Virtual Region

Virtual Region
Annual Convention

Important Privacy Notice to all Virtual Region Convention Attendees

The Virtual Region (VR) is organized and incorporated as a not for profit entity under the laws of the State of New Mexico, the United States of America, which laws exclusively govern the VR and which courts have exclusive jurisdiction in respect of any dispute or claim relating to this policy and its subject matter.
This privacy notice provides information on how the Virtual Region Convention of Overeaters Anonymous collects and processes the personal data which you supply when you register for the Virtual Region Convention. We will take reasonable efforts to process yourdata in accordance with the General Data Protection Regulation (EU) 2016/679 oft he European Union.

1. IMPORTANT INFORMATION AND WHO WE ARE

The Overeaters Anonymous VirtualRegion (VR) is composed of groups, intergroups, and serviceboards across the world. It is the controller and responsible for your personal data. TheOA Virtual Region website is found at oavirtualregion.org .
The Region is served by the VR Service Board, which includes the OA Trustee for theVirtual Region. From time to time the Virtual Region may be set up committees to undertake specific pieces of work, such as the Virtual Region Convention Committee. The Virtual Region Convention Committee is made up of two Board members, the Virtual Region Convention Chair [or where there are Co-Chairs, the Co-Chair designated as the person responsible for the protection of privacy and of personal data], Subcommittee Chairs, service co-ordinators and other individual OA members who offer voluntary service.
If you have any questions about this privacy notice or our data protection practices, please contact us at privacy@oavirtualconvention.org.

2. THE DATA WE COLLECT ABOUT YOU

  1. Attending theConvention
We collect your name and contact details for the purposes of distributing any Convention documents and information, and communicating with you about the Convention (both before, during and after the Convention).
We use an external website, Eventbrite, for the majority of the online bookings to attend the Convention.To make a booking to attend the Convention, you will be asked and guided to register with your name and email address through the OA Virtual Region Website and possibly through the Eventbrite website. The VR will use your personal data to register your booking and to manage the Convention event.  
Eventbrite is registered in the United States of America, storing personal data in the United States ofAmerica. Eventbrite adheres to the EU-US Privacy Shield Framework principles regarding the collection, use and retention of personal data that is transferred from countries that fall within the European community. Notwithstanding that the certification with the Privacy Shield is no longer sufficient as a basis for transferring data outside of the European community, Eventbrite represents that it continues to take legally required steps to adhere to EU data protection law and to ensure the appropriate safeguards are in place to protect personal data. For more information go to the Privacy Policy of Eventbrite at
Eventbrite Privacy Policy - US
and
Eventbrite Data Processing (addendum for organizers- US
We also use a third-party provider, Zoom Video Communications Inc, for remote conferencing services for our Convention. Zoom is registered in the United States of America and represents that it undertakes to transfer personal data in accordance with the EuropeanCommission-approved Standard Contractual Clauses. It participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework although this is no longer the basis upon which it transfers data outside of theEuropean community. For more information, go to Zoom’s privacy https://zoom.us/privacy.
The legal basis for the VR processing this information is their legitimate interest in carrying out the routine administration and business of the Convention. The VR keep this information for18 months from the last day of the Convention.
  1. Attending theConvention as well as giving service for the event
People who attend OA Conventions often wish to offer service to the fellowship. This might be through volunteering to support a committee, or undertaking some of the work of theVirtual Region. If you do volunteer or offer service to the Virtual Region for the Convention then we will need to keep your contact information so that we can keep in touch with you. The legal basis on which we process this information is your consent, which you will be asked for as is detailed in the consent request made to you when you register for the Convention. Your contact information will be kept securely for eighteen months from the closing date of the Convention and will then be deleted, unless you give further consent for us to keep it. You can also ask for your contact details to be deleted at anytime.

3. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data for the purposes for which we collected it as described above. Only authorized people are permitted to access your data, which is kept secure and confidential for the time period as described above, and then deleted/destroyed using secure methods.

4. HOW WE SHARE YOUR PERSONAL DATA

We do not share your data with anyone outside OA Virtual Region unless you have specifically consented to this, or we are required to share the information by law.
We make use of IT tools (e.g.email, cloud hosted storage) which mean that your data is processed by third parties (e.g. Google, Dropbox, Eventbrite, Zoom), but we take reasonable efforts to have in place GDPR-compliant data processing agreements to protect the privacy of your data.

5. INTERNATIONAL TRANSFERS

OA Virtual Region encompasses countries outside the European Economic Area, and so your data will be transferred outside the EEA. The VR needs to tell you this because countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
The VR will take reasonable efforts to only transfer your data outside the EEA on the following, lawful, grounds:
  1. The country has been approved by the EU as having an adequate standard of data protection
  2. You are a resident of a non-EEA-country, and so the VR will need to process your information outside of the EEA in order to communicate with you
  3. The VR is using a third party data processor which stores or processes information outside the EEA (e.g., Google. processes information in the US). The VR will only use such a processor if there are EU-approved safeguards for the. security of data, e.g., the processor has signed up to the EU-US Privacy Shield, or the VR processing contract incorporates EU-approved Standard Contractual Clauses.
  4. You have explicitly consented to the transfer of your information, and you have been warned of the possible risks of the transfer.
    You have explicitly consented to the transfer of your information, and you have been warned of the possible risks of the transfer.
    Important note about transfers outside the EEA under(d) above (consent):
    The VirtualRegion Convention designated VR Board members, the VRC Chair, Committee Chairand members, Subcommittee Chairs and members and other OA members givingservice for the VRC may come from areas outside the EEA, due to the widegeographical scope of the Virtual Region. In carrying out the business of the VirtualRegion, these persons may store documents using cloud storage service providerssuch as Dropbox and may need to communicate with you via email. If one suchperson receives an email containing personal data outside the EEA, or makes useof the Dropbox folder to access personal data from outside the EEA, they will be transferring that data outsidethe EEA.
    Dependingon the country in which such person is based, the EU may have made a findingthat there are adequate data protection standards in place. However, it ispossible that such person is based in a country where there is no such finding.
    The VR onlyshare information where this is genuinely and reasonably needed to conduct thebusiness of the Virtual Region Convention. All such persons are advised of thedata protection policies and information security policies, and are to deleteinformation as directed.
    In orderfor the VR to carry out the business of the Virtual Region Convention lawfully,we need to address the circumstance where your personal data is accessed by suchpersons who are based outside the EEA in a country where the EU has not made afinding of adequacy. The VR thereforeneed your consent for your personal data to be accessed from outside theEEA. During the registration process for Convention, you will be asked to giveyour consent.

    6. YOUR LEGAL RIGHTS

    Under certain circumstances, youhave the following rights in relation to your personal data:
    1. the right to receive a copy of the personal data that the VR holdabout you;
    2. the right to request rectification or erasure of your personaldata, or restriction of processing concerning you, or to object to processing;
    3. where processing is based on consent, the right to withdrawconsent at any time, without affecting the lawfulness of processing based onconsent before its withdrawal;
    4. the right to lodge a complaint with therelevant Data Protection Regulator for your country, such as, for illustrativepurposes, the Information Commissioners Office of the United Kingdom.
     If you would like to exercise any of theserights then please contact us at privacy@oavirtualconvention.org.

    Version

    This Privacy Notice to Convention Attendees was updated on behalf of the VRC Chair on 10 January 2021 and is the second version of such Notice.
    Overeaters Anonymous
    Home Privacy Policies podcasts
    © 2021 Virtual Region of Overeaters Anonymous
    OA.org
    OA bookstore
    find a meeting