Effective 1st September 2019
QVirtual ("us", "we", or "our") operates the https://www.qvirtual.com.au website (hereinafter referred to as the "Service").
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. Please take the time to read over our Privacy Statement Carefully and if you have any questions then please get in touch. Details are at the end of this Privacy Statement.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Statement.
Service – Service is the https://www.qvirtual.com.au website operated by QVirtual
Personal Data – Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data – Usage Data is data collected automatically either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies – Cookies are small files stored on your device (computer or mobile device).
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected include the following:
Personal Data – While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally Identifiable information may include, but is not limited to: Email address, Name, Date of Birth and therefore your age determined from that date of birth, Your Network ID (VATSIM), Your country and city of residence, Cookies and Usage Data
Usage Data – We may also collect information how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies.We use Session Cookies to operate our Service.
- Preference Cookies.We use Preference Cookies to remember your preferences and various settings.
- Security Cookies.We use Security Cookies for security purposes.
The personal data we collect is used to identify people making applications to join QVirtual. These applications are processed to determine if they fulfil the membership requirements laid down in the QVirtual Pilot Handbook which is available on our website. The same data from successful applicants is used to create and administer personal pilot accounts with QVirtual.
This account allows a member to log virtual flights with us building up a log book with routes, aircraft flown and flight hours to allow promotion through the ranks within our VA. The name that you provide to us is also used to set up a private, members only forum account to allow members access to the members forum.
The same details are also used to set up a training account to allow members to receive structured training programs to help them to develop their flight simulation skills.
Personal email addresses are used to communicate with members regarding applications, flights or membership issues that may arise from time to time during their membership: examples of this include opt-in PIREPs (fight reports) for each flight flown, or contacting members of staff with membership issues such as problems maintaining an active account, or to get in touch directly with a staff member for advice or training.
Personal details are also used to fulfil our legal obligations in terms of preventing fraudulent activity.
We DO NOT mass-email members. Any membership wide announcements are made via the pilot’s on-line Crew Centre, the forum or via discord announcements.
We DO NOT share any of your personal information with third parties unless required to do so in law.
Your information, including Personal Data, may be transferred to - and maintained on - servers located outside of your state, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside Australia and choose to provide information to us, please note that we transfer the data, including Personal Data, to Australia and process it there.
Your consent to this Privacy Statement followed by your submission of such information represents your agreement to that transfer.
QVirtual will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.
Data Security, Storage and Processing
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Personal data is stored on our secure server. Access to the data is by encrypted passwords held by a limited number of QVirtual staff who hold appropriate positions that require the viewing and processing of personal data. This primarily includes Human Resources and Pilot Services who manage the applications process and manage member accounts but can include the Executive Leadership or Technology Team who may help assist in managing member’s issues from time to time or as they arise.
All data is periodically backed up to a secure storage facility to prevent against loss. This is off-site to our main server to safeguard against data loss from disaster and to ensure the continuity of our service in the event of hardware failure.
All managers who can access member’s personal data use encrypted passwords. These passwords are changed frequently to maintain security in the event a manager leaves their role. All individuals who come into management at QVirtual are trained in data processing and security and require a competency checklist to be completed prior to access being given.
All personal data that is collected from our website will be done via a secure layer implemented on our website. Our server is located within Australia, specifically in New South Wales. The data is processed by our staff who majority of whom are based in Australia.
Our lawful basis for processing and retaining personal data lies within “Legitimate Interests”.
Legitimate interests (Article 6(1)(f)) : data processing is necessary for the purposes of the legitimate interests pursued by us for the purposes of safeguarding us from fraudulent applications including under-age applications, applications from people using false details, and ex-members who have received a ban from re-joining now and in the future. This is only achievable by data comparisons between current and historical applications and accounts.
The exception to this is where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. We do not allow members under the age of 16 years.
When a person applies to join QVirtual they agree to the retention of personal data for the above reasons, by way of the fact they freely applied to join QVirtual, and by way of agreeing to this legal basis for processing personal data via an opt-in check box.
We only use your personal data how you would reasonably expect it to be used when joining a Virtual Airline. This is to fundamentally allow you to log flights and build a logbook, as well as safeguarding the VA against fraudulent activity as stated above.
Not agreeing to this lawful basis of personal data processing will result in the termination of the application process so as to preserve the individual’s interests, rights and freedoms. If a member is considered active and then changes their mind about their stance on this statement, their membership will be revoked.
All personal data is kept until we no longer require it. This is to allow us to maintain our lawful basis of Legitimate Interests towards the safeguarding of QVirtual as outlined above. The “right to be forgotten” will be applicable once our lawful basis of legitimate interests for processing and storing personal data ceases. This would be in the case of QVirtual closing and ceasing to operate.
Your rights under GDPR:
- You can request to see the personal information we hold about you at any time – a subject access request (SAR). This will be provided to you via email within the maximum time period of one month as determined by GDPR. We cannot and do not charge a fee for doing this.
- You can request that we make any alterations or corrections to your data as required. We may request to see evidence to prove that the change is a legitimate change, for example, a change to your name.
- Deletion of data or the “right to be forgotten” will be applicable in the event of QVirtual
ceasing to operate at any point in the future. Our lawful basis of legitimate interests for processing personal data is outlined earlier in this Privacy Statement.
- The right to Data portability is not relevant to members as we do not operate any cross platform services requiring the porting of data.
- The restriction of processing is applicable if you feel that there is some inaccuracy in the personal data we hold for you and we are verifying the data, usually by you providing to us a form of ID. This ID will be securely destroyed once we have verified the relevant details. Once the details have been verified, the restriction will be automatically lifted.
- Your right to object to direct marketing: We do not email members with respect to any marketing or mass-emailing. All email communication is on a one to one basis with respect to applications, membership issues or opt-in PIREPs.
To exercise your rights under GDPR, please email [email protected] with your request so we can assist you. We will respond to your requests within the time periods laid down by GDPR.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 13 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.
We will never share your personal data with third parties except where required by law.
Changes to This Privacy Statement
We may update our Privacy Statement from time to time. We will notify you of any changes by posting the new Privacy Statement on this page.
You are advised to review this Privacy Statement periodically for any changes. Changes to this Privacy Statement are effective when they are posted on this page.
If you have any questions about this Privacy Statement, please contact us by email [email protected]