the message of recovery. Contribute Online
Responsibility Pledge
“Always to extend the hand and heart of OA
to all who share my compulsion;
for this I am responsible.”