Last amended: June 6, 2019
Effective Date: May 25, 2018
- How we collect information
Our websites provide various services, some of which you can access without providing personal information, and some of which require you to share your information with us.
We collect three types of information:
- Contact information, such as name, email address, mailing address, or phone number
- Billing information, such as credit card number and billing address
- Unique identifiers, such as username, account number, or password
Depending on how you use the websites, you may supply all, some, or none of this information.
- Information we collect
2.1 Information that you provide to us about yourself
Oa.org is an online resource for information about Overeaters Anonymous that you can browse without registering any information. It also provides services which will require us to collect information, including the following:
- Service bodies can register and update contact information. This will involve us collecting contact information.
- Find a Meeting is an online record of meetings across the world. When a meeting is registered, we collect contact information about the secretary, group contact, and the person updating the information. The first name and the telephone number of the group contact is then displayed on the website and is freely available to anyone who accesses the oa.org website (the other information is not displayed, but we do keep record of it).
- You may choose to sign up for the OA newsletter, which will require you to supply your first name and email address.
- Donations may be made through the website, which will involve us collecting contact and billing information.
- You may contact OA through a web contact form. We will collect your contact information.
Bookstore.oa.org is an online shop for OA-approved books, pamphlets, and materials. You can browse the site without registering, but personal information may be collected for the following services:
- You may choose to set up an account, which means we collect your contact information and unique identifiers.
- If you make a purchase, we collect contact and billing information.
- There is a contact form on the website that collects your contact information if you use it.
Oalifeline.org is the online home of the OA magazine Lifeline. You can browse the site without providing personal information, but these services will collect personal information:
- Newsletter signup, which collects contact information
- Account creation, which collects contact information and unique information
- Payment for online access to Lifeline magazine via PayPal–we do not receive your billing information, but we do collect contact information
- Contact form, which collects contact information
- Share your story, at http://www.oalifeline.org/lifeline-submission/
2.2 Information you provide to us about your contacts
When you make purchases from bookstore.oa.org, you may also provide us personal information about your contacts, such as their name, address, telephone and email address where we send purchases. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided.
If you believe that someone else has provided us with your personal information for this purpose, and you would like to request that it be removed from our database, please contact us using the contact information listed in Section 13.
2.3 Information collected automatically
Overeaters Anonymous allows Google Analytics to use these technologies to analyze trends, administer the website, track users’ movements around the website, and gather demographic information about our user base as a whole for the purpose of analytics.
- Purpose and legal basis of the processing
To the extent that EU data protection law applies to our processing of information about you, we act as the “data controller.”
To perform services: We use your information to deliver services, as described above. This will involve using your data to identify you, process any payment, provide you with technical support and assistance, deliver any newsletter to which you have subscribed, and communicate with you about these services via email. For example, we will contact you to notify you of any issues with our services or any suspicious activity in your account. The legal bases for these uses are set out below:
- Contact details for service bodies – consent
- Find a Meeting – consent
- Newsletter sign-up – consent
- Donations – consent and our legitimate interests
- Contact form – consent
- Account creation – consent
- Purchase of literature, etc., from website – performance of a contract
- Contact form – consent
- Newsletter sign up – consent
- Account creation – consent
- Purchase of subscription – performance of a contract
- Contact form – consent
To optimize or improve services: We use your information to authenticate you, prevent fraud and abuse of our services, and perform research. The legal basis for these uses is our legitimate interest in the improvement and optimization of our service offerings, as well as ensuring both the security of our services and that we apply appropriate safeguards to protect your information (see Section 5 below).
- How we share your information
We share information publicly, within the fellowship of OA, with service providers, as required by law, and in connection with the protection and enforcement of our legal and contractual rights.
Publicly available information: If you give your name and phone number as the contact for an OA meeting, this will be published on the Find a Meeting section of oa.org. You can delete your details at any time by visiting Find a Meeting and editing the meeting information, or by emailing us at firstname.lastname@example.org.
Within the fellowship of OA: The contact details supplied for meeting contacts, secretaries, and contacts within service bodies may be shared within the service structure of OA (region, intergroup, and other service bodies). If you wish to delete your information, you can do this at any time, either by editing Find a Meeting or submitting a service body change form.
With service providers: We share your information with third parties who provide services on our behalf to help with our business activities. These services include payment processing, providing customer service, conducting research and analysis, and providing cloud computing infrastructure. The legal basis for sharing this information is our legitimate interest in providing our services efficiently, and we implement measures to safeguard your information.
With public authorities or law enforcement: In certain situations, Overeaters Anonymous may be required to disclose personal data in response to lawful requests by public authorities in order to meet national security or law enforcement requirements. We may also disclose your personal information as required by law (such as to comply with a subpoena or other legal process) when we believe in good faith that disclosure is necessary to protect our rights; when we believe there is a violation to our Terms of Service; to protect your safety or the safety of others; to investigate fraud; to respond to a government request; if we are involved in a merger, acquisition, or sale of all or a portion of our assets; or if we are involved in a bankruptcy or liquidation proceeding. The legal basis for this is our legitimate interest in protecting our legal rights and those of others, compliance with legal obligations, and our legitimate interest in fulfilling legal obligations imposed by legal authorities outside of the EU.
Prevent fraud and abuse of services: We will share information to prevent or detect fraud and to address technical issues, as well as if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of our services infrastructure. The legal basis for this is our legitimate interest in the maintaining the security of those services.
We also process and share information in an aggregated, de-identified manner, where the information is shared as part of a statistical report and does not contain personal information.
The security of your personal information is important to us. We implement adequate measures to protect the personal information submitted to us, both during transmission and once it is received. Overeaters Anonymous takes steps to ensure that all source code, files, and data remain private and confidential. Due to the sensitive nature of source code, we take this very seriously and make it our primary concern for all customers. We restrict access to personal information by Overeaters Anonymous employees, contractors, and agents who need to know that information in order to operate, develop, or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. If you have any questions about the security of your personal information, you can contact us at the contact information listed in Section 13.
- Rights with respect to your information
Upon request, Overeaters Anonymous will provide you with information about whether we hold any of your personal information. You may access, correct, obtain a copy of, or request deletion of your personal information by logging into your account or by contacting us at the contact information listed in Section 13. We will respond to your request within a reasonable time frame, which will normally be thirty days. In certain circumstances, we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Overeaters Anonymous acknowledges that you have the right to access your personal information. Overeaters Anonymous has no direct relationship with your contacts whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the OA data controller. If requested to remove data, we will respond within a reasonable time frame, normally thirty days. In certain circumstances, we may be required by law to retain your personal information or may need to retain your personal information in order to continue providing a service.
You may also have the right to make a GDPR complaint to the relevant supervisory authority. A list of supervisory authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
- Your choices with respect to information
Promotional email communication: You may sign up to receive email, newsletters, or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send you, or by contacting us at the contact information listed in Section 13.
Google Analytics: See http://www.google.com/policies for information about how Google uses the information provided to Google Analytics and how you can control the information provided to Google. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on, which can be found here.
- Data retention
We may retain your information for as long as your account is active, or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. In certain circumstances, we may be required by law to retain your personal information or may need to retain your personal information in order to continue providing a service.
Even if you delete your account, keep in mind that deletion by our third party providers may not be immediate, and that the deleted information may persist in backup copies for a reasonable period of time.
- Policy regarding children
Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under sixteen. If you are under 16, please do not use our services and do not provide any personal information to us. If you become aware that a child under 16 has provided us with personal information, please contact us at email@example.com.
- Transfers of information not from the EEA
However, in connection with these transfers of personal information, your personal information may be subject to privacy laws that may not provide the same protection as your country of residence. For example, government entities in such other countries may have certain rights to access your personal information. By using this site or using our services that this privacy notice relates to, you are consenting to this transfer of your personal information.
- Browser Do Not Track
Our services honor and enforce Do Not Track preferences. Do Not Track (DNT) is a privacy preference you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with the service on the page. For all the details, including how to turn on Do Not Track, visit donottrack.us.
We may need to update this policy from time to time. Unless otherwise required by law, we will notify you before we make such changes and give you an opportunity to review them before they go into effect. We encourage you to periodically review this page for the latest information on our privacy practices.
- Privacy questions/feedback