Who We Are
The ONE System is developed and maintained by World Development Systems Ltd (referred to herein as WDS), a manufacturing company based in Worcestershire, England. We were founded in 1998 and have developed a range of products during this time in the field of what is known as energy therapy and Well Being. During all this time our most notable product to date has been the e-Lybra Energy Balancing System, a device for practitioners.
Basic Operation of the ONE System
This description is given to understand the data that is used by the system, the entities to which this data belongs, and the privacy and data protection issues around it.
As a wellness aide the ONE System is designed to balance and detoxify the “energy bodies” of end clients. This form of therapy is widely accepted in ancient and contemporary Eastern philosophy and is also widely practiced by free thinking healers by is dismissed by the pharmaceutical-driven allopathic medical culture at the present time.
The ONE System is a computer software program and an attached hardware device. This package is designed for use primarily within a clinic environment, either by a single practitioner (subscriber) or by a multi-staff organization. The general nature of the system requires that a single subscriber owns a usage contract, although this could be an individual person or a business. Under the umbrella of this subscription are staff members, each with their own login account which is owned by the subscriber. Additionally, and in fact at the core of the operation of the ONE System, are end clients who are registered onto the system database, and who receive energy balancing programs while connected to a WDS hardware device via a pair of wrist straps.
The ONE System differs from the e-Lybra in that it is primarily used for dealing with addiction and behavioural issues, and has the distinction of being developed twenty years after the e-Lybra so the software and computing environment are radically different.
The architecture of the ONE System is a client application which runs on Microsoft Windows – this requires a login id and password combination. This application connects via the Internet to one or more cloud services in order to retrieve/send information, and to control the running of a proprietary software “engine” which is involved in the generation of remedy programs which are part of the process of running a session with a client.
Data Segregation Policy
The design of the data flow of the system is very mindful of the concept of data residency, wherein data that is about entities (people, companies, etc) is primarily required to be physically stored on data storage devices within the same geographical or political region. For example, end clients within the United States or Canada would need to be primarily stored on a data device within North America. This is a concept known as Data Residency.
To achieve the above goal there also needs to be a consideration of performance and latency, i.e. how long a piece of data takes to travel from a server to the ONE System, or vice versa. To develop the ONE System the data was split into two parts, across two databases. The personal information is kept in a storage that can be geographically specific, where as general system data that is required for the global operation of the system is stored centrally for the time being. As the system generates more revenue we will probably divide all aspects of the system into definite geographical domains.
For the time being then the data is split into two databases:
1. Global server - system and subscriber data
To use the ONE System a person or organization requires a subscriber account. This subscription record is the top level of registration within the system. Underneath this hierarchical level are contained simple records of practitioner and operational staff who need to sign in to the ONE System (with a more comprehensive equivalent record within the regional database). There is an architectural reason for this presence of simple staff records in the global database – when a person signs in for the first time there is no way of knowing at that stage who the owning subscription record is, and therefore there is no way to know which region the staff member would need to connect to. Therefore a central register of staff members is held within the global database, and when a successful sign in is achieved the system can then reference the owning subscriber and therefore also return the identity of the regional server that contains the full record. Internally, an initially successful sign-in against the global database is followed by a second connection to the regional server wherein much profile data can be obtained (e.g. product prices for the current subscriber)
2. Regional server - Individual subscriber and client data
The regional server also contains a full subscriber profile record, a list of all staff members who belong to that subscriber, and a list of end clients (i.e. patients) which includes name, address, date of birth, a very short summary of the primary condition for which help is sought (e.g. addiction to smoking), a list of programs run for the client, a profile of a “top-up” device, and any notes that the practitioner has made at any time. This client data of course is identified as that section of the data which is the most confidential and is therefore stored under GDPR regulations in the locality of the customer base.
Security permissions of staff members
Staff records contains flags which indicate whether the staff member has additional levels of control:
Administrator – can add, deactivate or close other staff records. An administrator can also invoke the “right to be forgotten”, in which all client data is anonymized.
Finance – can add credits or make purchases on behalf of the subscriber account. Can also view financial aspects of transaction records (cost per client session, credits made).
Data access policy
A regional database will contain client records for every subscriber within that region. Each client record has a field containing the owning subscriber, so whenever client data is obtained by a staff member then the result set will only contain data from within that same subscriber group. Similarly, when a client record is being updated then there is a validation check that the current staff member is within the same subscriber domain as the client.
Data deletion policy
This is also known as the right to be forgotten. All sessions run on the ONE System by subscriber accounts are tied to a set of financial transactions which form part of a journal entry. If a client wishes to be removed from the system then the name is replaced with the string “[NAME DELETED]”. The address and other features such as the data of birth and symptom summary are replaced with strings purely consisting of the letter “X”. Any telephone numbers are deleted, as are any practitioner notes which may have been made. Therefore, the financial usage details as are applicable to the subscriber are retained but there is no aspect of the data that identifies who the data relates to.
Closure of subscriber account
If a subscriber closes an account the data is retained for a minimum of twelve months. The subscriber may ask for the reactivation of the account at any time, and may also make a special request for data to be extracted from the closed account. After twelve months have elapsed we make no promise to retain the data beyond this time.
No data that is held within the system is shared with any other organization by default. There is no policy of sharing or making visible any of the data on the system outside the context of the subscriber data domain.
Importing of client data from the e-Lybra system
The e-Lybra is also a practitioner energy balancing system which was previously developed by WDS but which is still used by hundreds of system owners around the world. This system was developed before the Internet became commonplace so the data is stored in a local password-protected Microsoft Access database file. The ONE System has (or will have) an import facility so that e-Lybra client data can be imported into the ONE System under the ownership of the currently active subscriber account. Responsibility for any relevant permission to import this data from one system to another rests solely with the practitioner making the transfer.
We log usage data whenever a sign in event occurs. To help us better understand what technology platform is in use we also log the version of Microsoft Windows that is in use, the regional locale, the processor model and memory size of the computer. We also log the IP address of the incoming connection from the client computer to our regional server. This data is not shared with any other party and simply helps us to understand if any customers are using outdated or early (i.e. beta) software in the event of any technical issues that might arise with the usage of the ONE System.
This document was last updated August 11th, 2023 by Jon Perkins (WDS)