Data Protection
Limitation of Liability
This document has been prepared for use on the VATSIM network only. It should never be used for real world aviation operations. The authors cannot be held liable for any personal injury and/or death from the misuse of this document.
Scope
This document intends to outline the procedures employed by the Arabian vACC (Arabian vACC) to ensure data protection compliance with EU General Data Protection Regulation.
Introduction
- Arabian vACC refers to the community at https://arabian-vacc.com/. (“we”, “us”, “our”, “ourselves”, “the vACC”).
- VATMENA refers to the parent body of vACCs in the Middle East and North Africa division on VATSIM at http://vatsim.me/.
- VATSIM refers to the organization at https://www.vatsim.net.
- Discord refers to Discord at https://discord.com.
- Services refers to training, any websites or applications, support, voice communication.
- Microsoft refers to The Microsoft Corporation at https://www.microsoft.com.
- Google refers to Google LLC at https://www.google.com.
- User or Member (“the user”, “the member”, “the individual”, “individual(s)”) refers to any person from whom the vACC collects data.
Contact Us
Arabian vACC Staff
- Email the appropriate staff members by visiting the "Staff Team" page on this site.
- Send a private message to the relevant staff member by joining the Arabian vACC Discord.
Data Collection
How We Collect Data
Types of Data
The Arabian vACC collects personal data from members using their services as well as from VATSIM using their API. By using any of the Arabian vACCs services, an individual automatically agrees to have their data collected and processed.
The data we collect includes:
-
From users:
- User images.
- User messages.
- Support ticket requests.
- Support ticket records.
- Training requests.
- Training records.
- Licenses from any official ICAO recognized body or authority (for fast-track purposes only).
- Any other non-required data provided by a user.
-
From web applications:
- IP addresses and connection information.
- Usage data.
- Location data (country only).
- VATSIM Pilot Rating.
- Age group (from VATSIM Membership Records)
- The individual's country and state (or country or province) of residence.
- Registration date.
Why We Collect Data
The Arabian vACC collects data in order to:
- Manage users.
- Provide training.
- Provide support.
- Manage controller rosters.
- Provide access to our services.
- Provide fast-track services to real-world controllers or pilots.
Data from Third Parties
In order to offer the complete service package to individuals, we may need to access additional data from third parties on top of our own data collection.
Such data and their providers are as follows:
-
VATSIM API:
- User information:
- Member's full name as registered with VATSIM.
- VATSIM CID.
- VATSIM registered e-mail address.
- Member's registration date.
- Member's region, division, and subdivision (vACC/ARTCC) on the VATSIM network.
- VATSIM ATC rating.
- VATSIM Pilot rating.
- Membership status and suspension/account termination date (if any).
- User information:
-
Controlling session information:
- Callsign.
- Position.
- Name.
- Timestamp.
- Connection duration.
-
Discord:
- Discord ID.
- Discord Name.
- Discord Activity log.
-
Other sources:
Data Processing
Providing Training
The Arabian vACC uses the following data in order to assess competency and determine members' progression in training:
- VATSIM CID
- Training history
- Exam history
- Controller session(s)
Supporting Users
The Arabian vACC uses any collected data that we see fit in order to provide support to the user. Examples of this include, but not limited to:
- Using training data to aid a support ticket from a user requesting training.
- Using disciplinary data to aid a support ticket where the user has reported misconduct from another member.
- Using diciplinary data to aid a support ticket from another member where the user has been accussed of misconduct.
- Using a user's controlling session information to aid a support ticket where the user has been removed from an active controller roster.
- Providing user data to another vACC when a user submits a vACC transfer or visiting request.
Issuing Disciplinary Action
The Arabian vACC uses any collected data that we see fit in order to issue disciplinary action to a user that has been found to have partaken in any misconduct including but not limited to as defined by the VATSIM network Code of Conduct or is in breach of the law.
Maintining Rosters
The Arabian vACC uses the following data in order to maintain a record of active and inactive controllers as well as compile a list of controllers who may be expected to participate in a VATSIM event:
- VATSIM CID
- Name
- Region, Division, and vACC
- ATC Rating
- Membership status
- Solo validation status (if any)
- Location data (for timezone)
- Any comments made by mentors or members of the Arabian vACC staff
Issuing Controller Ratings
The Arabian vACC uses the following data in order to maintain a record of active and inactive controllers as well as compile a list of controllers who may be expected to participate in a VATSIM event:
- VATSIM CID
- Region, Division, and vACC
- Exam history
- Training history
- Membership status
- Solo validation status (if any)
Issuing a "fast track rating" to Pilots/Controllers
The Arabian vACC uses the following data for the sole purpose of verification of authenticity in order to issue a “fast track rating” to real-world pilots/controllers:
- Licenses from any official ICAO recognized body or authority
Licenses shall only be shared with the vACC ATC Training Director or their designated deputy, or the vACC Director.
The Arabian vACC will accept no damage caused by misplacement of the license. Any damage caused will be the sole responsibility of the individual handling the license.
Any mistake made by the user in sending a copy of the license to authorized vACC staff will be the sole responsibility of the user and the vACC cannot be held liable.
The Arabian vACC, after verifying the authenticity of the license, shall immediately destroy all copies of the license that they may hold.
Data Sharing
Publicaly Shared Data
The Arabian vACC will publicly share the following data:
- Member’s rating.
- Member’s training status. (position in queue and upcoming planned sessions)
- Member’s solo validation status.
- Member’s name and VATSIM CID.
- Member’s ATC session bookings.
- Member’s connection status and position/station.
Privately Shared Data
The Arabian vACC will share data with the following:
- VATSIM Staff
- VATMENA Staff
- Other vACC Staff (either in VATMENA or outside of the division/region).
The data we share includes all publicly shared data as well as a member’s:
- Email.
- Training reports.
- Exam history.
- Rating upgrade requests.
- Disciplinary history.
Sponsored Events and Competitions
During sponsored events or competitions, it may be required that the Arabian vACC shares the following information to allow the company or individual sponsoring the event to provide a prize to a user:
- User’s name.
- User’s CID.
- User’s email address.
Should a company or individual use this information for anything other than to provide a prize to a user then the user should report this to the Arabian vACC staff by using one of the methods stated in the Contact Us section of this document.
In the case where a user is selected based on the name (or CID) used to connect to the VATSIM network, the Arabian vACC will not share this information, but will use it ourselves to inform the user. The user will then be required to negotiate with the company/individual of their own accord and will no longer be covered by our privacy policy.
Our Commitment and Individual Rights
The Arabian vACC is committed to ensuring that no personal data is sold to any third party, nor do we knowingly share personal data with organizations that use that data to make a profit.
Under GDPR, every user has the right to:
- Be informed about the collection and use of their personal data.
- Access their personal data.
- Rectify their personal data.
- Erase their personal data from our systems (Website, Moodle, Discord).
- Note: Removing personal data from our systems means a user will no longer be allowed to use our Discord, Moodle, Website and will stop the user from being able to control in any airspace in the Arabian vACC.
- Restrict processing of personal data (under certain circumstances).
- Note: Restricting personal data processing may limit the services that we can offer a user.
- Data portability.
- Object to processing data (under certain circumstances)
- As well as a user’s rights, the Arabian vACC intends to be transparent, honest, and open about data handling and processing. Should a user have any questions, they (the user) should direct them (the question) to the staff members using a method states under the Contact Us section.
Should there be a data breach in the Arabian vACC we will be obligated to inform:
- The individual (either via an email or announcement in the Discord server).
- VATSIM.
- The ICO (depending on the severity of the breach and risk to individuals).
For more information on the user’s rights, please consult the ICO website.
Legal Acknowledgements and Obligations
Data Requests from Authorities
A member’s personal data may be shared with the following authorized legal bodies should the data be requested to assist with legal investigations:
- Any police service.
- Court of justice.
- Authorized government bodies.
Members Under the Age of 16
The Arabian vACC complies with VATSIM’s Safeguarding Minors Policy which can be accessed here.
In accordance with VATSIM’s Code of Regulations, the Arabian vACC will not provide any services to users who are known to be under the age of 13.
Accessing Personal Data
Requests for personal data, under the Right of Access, are the responsibility of the vACC staff. The vACC staff must compile such requests within a month of receiving the request.
A user may contact the vACC staff using one of the methods stated in the Contact Us section of this document if they wish to access their personal data.
For every access request the Arabian vACC will ensure to take appropriate steps to verify the authenticity of the request. We will only accept access requests from the member whose data is being requested; a member cannot use a proxy to request data access.
Once the member who requested access has been identified and verified, they (the member) will receive a compilation of all their data stored within the vACC. The access will only consist of personal data and any data of other individuals will be redacted.
Rights of Rectification
The responsibility of handling Right of Rectification requests is the responsibility of the vACC staff. The vACC staff must compile such requests within a month of receiving the request.
A user may contact the vACC staff using one of the methods stated in the Contact Us section of this document if they wish to rectify their personal data.
For every rectification request the Arabian vACC will ensure to take appropriate steps to verify the authenticity of the request. We will only accept access requests from the member whose data is being rectified; a member cannot use a proxy to request data rectification.
Once the member has been identified and verified, the member’s data will be rectified where required.
Opting Out
Should a member with to opt out of data collection and processing conducted by the Arabian vACC the member should inform us by using a method stated in the Contact Us section of this document. It should be noted that if a member removes their personal data, we can no longer offer any of our services to the member and they (the member) will no longer hold active controller status in the vACC.
For every erasure request the Arabian vACC will ensure to take appropriate steps to verify the authenticity of the request. We will only accept erasure requests from the member whose data is being erased; a member cannot use a proxy to request data erasure.