Your personal data is only accessed by staff members within our organisation who need it to carry out the tasks mentioned above. Any highly sensitive information will only be accessed by staff members who absolutely need it, and is not available to every staff member. (For example, information and identity of members in our recovery groups, will only be accessed by therapist/ facilitators who need it to run the group and not every staff member.)
All staff members adhere to a very strict confidentiality agreement, and will not use this data in other contexts or pass on your information.
We also work with external people from time to time. (E.g. financial auditor, volunteers, freelancers, other charities we partner with to deliver projects). However, we will only work with people and organisations who follow the highest GDPR standards, and who work inside of the European Economic Area. They will also need to sign confidentiality agreements or will have their own strict GDPR policy in place. They must also agree to not share your data with anyone else/other organisations. They will only be given access to data relevant to carrying out the necessary task, and not keep any information after our association ends. (E.g. the auditor will only have access to donation history while they check our accounts, to make sure we adhere to financial laws and regulations.)