Skip to main content

Data Protection Policy

Introduction

We respect your privacy and are committed to protecting it through our compliance with this data protection policy ("Policy"). This Policy describes the types of information we may collect from you or that you may provide ("Personal Information") on the vatsim-scandinavia.org website ("Website" or "Service) and any of its related services (collectively, "Services"), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choises available to you regarding our use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you ("User", "you" or "your") and VATSIM Scandinavia (doing business as "vACCSCA", "VATSCA", "we", "us" or "our"). By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of organizations that we do not own or control, or to individuals that we do not employ or manage.

VATSIM Scandinavia has a Data Protection Officer whose role is to inform staff and board members of vACCSCA of relevant privacy regulations, to monitor and control the compliance and adherence to said privacy regulations as well as internal privacy policies, and to be a contact point for our users, staff and board members for any inquiries related to how we process Personal Information. Additionally, the Data Protection Officer is a contact point for relevant Data Protection Authorities, and can be reached by e-mail at dpo@vatsim-scandinavia.org.

Simplified Data Protection Policy

Collecting Your Info

We collect info about you when you use our website and services, sign in through VATSIM Connect, or from public sources. This info can include your VATSIM details, name, country of residence, email, age, gender, and some device info like IP addresses. If you don't provide this info, you can't use our website and services.

Kids' Privacy

We don't knowingly collect info from kids under 13. If you're under 13, or if you know someone who is and uses our services, let us know so we can delete their info.

Your Rights

If you're in the European Economic Area, you have certain rights to control your info. You can ask us to correct, delete, or limit the use of your info. You can also complain to a data protection authority if you're not happy with how we handle your info.

How We Use Your Info

We use your info to manage your account, provide services, send updates, improve your experience, and to enforce policies. We might also share your info with VATSIM and other partners who help us run our services. We won't share your info with unrelated third parties without your permission.

Cookies

Our website uses cookies, which are small files stored on your device. They help us run our website and services and understand how you use them. We also use analytical cookies to gather info on how you use our website, which helps us improve the service.

Keeping Your Info Safe

We take steps to keep your info safe and secure. But remember, no method is 100% secure, and we can't guarantee the absolute security of your info.

Data Breaches

If a data breach occurs, we'll do our best to fix it and tell you about it if there's a risk of harm to you.

Changes to the Policy

We can change this policy at any time. If we make a big change, we'll ask for your consent again when you log in next time.

Accepting the Policy

By using our website and services, you agree to this policy. If you don't agree, you can't use our services.

Getting in Touch

If you have questions or want to exercise your rights, you can contact our Data Protection Officer at dpo@vatsim-scandinavia.org.

Remember, this is a simplified version. If you need more details, you should read the full policy.

1. Personal Information

To use our Website and Services, you need to have a registered account with VATSIM. Their Privacy Policy can be found here, and their Data Protection and Handling Policy can be found here. This is necessary, as we are an entity of VATSIM, and act partially on their behalf in the Nordics. We do not automatically process Personal Information simply by you registering an account with VATSIM and transferring your membership to vACCSCA. This will be further explained in this Policy.

1.1. Collection of Personal Information

When you open the Website, our servers automatically record information that your browser sends. This may include information such as you device's IP address, browser type, or language preferences, as well as pages of the Website and Services that you visit, the time spent on those pages, information you search for on the Website, access times and dates, and other statistics. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Website and Services. This statistical information is not otherwise aggregated in such a way that it would identify any particular User.

You can access and use our Website without giving us Personal Information. If, however, you wish to use our Services or some of the features on our Website, you may be asked to provide certain Personal Information.

We receive and store any information you knowingly provide to us when you log in to our Website and Services, publish content, or fill any forms on the Website. When required, this information may include the following:

  • Account details such as VATSIM Certificate ID and related information
    • We do not, however, process your password as the log-in is handled by VATSIM's infrastructure centrally
  • Contact information, such as e-mail address and Discord User ID
  • Basic personal information, such as name and country of residence
  • Any other information you willingly submit to us

Some of the information we collect is directly from you via our Website and Services. However, we do collect Personal Information about you from other sources, such as VATSIM centrally and other VATSIM entities. We may also collect information about you from public sources andentities, third-party data providers.providers and open sources, where you have consented to them sharing data with us.

In order to access our Website and Services, you need to login through VATSIM Connect, which functions as a single-sign on for VATSIM'sVATSIM related services. When you login through VATSIM Connect, you are asked for an expressed consent for VATSIM to transfer data to us. In this case, VATSIM acts as the Data Controller, and We act as the Data Processor. This information may vary depending on the Service you are connecting to, but may include the following:

  • Your VATSIM membership status, such as Certificate ID, your pilot rating, your controller rating,ID and your membership statusratings
  • YourIdentifying information about you, such as your name, country of residence and e-mail address

Information we may collect from other sources, include:

  • Demographic information, such as age and gender
  • Device information, such as IP addresses and geographic location
  • Online behavioural data, such as information about your Social Media usage, page view information, and search results

You can choose not to provide us with your Personal Information. However, that means you will not be able to use some of the features on the Website, and all of our Services will be unavailable to you.

1.2. Privacy of Children

We do not knowingly collect or process any Personal Information from children under the age of 13. If you are under the age of 13, please contact us at dpo@vatsim-scandinavia.org so that we can delete your Personal Information from our infrastructure. If you know or suspect that a User of our Website and Services is under the age of 13, please contact us as well, so we can handle the situation appropriately.

2. Your Rights

If you are a resident of the European Union ("EU") or the European Economic Area ("EEA"), you have certain data protection rights and we aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Information. If you are not a resident of EU or the EEA, you still reap the benefits of these rights according to this Policy.Policy (with the exception of the right to raise a complaint).

In certain circumstances, you have the following data protection rights:

  • ToRight theto extentwithdraw thatconsent
    • When the legal basis for our processing of your Personal Information is consent, you havecan the right to withdraw said consent at any time. Withdrawal will not affect the lawfulness of the processing before the withdrawal.
    • To manage your consents, you can login to Handover.
  • Right to transparent information
    • You have the right to transparent information about how we process your Personal Information, and how we process any requests with regards to the processing of your Personal Information.
    • This Data Protection Policy, as well as the DPO e-mail serve as some of the functions fulfilling your right to transparent information.
  • Right to access
    • You have the right of accessing the Personal Information we process, except where this may adversely affect the rights of other natural persons. This includes obtaining a copy of your Personal Information undergoing processing in a machine-readable format.
    • YouAny right to access requests should be directed to our DPO.
  • Right to rectification
    • If any of the Personal Information is inaccurate, you have the right to verifyrequest the accuracy of your information and ask for itus to becorrect rectified.it. You also have the right to request us to complete the Personal Information, should you believe it is incomplete.
    • WhereAny right to rectification requests should be directed to our DPO. Please note: We can only rectify the information where we are the Data Controller.
  • Right to object
    • When the legal basis for our processing of your Personal Information is processedpublic forinterest theor legitimate interests pursued by us or for the public interest,us, you may object to such processing by providing a ground related to your particular situation to justify the objection.processing. This mightmay include situations where you believe our processing of Personal Information provided by VATSIM centrally is unlawful.
    • YouTo object to our processing of any such Personal Information, please contact our DPO providing a ground related to your particular situation to justify the objection.
  • Right to restrict
    • In the following circumstances, you have the right to restrict the processing of your Personal Information in the following circumstances:Information:
      • The accuracy of your Personal Information is contested by you and we must verify its accuracy;
      • The processing is unlawful, but you oppose the erasure of your Personal Information and request the restriction of its use instead;
      • We no longer need your Personal Information for the purposes of processing, but you require it to establish, exercise or defend your legal claims;
      • You have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds.
    • Please note that a right to rectification or a right to object request does not trigger us to automatically restrict processing of your Personal Information without a specific right to restrict request, which can be forwarded to our DPO.
  • Right to erasure
    • You have the right to obtain erasure ofhave your Personal Information fromdeleted by us in the following circumstances:
      • The Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
      • You withdraw consent to consent-based processing;
      • You object to the processing under certain rules of applicable data protection law;
      • The personal data have been unlawfully processed
    • There are certain exclusions of the right to erasure, which include:
      • The processing of Personal Information is required for exercising the right of freedom of expression and information;
      • To comply with legal obligations;
      • For the establishment, to exercise, or defencedefense of legal claims
    • Please note that a right to withdraw consent or a right to object request does not automatically trigger the erasure of your Personal Information unless the data is processed solely on the basis of consent or the objection is valid under GDPR. If you wish to request erasure, please forward a specific right to erasure request to our DPO
  • Right to raise a complaint
    • You have the right to raise a complaint with a competent data protection authority about our processing of your Personal Information if you are not satisfied with the outcome of any complaints directly with us. ForYou more information, pleasecan contact any competent authority within the EU/EEA. To see contact details of your local datacompetent protectionauthority, authorityplease invisit theList EEA.of Personal Data Protection Competent.

To exercise your rights as stated above, please contact our Data Protection Officer at dpo@vatsim-scandinavia.org or as otherwise specified in the Policy. Please note that we may ask you to verify your identity before responding to such requests.

Please note: VATSIM Scandinavia cannot erase data pertaining to any training you have applied for or undergone unless you have also directed a Right of Erasure request toward VATSIM. This is due to contractual obligations toward VATSIM and to protect our own legitimate interests.

3. Use of Data

We act as a data controller and data processor in terms of the GDPR when handling Personal Information, unless the data provided comes from VATSIM centrally, in which case VATSIM acts as the data controller. In such instances, VATSIM acts as a data controller as they determine the purposes and means of the processing of Personal Information.

We act in the capacity of a data processor in situations when you submit Personal Information through the Website and Services. We do not own, control or make decisions about the submitted Personal Information, and such Personal Information is processed only in accordance with your instructions.

3.1. Purposes of Processing

In order to make the Website and Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information we request, the requested services may be unavailable to you. The information we collect from you may be used for the following purposes:

  • Create and manage user accounts,
  • Provide ATCour trainingServices to you,
  • Send updates about our Services,
  • Improve user experience,
  • Send administrative information,
  • Respond to inquiries,
  • Enforce vACCSCA or VATSIM policies,
  • Protect from abuse and malicious users,
  • Respond to legal requests and prevent harm,
  • Run and operate the Website and Services.

We rely on the following legal bases as defined in the GDPR upon which we collect and process your Personal Information:

  • Your consent,
  • Performance of a contract or for any pre-contractual obligations thereof,
  • Our own legitimate interests

If you have any questions or concerns related to our bases for the processing of Personal Information, please reach out to our Data Protection Officer at dpo@vatsim-scandinavia.org.

3.2. Disclosure of Information

Depending on the requested Services or as necessary to provide any Service you have requested, we may share your information with any affiliated entities of VATSIM or VATSIM itself,VATSIM, as well as any partners and service providers (collectively, "Affiliates") we rely upon to assist in the operation of the Website and Services available to you and whose privacy policies are consistent with ours. We will not share any personally identifiable information with unaffiliated third parties without your expressed consent.

Affiliates are not authorised to use or disclose the Personal Information we control except as necessary to perform services on our behalf or comply with legal requirements. Affiliates are given the information they need only in order to perform their designated functions. We will share and disclose your information only with the following Affiliates:Affiliates, unless we obtain prior informed consent by you:

  • Google Workspace
  • VATSIM and otherOther entities of VATSIM
  • Contabo (our server host provider)
  • Partnered Virtual Airlines, where applicable (such as through event management)Sentry
  • PartneredGrafana
  • Software
  • Backblaze
  • Developers, where applicable (such as with giveaways)
  • Cloudflare

We may also disclose any Personal Information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate abuse, or respond to a government request.

In the event we go through an organizational transition, such as a merger or acquisition by another organization, your Personal Information will likely be among the assets transferred.

3.3. Data Retention

We will retain and use your Personal Information for as long as necessary to comply with our legal obligations, until our and our affiliates' obligations are fulfilled, to enforce our agreements, resolve disputes, and unless a longer retention period is required or permitted by law. Once the retention period expires, Personal Information shall be deleted. Therefore, your rights as described by this Policy, cannot be enforced after the expiration of the retention period.

3.4. International Transfers

All first-party data will be processed in the EU.

EU/EEA,

4.unless Cookiesa anddata otherprotection features

adequacy

Ourcertification Website and Services use cookies and pixels to help personalize your online experience. We may use cookies to collect, store, and track information for security and personalization, to operate the Website and Services, and for statistical purposes. Please note that, as we only use so-called "strictly necessary" cookies, you do not have the ability to decline cookies,exists, pursuant to the GDPR.

These are the following types of cookies we use:

4.1. Necessary Cookies

Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our Website and using its features.

4.2. Do Not Track Signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. How browsers communicate the Do Not Track signal is not yet uniform, and as a result, the Website and Services do not interpret nor respond to such signals.

4.3. Social Media Features

Our Website and Services may include social media features such as "Share This" buttons. These social media features may collect your IP address and what page you are visiting on our Website and Services. These social media features are hosted by their respective providers. Your interactions with these social media features are governed by the privacy policy of their respective providers.

4.4. Push Notifications

We offer push notifications to which you may voluntarily subscribe at any time. To make sure push notifications reach the correct devices, we rely on a device token unique to your device which is issued by the operating system of your device. These device tokens do not reveal your identity or your contact information to us. If, at any time, you wish to stop receiving push notifications, simply adjust your device settings accordingly.

The Website and Services contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources. We encourage you to be aware when you leave the Website and Services and to read the privacy statements of each and every resource that may collect Personal Information.

5. Security

5.1. Information Security

We secure information you provide on servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. We maintain reasonable administrative, technical and physical safeguards in an effort to protect against unauthorised access, use, modification, and disclosure of Personal Information in our control and custody.

While we strive to protect your Personal Information, you acknowledge that:

  1. There are security and privacy limitations of the Internet which are beyond our control;
  2. The confidentiality, integrity and availability of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and
  3. Any such information and data may be viewed and tampered with in transit by a third party, despite our best efforts

As the security of Personal Information depends in part on the security of the device you use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect your own information.

5.2. Data Breach

In the event that we become aware of a breach of the Personal Information we process, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe there is a risk of harm to the User or if notice is otherwise required by law.

6. Government of this Policy

6.1. Changes and Amendments

We reserve the right to modify this Policy at any time at our discretion. When we do, we will revise the updated date in the policy document. If there are any materially different changes to how we process Personal Information or for which purpose, such that your rights may become affected, or when required by law, we will ask you to provide continued consent for the processing of your Personal Information. This will be asked by you the next time you login to our Website and Services. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Policy will constitute your consent to those changes unless as specified in the last paragraph.

6.2. Acceptance of this Policy

By accepting this Policy, you acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services and submitting your information, you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorised to access or use the Website and Services.

6.3. Contacting Us

If you have any questions, comments or concerns regarding the information we may hold about you or if you wish to exercise your rights, you may contact our Data Protection Officer to submit your request:

dpo@vatsim-scandinavia.org

We will attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible, and in any event, within the timescales provided by applicable data protection laws.