Embrace the similarities, Love the differences, In all our affairs

Assembly Privacy Notice

RImportant notice to all Region 9 Assembly and Convention Attendees

This privacy notice provides information on how Region 9 of Overeaters Anonymous collects and processes the personal data which you supply when you register for the Region 9 Assembly and / or Convention. We process your data in accordance with the General Data Protection Regulation (EU) 2016/679.

1. IMPORTANT INFORMATION AND WHO WE ARE

Overeaters Anonymous is a worldwide fellowship, with different bodies making up the service structure to support local groups. The service structure is fully described here: https://oa.org/groupsservice-bodies/groups/service-structure/

Region 9 is composed of groups, intergroups, and service boards across Europe, the Middle East, Africa, and Western Asia and Virtual Service Bodies who have affiliated with the Region. Region 9 is the controller and responsible for your personal data. Our full name is ‘Overeaters Anonymous Region 9’.

The Region is served by the Region 9 Service Board, and the OA Trustee Liaison to Region 9. In this notice, ‘Board’ should be taken to include the Trustee Liaison for Region 9. There are also committees which support the Board. From time to time there may be set up special committees to undertake specific pieces of work. The committees are made up of Regional Representatives to the Assembly, and individual OA members who offer service.

If you have any questions about this privacy notice or our data protection practices, please contact us at privacy@oaregion9.org.

2. THE DATA WE COLLECT ABOUT YOU

  1. Attending the Assembly / Convention in a personal capacity

We collect your name and contact details for the purposes of distributing the Assembly / Convention business papers and other pertinent materials and communicating with you about the Assembly / Convention (both beforehand and after it has finished).

Our legal basis for processing this information is our legitimate interest in carrying out the routine administration and business of the Assembly / Convention. We keep this information inline with the Privacy Policy.

  1. Region 9 Representative to the Assembly

Being a Region 9 Representative is a service position that Service Bodies elect for varying time periods. During this time you are the contact point for your Service Body for Region 9. Your details will be kept securely on file for this purpose, and you may be contacted by the Region 9 Service Board or a Region 9 Committees during this time.

We also use your personal information to establish quoracy at the Assembly.

Our legal basis for processing your information is our legitimate interest in carrying out the business of the Region with elected representatives. We keep your details inline with the Privacy Policy.

If you leave your service position and wish for your details to be deleted then please contact us at privacy@oaregion9.org.

Note: This section and the policy as a whole also applies to Officers, Trustee Liaisons, Committee Chairs, and Service Coordinators.

3. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data for the purposes for which we collected it as described above.

Only authorised people are permitted to access your data, which is kept secure and confidential for the time period as described above, and then deleted / destroyed using secure methods.

4. HOW WE SHARE YOUR PERSONAL DATA

We do not share your data with anyone outside OA Region 9, with the exception of the OA Region 9 Charitable Incorporated Organisation unless you have specifically consented to this, or we are required to share the information by law.

We make use of IT tools (e.g. email, cloud hosted storage) which mean that your data is processed by third parties (e.g. Google), but we always have in place GDPR-compliant data processing agreements to protect the privacy of your data.

5. INTERNATIONAL TRANSFERS

Region 9 encompasses countries outside the European Union (EU), and so your data may be transferred outside the (EU). We need to tell you this because countries outside of the (EU) do not always offer the same levels of protection to personal data, so European law has prohibited transfers of personal data outside of the (EU) unless the transfer meets certain criteria.

We will only transfer your data outside the EU on the following, lawful, grounds:

  1. You are a resident of a non-EU country, and so we must process your information outside the EU in order to communicate with you
  2. We are using a third-party data processor which stores or processes information outside the EU (e.g. Google processes information in the United States). We will only use such a processor if there are EU-approved safeguards for the security of data, e.g. the processor has signed up to the EU-US Privacy Shield, or our processing contract incorporates EU-approved Standard Contractual Clauses.
  3. You have explicitly consented to the transfer of your information, and you have been warned of the possible risks of the transfer

Important note about transfers outside the EU under (c) above (consent):

The Region 9 Service Board may include OA members who come from areas outside the EU, due to the wide geographical scope of the Region. In carrying out the business of the Region the Board will need to communicate via email, and we also use a Google Suite. If a Board member receives an email containing personal data outside the EU, or makes use of a Google Suite Share drive or  folder to access personal data from outside the EU, they will be transferring that data outside the EU.

Depending on the country where the Board member is based, the EU may have made a finding that there are adequate data protection standards in place. However, it is possible that the Board member is based in a country where there is no such finding.

We only share information between Board members where this is genuinely and reasonably needed to conduct the business of the Region. For example: the Secretary will access the list of email addresses in order to send out minutes, and the Digital Officer will use the list of people who have signed up to receive announcements in order to send them out. All Board members are bound by data protection policies, and information security policies, and will be required to delete information as directed.

In order for us to carry out the business of the Region lawfully, we need to address the possibility that your personal data is accessed by a Board member who is based outside the EU in a country where the EU has not made a finding of adequacy. We therefore need your consent for your personal data to be accessed from outside the EU. At the bottom of this form you will be asked to give your consent.

6. YOUR LEGAL RIGHTS

You have rights under data protection laws in relation to your personal data:

  1. the right to receive a copy of the personal data we hold about you;
  2. the right to request rectification or erasure of your personal data, or restriction of processing concerning you, or to object to processing;
  3. where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  4. the right to lodge a complaint with a supervisory authority for data protection In the United Kingdom this is the Information Commissioners Office (www.ico.org.uk).

If you would like to exercise any of these rights then please contact the Region Chair at chair@oaregion9.org.

Please contact us if you have any questions.

VERY IMPORTANT: I consent for my data to be transferred outside the European Union between Region 9 service members as described at paragraph 5 above.

Announcements: Please select this option if you would like to be added to the Region 9 news and announcements email list.

Signed: ……………………………………………………….. Date: …………………………………………………..

Name: ……………………………………………………………………………………………………………………………

Back to top