This policy statement covers Members Personal Information that we collect in order to carry out our Primary Purpose, it does not cover the GDPR compliance of this website. a separate policy is available from this link:
Security policy criteria are explained in the document: WSO Security Policy 2012 revised in 2015 a further revision in 2021 is available Here:
It was, and still is, inevitable that Members engaged in 12 Step Service will need access to other Members personal data.
This information was made available from an Sql database in the Telephone Office.
Consistent, easier to keep up to date and secure.
Old superfluous data was easily deleted.
At that time we were printing documents, such as twelfth step lists, for Home Responders an Office use.
However as information was increasingly being presented electronically & on-line the need for copious quantities of printed documents, over which we had little control once issued, was being reduced.
Security measures around online access to these files was now the foucus.
With the introduction of GDPR we needed to revisit the risk assessments we last did in 2019.
Members Data is stored on a password protected Sql server.
Access to the SQL server structure is for admin only.
Access for Data Input / Retrieval is by User level Password.
The display of Members Data to the user is limited to the specific search, as selected by the user.
Therefore large quantities of individual data cannot be accessed at any one search and the printing of bulk data is not available.
Access to view this data is granted at several levels to – Telephone Responders, GSR’s and Officers according to their needs.
Members information that we hold:
Name: (first name) and initial
Surname: (voluntary – not required)
Contact Telephone Number / Numbers
Area Code: (first part of postcode)
Email Address: (for newsletter and minutes distribution, generic email forwarders)
- On the Twelfth Step List (y – n)
- Transport Available (y – n)
- Area Covered (Bristol area you can do 12 step calls)
- Times Available (best time to call you)
- GSR or (group contact (y – n)
- Inter-group Service (service role)
- Telephone Responder (office / home)
- Contact on the printed WTF (name & number)*
*Once distributed to Groups we have no control over the issue of WTF’s but we suggest that groups securely dispose of old WTF documents, preferably by shredding.
Members are always in control of the data we hold on them, why we hold it and if they are happy with this arrangement.
Statement from ICO: (International Commissioners Office)
Service providers must take appropriate measures to safeguard the security of their service.
What ‘appropriate’ means depends on the nature of the risk, the technology available, and the cost.
Service providers must also inform their customers of any significant security risks.
A GDPR Acceptance Form will be distributed asking permission to store your personal data and acceptance of its use for the specific purpose of twelfth step work.
Bulk email distribution
If you send out an email with multiple addresses in the ‘TO’ box it will be flagged as spam and may bounce.
To avoid this problem add your own email address into the ‘TO’ box and the other recipients into the ‘BCC’ box.
Sending out email with multiple addresses showing is ‘bad form’ it can breach anonyimity and could bring AA into disrepute.
Some recipients of emails send this way will ‘reply to all’ – this will email all of addressees in the ‘To’ box for a second time.