Effective date: 16 July 2026
This policy explains what personal data the Virtual UAE Armed Forces (“vUAEAF”, “we”, “us”) collects, why, and the rights you have under the EU/UK General Data Protection Regulation (GDPR). We are the data controller for this site. Contact: info@virtual-uaeaf.com.
1. What we collect and why
- Application data — your full name, VATSIM ID (CID), email address, your age (to verify you meet our 18+ requirement), your answers to the application questions, and the date/time you accepted this policy and the Terms of Service. We need this to assess your application, verify your email and eligibility, and contact you with the outcome. Legal basis: your consent (Art. 6(1)(a)).
- Account data — if accepted: your service ID, role, a securely hashed password (we never store the password itself), and your ratings. Needed to operate your membership. Legal basis: performance of our membership arrangement with you (Art. 6(1)(b)).
- Activity data — PIREPs you file (callsign, route, times, aircraft, mission type, optional notes and Volanta link), training requests (including your stated availability), training reports written about your sessions, and records of which NOTAMs you have read. This is the core function of the site. Legal basis: performance of the membership arrangement (Art. 6(1)(b)).
- Technical data — one essential session cookie (
vuaeaf_session, expires after 30 days) so you can stay signed in, and standard server/proxy logs (IP address, requested pages) kept by our hosting and CDN providers for security. We use no analytics, advertising or tracking cookies. Legal basis: legitimate interest in running a secure service (Art. 6(1)(f)).
2. What is public
The roster is publicly visible to anyone on the internet and shows your service ID, VATSIM ID (CID), role, ratings (including ratings in training) and PIREP count. Your full name is never shown publicly — it, along with your email, PIREP details and training file, is visible only to signed-in members, staff and instructors as appropriate. Note that your VATSIM CID is in any case visible to other users of the VATSIM network whenever you fly, and can be looked up through VATSIM's own public services.
3. Who receives your data
- Staff and instructors see application details, member profiles and training records so they can run the group.
- Hosting — the site and its database run on our hosting provider's servers in the EU (e.g. Hetzner, Germany).
- Cloudflare — proxies site traffic and keeps short-term security logs.
- Resend — sends our transactional emails (verification, account setup, account changes). Your email address and message content pass through their systems.
- We never sell your data and we send no marketing emails — only the transactional messages needed to run your membership.
4. How long we keep it
- Rejected or abandoned applications: deleted no later than 6 months after the decision.
- Member data: kept while your account exists.
- Deactivated accounts: retained so they can be reactivated, unless you ask us to delete them.
- Deleted accounts: deleting your account from Settings permanently removes your profile, PIREPs, ratings, training records and NOTAM read receipts. Backups expire on a rolling basis shortly after.
- Email change/password change/deletion confirmations expire after 1 hour and are then removed.
5. Your rights
Under the GDPR you can, at any time:
- Access the data we hold about you (most of it is visible on your profile, PIREPs and training file).
- Correct it — change your email or password in Settings, or ask staff to fix your name, VATSIM ID or other details.
- Delete it — use the self-service account deletion in Settings (confirmed by email), or ask us.
- Withdraw consent for a pending application — email us and we will delete the application.
- Object to or ask us to restrict processing, and request a copy of your data in a portable format.
- Complain to your local data protection supervisory authority if you believe we handle your data unlawfully.
6. Age requirement (18+)
Membership is restricted to adults aged 18 or over, and we collect your age with your application to verify this. We do not knowingly collect or keep data from anyone under 18 — if we learn that an applicant or member is under 18, we delete their application or account. Contact us at info@virtual-uaeaf.com if you believe this has happened.
7. Changes to this policy
If we change what we collect or why, we will update this policy and announce material changes on the site before they take effect.