This policy statement covers Members Personal Information that we collect in order to carry out our Primary Purpose, it does not cover the GDPR compliance of this website. a separate policy is available from this link:
Security policy rules were explained in the document: WSO Security Policy 2012 and revised in 2015 a further revision for 2018 is on it’s way.
It was and still is inevitable that Members engaged in 12 Step Service need access to other Members personal data.
This information was made available from a central server.
Consistent and up to date.
Old superfluous data is easily deleted.
At that time we were printing documents, such as twelfth step lists, for Home Responders, and also for Office use. However, as information is increasingly being presented electronically, the need for copious quantities of printed documents, over which we had little control, once issued, is being reduced. Security measures around online access to these files was now the priority.
With the introduction of GDPR we need to revisit the risk assessments we last did in 2015.
Members Data is stored on a password protected Sql server.
Access to the Sql server is for admin only.
Access for Data Input / Retrieval is by User level Password.
The display of Members Data is restricted to the specific data search, selected by the user. Copious quantities of individual data cannot be accessed, at any one search, and the printing of bulk data is not available.
Access to view this data is granted to Telephone Responders, GSR’s and Officers.
Members information that we hold:
Name: (first name) and initial
Surname: (voluntary – not required)
Contact Telephone Number / Numbers:
Area Code: (first part of postcode)
Email address: (for newsletters and generic email forwarders)
Members Home Group
- On the Twelfth Step list (y – n)
- Transport Available (y – n)
- Area Covered (bristol area you can take 12 step calls)
- Times Available
- GSR Service (group contact)
- Inter-group Service (service role)
- Telephone Responder (office / home)
- Contact on the printed WTF (name & number)*
*Once distributed to Groups we have no control over the WTF
Members are now in control of the data we hold on them, why we hold it and if they are happy with this arrangement.
A GDPR Acceptance Form will be distributed asking permission to store your personal data and acceptance of its use for the specific purpose of twelfth step work.
If you send out an email with lots of addresses in the ‘TO’ box, it will be considered spam and will bounce.
To avoid this, add yourself into the ‘TO’ box and all the others into the ‘BCC’ box.
If you send emails using Outlook with a distribution list ‘closed’ it will fail;
You should right click the list and select ‘expand’ in the BCC box before sending.