Introduction
The Virtual Hong Kong Government Flying Service[WE in this page] , operating within the VATSIM Network, is committed to protecting the privacy and personal data of our members, pilots, controllers, and visitors in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you interact with our website, services, or participate in our virtual aviation operations.
As a VSOA in the VATSIM Network, we process data necessary for safe and efficient simulated flight operations, member management, and community engagement. By using our website or services, you consent to the practices described herein. If you do not agree, please do not use our services.
Data Controller
Data Controller: Virtual Hong Kong Government Flying Service (VHKGFS)
Personal Data We Collect
We collect the following categories of personal data:
| Category | Example | Purpose |
|---|---|---|
| Identity Data | Name, VATSIM CID (Pilot/Controller ID), callsign, email address | Member registration, account management, communication |
| Contact Data | Email, Discord username | Notifications, event scheduling, support |
| Technical Data | IP address, VATSIM tracking data | Website functionality, security, performance analytics |
How We Collect Your Data
- Directly from you: Registration forms, profile updates, flight bookings.
- Automatically: Cookies, server logs, Discord/Simbrief API integrations.
- From third parties: VATSIM Network (e.g., certification data), analytics tools.
Legal Basis For Processing
We process your data based on:
- Consent (Art. 6(1)(a)): For non-essential cookies, marketing.
- Contract (Art. 6(1)(b)): For VATSIM operations and membership services.
- Legitimate Interests (Art. 6(1)(f)): Site security, analytics (balanced against your rights).
- Legal Obligation (Art. 6(1)(c)): VATSIM compliance.
You can withdraw consent at any time via your account settings
How We Use Your Data
- Provide and improve virtual flying services (e.g., flight scheduling, ATC coordination).
- Communicate updates, events, and safety briefings.
- Ensure compliance with VATSIM Code of Conduct.
- Analyze usage for service enhancements.
- Prevent fraud and abuse
Sharing Your Data
We share data only as necessary:
- VATSIM Network: For certification, tracking, and network operations.
- Service Providers: Hosting (e.g., VATSIM servers), analytics (e.g., Google Analytics โ anonymized), email tools (compliant with GDPR).
- Legal Authorities: If required by law.
No data is sold to third parties. All recipients are GDPR-compliant via Data Processing Agreements (DPAs).
International Transfers
As a global virtual network, data may be transferred outside the EEA (e.g., to VATSIM servers in the US). We use:
- EU-US Data Privacy Framework.
- Standard Contractual Clauses (SCCs).
- Adequacy decisions where applicable.
Data Retention
- Active Members: Indefinitely while the account is active.
- Inactive Accounts: 24 months post-last activity, then anonymized/deleted.
- Logs: 12 months for security.
Requests for deletion honored unless legally required.
Your GDPR Rights
You have the following rights:
- Access (Art. 15): Request a copy of your data.
- Rectification (Art. 16): Correct inaccurate data.
- Erasure (“Right to be Forgotten”) (Art. 17): Delete your data (subject to legal holds).
- Restriction (Art. 18): Limit processing.
- Portability (Art. 20): Receive data in structured format.
- Object (Art. 21): To process based on legitimate interests.
- Withdraw Consent (Art. 7): At any time.
Security Measures
- Encryption (HTTPS, data at rest).
- Access controls (role-based).
- Regular audits and backups.
- Breach notification within 72 hours (Art. 33/34).
Changes to This Policy
VHKGFS may update this policy. Changes posted here with notice via email/banner. Continued use constitutes acceptance
Version 1.0
28/11/2025 13:34 by VHKGFS