General Data Protection Regulation (GDPR)

Community legislation regarding the protection of personal data and its free movement online

Introduction and Data Controller Personal Data We Collect Purpose of Processing Consent and Minors Data Retention User Rights (ARCO) Data Transfer to Third Parties Information Security Specific Clause: Use of Discord and Communications Cookies Policy Changes to the Policy

Version 1.0

Effective from 2026

Introduction and Data Controller

This policy outlines how Virtual Airline [VA Name] (hereinafter "the Organization") collects, uses, and protects the personal data of its members in accordance with the General Data Protection Regulation (EU) 2016/679.

  • Purpose: Provide a civil flight simulation platform, statistics registration, and community management.
  • Controller: The VA Staff (Data Protection Officer contactable).

Personal Data We Collect

For the operation of the airline, the following categories of data are processed:

Category Specific Data Legal Basis
Identification Real name (optional/mandatory depending on policy), username, IVAO/VATSIM ID. Contract performance (Registration).
Contact Email address. Legitimate interest and communication.
Technical IP address, session cookies, ACARS logs (tracking software). Security and technical functionality.
Simulation Flight plans, flight times, virtual location, landings and network statistics. Recreational simulation purposes.

Purpose of Processing

The data is used exclusively for:

  • Operations Management: Validate flight reports (PIREPs) and assign ranks.
  • Communication: Send operational bulletins, event notifications, and regulation changes.
  • Security: Prevent fraud (multi-accounts) and protect server integrity.
  • Rankings: Display public statistics within the community (flight hours, medals).

Consent and Minors

  • Minimum Age: The airline does not accept members under 16 years old (or 1315 according to local member country law) without explicit consent from their parents or legal guardians.
  • Affirmative Action: By checking the "I accept the terms" box during registration, the user gives their free, specific, and informed consent.

Data Retention

Data will be retained as long as the user maintains an active account.

  • Inactive Accounts: If a user shows no activity for [X] months, their personal data will be anonymized or deleted, retaining only aggregated flight statistics so as not to alter the airlines overall history.
  • Account Deletion Request: Upon request, deletion will be processed within a maximum of 30 days.

User Rights (ARCO+)

Under the GDPR, you have the following rights which you may exercise by sending a support ticket or email:

  • Access: Know what data we have about you.
  • Rectification: Correct inaccurate information.
  • Erasure ("Right to be Forgotten"): Request full deletion of your account and associated data.
  • Portability: Receive your data in a structured format (JSON/CSV).
  • Restriction: Request that we stop processing your data while a dispute is resolved.

Data Transfer to Third Parties

The Organization does not sell or rent personal data. Data is only shared with:

  • Infrastructure Providers: (e.g., Discord, Webhosting, flight tracking databases).
  • Flight Networks: (IVAO/VATSIM) only for profile validation if the user links it.

Information Security

We implement technical measures to prevent loss or unauthorized access:

  • Password hashing.
  • HTTPS/TLS protocols for all web communication.
  • Database access restricted to authorized staff only.
Important Note: This virtual airline is a nonprofit organization run by enthusiasts. By participating, you understand that data security is managed with "best effort" within the technical resources of a simulation community.

Specific Clause: Use of Discord and Communications

The airline uses Discord as the main operational and social communication platform. By joining our official server, the user agrees to the following:

  • Data Synchronization: For rank and role management, our bot may link your Discord ID with your Pilot ID in our web database.
  • Communication Privacy: Although Discord is a third-party platform, the Organization prohibits sharing other peoples personal data (doxing) in its channels. Any data shared in public channels is the users responsibility.
  • Audit Logs: Airline staff may log deleted or edited messages and name changes for moderation and community security purposes.
  • Unlinking: Upon leaving the Discord server, the data link will remain in our database for statistical history unless the user exercises their Right to Erasure by submitting a formal request.

Detailed Cookies Policy

The Virtual Airline [Name] website uses cookies to enhance the simulation experience and ensure pilot account security. What are cookies? They are small text files stored in your browser when you visit our management system (Crew Center / ACARS Web). Types of cookies we use:

Cookie Type Purpose Duration
Essential (Technical) Keep your pilot session logged in and protect the login form against CSRF attacks. Session / 30 days
Preferences Remember your map setting (VFR/IFR) or preferred panel language. 1 year
Analytics (Own) Count visits to the most popular routes and usage statistics to optimize the server. 6 months
Third Party Integration with flight network widgets (Vatsim/IVAO) to show your "Online" status. Variable (per provider)
Cookie Management: The user can configure their browser to reject all or some cookies. However, if essential cookies are disabled, the flight report system (PIREPs) and control panel access may not work correctly. Note about ACARS: Our tracking software may use unique hardware identifiers to prevent fraud in flight hours logging. This data is not shared with third parties and is treated as technical security data.

Changes to the Policy

The Organization reserves the right to modify these terms to adapt to legislative updates or changes in the simulation platform. Members will be notified by email or Discord announcement at least 7 days before implementation.