This policy statement covers Members Personal Information that we collect in order to carry out our Primary Purpose, it does not cover the GDPR compliance of this website. a separate policy is available from this link:
Security policy criteria are explained in the document: WSO Security Policy 2012 revised in 2015 a further revision in 2019 and available Here: WSO Security Policy
It was and still is inevitable that Members engaged in 12 Step Service need access to other Members personal data.
This information was made available from a central server.
Consistent and up to date.
Old superfluous data is easily deleted.
At that time we were printing documents such as twelfth step lists for Home Responders an Office use.
However information is now increasingly being presented electronically the need for copious quantities of printed documents, over which we had little control once issued, is being reduced.
Security measures around online access to these files became the priority.
With the introduction of GDPR we need to revisit the risk assessments we last did in 2015.
Members Data is stored on a password protected Sql server.
Access to the SQL server is for admin only.
Access for Data Input / Retrieval is by User level Password.
The display of Members Data is limited to the specific data search selected by the user.
Copious quantities of individual data cannot be accessed at any one search and the printing of bulk data is not available.
Access to view this data is granted to Telephone Responders, GSR’s and Officers.
Members information that we hold:
Name: (first name) and initial
Surname: (voluntary – not required)
Contact Telephone Number / Numbers:
Area Code: (first part of postcode)
Email address: (for newsletters and generic email forwarders)
Members Home Group
Service Participation as bullet pointed below
- On the Twelfth Step list (y – n)
- Transport Available (y – n)
- Area Covered (Bristol area you can take 12 step calls)
- Times Available (best time to call you)
- GSR or (group contact)
- Inter-group Service (service role)
- Telephone Responder (office / home)
- Contact on the printed WTF (name & number)*
*Once distributed to Groups we have no control over the issue of WTF’s but we can suggest that groups securely dispose of old WTF documents, preferably by shredding.
Members are always in control of the data we hold on them, why we hold it and if they are happy with this arrangement.
Statement from ICO: (International Commissioners Office)
Service providers must take appropriate measures to safeguard the security of their service.
What ‘appropriate’ means depends on the nature of the risk, the technology available, and the cost.
Service providers must also inform their customers of any significant security risks.
A GDPR Acceptance Form will be distributed asking permission to store your personal data and acceptance of its use for the specific purpose of twelfth step work.
Bulk email distribution
If you send out an email with multiple addresses in the ‘TO’ box it will be flagged as spam and may bounce.
To avoid this problem add your own email address into the ‘TO’ box and the other recipients into the ‘BCC’ box.
Sending out email with multiple addresses showing is not only bad manners, it can breach anonyimity and bring AA into disrepute.