VATSIM.net CERT DATABASE

[Stephen Donnelly]

Not really, a discussion in a moderators' section wouldn't be the same as a file held in a certain person's name.

 

 

Well, actually Stephen it would be identical if a moderator was to open a topic in a hidden forum saying "I just deleted flyingfrantic's topic about selling his FS screenshot posters. Against the rules". Just because it's called a "staff forum" there and a "cert file/cert record" here doesn't make it much different.

 

I think we'll have to agree to disagree Ivan

[Daniel Doorgakant]

Edit: Read the topic wrong

[Steve Good 878593]

The question that I have is: Does the DPA apply to the country where the data is stored in or where the user resides?

[Anthony Lawrence]

The question that I have is: Does the DPA apply to the country where the data is stored in or where the user resides?

 

Where the data is stored. So the main "CERT database" would have to obide by the USA DPA, however the information in the VATSIM-UK database for their users, would be under the UK DPA.

 

The DPA states that data shouldn't be transfered to a country where there is no protection.

 

Regards,

A...

[George Marinakis]

I don't wish to get into a long-winded legal debate on this matter. I will, however, reiterate VATSIM's opinion regarding this particular British law.

 

I have not read the entire act but I don't believe that is necessary (I simply don't have the time to analyze the entire thing, particularly when most of it is not applicable to VATSIM and, in my opinion, was not intended to apply to activities such as those conducted on VATSIM and the particular information which is gathered in Cert). The short answer is that this act is not applicable to VATSIM for the reasons stated below.

 

5. Application of Act

 

(1) Except as otherwise provided by or under section 54, this Act applies to a data controller in respect of any data only if—

 

(a) the data controller is established in the United Kingdom and the data are processed in the context of that establishment, or

 

(b) the data controller is established neither in the United Kingdom nor in any other EEA State but uses equipment in the United Kingdom for processing the data otherwise than for the purposes of transit through the United Kingdom.

 

(2) A data controller falling within subsection (1)(b) must nominate for the purposes of this Act a representative established in the United Kingdom.

 

(3) For the purposes of subsections (1) and (2), each of the following is to be treated as established in the United Kingdom—

 

(a) an individual who is ordinarily resident in the United Kingdom,

 

(b) a body incorporated under the law of, or of any part of, the United Kingdom,

 

© a partnership or other unincorporated [Mod - Happy Thoughts]ociation formed under the law of any part of the United Kingdom, and

 

(d) any person who does not fall within paragraph (a), (b) or © but maintains in the United Kingdom—

 

(i) an office, branch or agency through which he carries on any activity, or

 

(ii) a regular practice;

 

and the reference to establishment in any other EEA State has a corresponding meaning.

 

[Emphasis added.]

 

The act is ONLY applicable if the "data controller" (which VATSIM would be considered) is either established in the UK or uses equipment in the UK OTHER THAN for transit through the UK. The last part of the quote from the act (subsection 3) defines what is considered as "established" in the UK.

 

VATSIM is not established in the UK as defined by the act as it meets none of the enumerated definitions and merely transits the information that goes into Cert to equipment which is sited in the United States. As such, the conditions for applicability of the act (as quoted above) are not met and VATSIM is not subject to it.

 

Contrary to popular belief (at least in this thread), there isn't some type of vast, mystical, or nefarious campaign to gather information about you going on in Cert. It is strictly used as your membership record (from information you provide at signup) and for recordkeeping of any rules violations (of which you are notified either through an online message or official email from VATSIM on or about the time of such entry). Staff typically do not editorialize in the records, engage in extended commentary nor access CERT outside the scope of their duties as these would be violations of established rules and will result in revocation of any access privileges (and, most likely, their staff position). We don't offer individual access to Cert nor consider any information requests as this is a volunteer organization and we don't expect staff to go to the time and effort to process such requests. Moreover, CERT is comprised either of information you provide (and therefore know about) or of disciplinary proceedings which our own rules (set out in the Code of Regulations) require us to notify you about. Therefore, if it is in Cert, you either know about it or should know about it.

 

Finally, I should note that Cert identifies you only in relation to your VATSIM account and online identity. Nothing in Cert could identify you outside of VATSIM as we do not collect nor retain in any manner items such as street addresses, phone numbers, credit card numbers, etc. Nothing that is in Cert is shared with other individuals outside of VATSIM per our privacy guidelines.

 

I hope this clears up any lingering questions regarding this issue.

[Bernardo De Carvalho 97126]

Ahhhh the long awaited response for the person who opened this topic!!!! I'm just popping a bear at the moment and crossing my legs...

 

Thank you very much George Marinakis! You were right on that response.

 

I believe that if the CERT was defined under the VATSIM.net Code of Regulations many of these questions would be resolved even before they've started...if the CERT is actually defined my apologies since I've missed it...

 

The only thing I want to point out is even if I'm not able to identify a paragraph or an article covering the CERT DATABASE...everything you said is in the CoR as part of our membership certificate.

 

As I understood and hope to be correct the CERT DATABASE contains:

 

VATSIM.net USERS CERTIFICATE DATA;

 

VATSIM.net USERS CURRENT RATING; and

 

VATSIM.net USERS HISTORICAL RECORDS

 

In generic terms only a limited number of users have access to the CERT DATABASE, pointing out SUPs and ADMs, therefore, helping to guarantee the accuracy of the DATA inserted into the CERT.

 

Even if the DATA is not accurate thats why VATSIM.net USERS have the right to an appeal under the provisions of ARTICLE VI of the CoR.

 

In the end our community is a correct one and as stated in the basis where this network was built:

 

A. GENERAL RULES OF CONDUCT

1. Members should, at all times, be courteous and respectful to one another.

 

I believe this single line reiterates VATSIM.net.

 

Regards,

[Ralph Wright 912810]

I have a question, if someone has a discipline record, name change, suspension, or a bad record on vatsim can staff from a virtual airline email vatsim and ask why a certain vatsim ID, and name that is in their virtual airline was suspended from vatsim? Or is it none of their business?

[Kyle Ramsey 810181]

Only thing publicly available from the db is the status of a CID and the name attached to it.

[David Kirchner]

Hello,

 

sorry for bringing this thread up again, but I think my question relates exactly to this topic: With "General Data Protection Regulation", which includes the right to access any personal data saved by any institution (including non profit organisations), all EU citizens have the right to see what is in their CERT file, correct?

 

The regulations become effective on 25 May. I already saw some announcement, but there were not any specifics in it (just that the regulations will be applied to all VATSIM members). The policies of any organisation must comply with this - otherwise the policies would be inoperative .

[Mark Richards]

This matter is being addressed with the updated policies.

[Callum McLoughlin]

I don’t speak for VATSIM, but... Whilst I understand the intrigue, the reality is that there is nothing interesting in there. It’s hardly a FBI/MI5 repository The secrecy is totally down to reasonable efforts to keep people’s personal information (I.e email address and so on) private which is clearly specified in the User Agreement. It is easy for people, especially staff, to become unreasonably careful (eg by not commenting on it what so ever) due to the fact VATSIM guards this information so so carefully. Minor breaches or indiscretion will lead to peoples days of volunteering drawing very quickly to an end... the emphasis of guarding people’s data is very evident when volunteering in a capacity that requires access to it and I feel totally comfortable with the information VATSIM holds about me - as do all those who require access to this information. I think that speaks volumes