GDPR Privacy Policy

1. Introduction

This Privacy Policy explains how vTAC ("we," "us," or "our") collects, uses, discloses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy applies to all members, prospective members, and users of our services, including our website, forums, and related activities.

We are committed to protecting your privacy and ensuring that your personal data is handled transparently and securely. If you are under 16 years old, you must obtain verifiable parental or guardian consent before providing any personal data to us. We do not knowingly collect data from children under 13 without such consent.

This policy was last updated on January 13, 2026. We may update it from time to time and will notify you of significant changes via email or through our website.

2. Data Controller

The data controller responsible for your personal data is:

vTAC

Email: aero.msfs@gmail.com

For GDPR purposes, if we process data of EU residents, we appoint an EU representative as required under Article 27. Contact us for details if applicable.

3. Personal Data We Collect

We collect the following types of personal data:

  • Identification Information: First name, last name, date of birth, VATSIM ID (or similar simulation network ID), and username.
  • Contact Information: Email address, country, city, and IP address.
  • Account Information: Password (hashed), Discord ID (if applicable), and any other data provided during registration or profile updates.
  • Usage Data: Log data, such as access times, pages viewed, and interactions with our services (e.g., flight hours, certifications).
  • Other Data: Information submitted via forms, PIREPs (Pilot Reports), or third-party applications integrated with our services.

We may also collect non-personal data, such as browser type and device information, through cookies (see Section 9 for details). You can visit our site anonymously without providing personal data, but full membership requires registration.

4. How We Collect Your Data

  • Directly from You: During registration, form submissions, event participation, or communications.
  • Automatically: Via cookies, logs, and tracking technologies when you interact with our website or services.
  • From Third Parties: Such as simulation networks (e.g., VATSIM) or integrated tools, with your consent.

5. Purposes of Processing and Legal Basis

We process your personal data for the following purposes:

  • To manage your membership, including certifications, advancements, access to resources (e.g., aircraft, scenery), and awards.
  • To track and verify flight hours, progress, and active status.
  • To personalize your experience and improve our services.
  • To communicate with you, including sending newsletters, announcements, or responses to inquiries.
  • To administer events, contests, or simulations (e.g., on VATSIM).
  • To ensure security, prevent fraud, and comply with legal obligations.

Our legal bases for processing under GDPR include:

  • Consent (Article 6(1)(a)): We obtain explicit consent from each member for the collection, use, and processing of their personal data pursuant to this Privacy Policy. During registration, you must affirmatively check a consent box acknowledging that you have read and agree to this policy. Consent is granular, freely given, and can be withdrawn at any time without affecting the lawfulness of prior processing (see Section 8 for withdrawal instructions). This is our primary basis for membership-related processing.
  • Performance of a Contract (Article 6(1)(b)): To provide the services you request as a member.
  • Legitimate Interests (Article 6(1)(f)): For internal analytics, service improvements, and security, where these interests do not override your rights.
  • Legal Obligations (Article 6(1)(c)): To comply with laws or respond to authorities.

We do not process sensitive data (e.g., racial origin, health) unless explicitly consented to for a specific purpose.

6. Sharing Your Data

We do not sell, trade, or rent your personal data to third parties. We may share it in limited circumstances:

  • With trusted service providers (e.g., hosting providers, simulation networks) who assist us and are bound by confidentiality agreements.
  • For legal reasons, such as complying with court orders, enforcing our policies, or protecting rights, property, or safety.
  • In the event of a merger, acquisition, or asset sale, where your data may be transferred (we will notify you in advance).

If data is transferred outside the EEA, we ensure adequate safeguards, such as Standard Contractual Clauses or adequacy decisions.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined above or as required by law. For active members, data is kept for the duration of your membership. Upon termination or consent withdrawal, we delete your data within 30 days, except for minimal records needed for fraud prevention or legal compliance (e.g., terminated member logs). Inactive accounts may be deleted after 12 months of inactivity.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, which will terminate your membership.
  • Right to Restriction: Limit processing in certain cases.
  • Right to Data Portability: Receive your data in a structured format.
  • Right to Object: Oppose processing based on legitimate interests.
  • Right to Withdraw Consent: At any time, by contacting us (this may end your membership).
  • Right to Complain: Lodge a complaint with your local data protection authority (e.g., in the EU member state of your residence).

To exercise these rights, contact us at aero.msfs@gmail.com. We will respond within one month. There is no fee for most requests, but we may charge for excessive or unfounded ones.

9. Cookies and Tracking Technologies

We use cookies to enhance your experience, such as maintaining login sessions and remembering preferences. Essential cookies are required for functionality; others (e.g., analytics) require your consent via our cookie banner. You can manage cookies through your browser settings. For more details, see our Cookie Policy (if applicable).

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and regular audits. However, no online transmission is 100% secure, so we cannot guarantee absolute security.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email, our website, or Discord/forums at least 30 days in advance where possible.

12. Contact Us

For questions, requests, or concerns about this Privacy Policy or your data, please contact:

Data Protection Officer: aero.msfs@gmail.com

Email: aero.msfs@gmail.com

By registering and providing your consent, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not consent, please do not provide your data or use our services.