VMARSmanuals

Privacy Policy for the VMARS Archive Members Only Area

 

Data Controller

This webserver is operated by Iain Moffat G0OZS who is the data controller for the purpose of the relevant law. Please see the DPA page for details of the web host's registration under the UK Data Protection Act. Please note that this will soon be updated due to legislative changes in the UK effective in April 2018. The Data Controller can be contacted at


Please use the above contact details if you wish to discuss your data with the data controller.

Data Subject Rights

You have rights under British and European Data Protection Law to:
  • Obtain a copy of the data a data controller holds on you
  • Have any errors corrected
  • To have your personal data erased
  • To have processing suspended while the data is in dispute
  • To have the controller inform any third party who received the data of an erasure request
  • To receive your data in a portable machine-readable format
  • To lodge a complaint with a supervisory authority (the Information Commissioner's Office in the UK)


The data controller believes that the processing of file requests by the VMARS Members Only Archive site does not require identification and for the purposes of article 11(2) of the GDPR the data controller cannot identify a visitor to the web site solely from the information that is logged. You will not be able to exercise all of your rights under the GDPR unless you provide further information in order to identify your data.

Why we collect and use your data

For the purposes of article 6 of the EU GDPR the collection and processing of this data is necessary for the purposes of the legitimate interests pursued by the controller (to investigate technical or security problems or to report computer misuse) and by a third party, the Vintage and Military Amateur Radio Society ("VMARS") for the purpose of delivering files to members only.

Both visitors and VMARS officers are data subjects of this web site.

Cookies

No part of the VMARS Archive Members Only Area sub-site of moffatig.plus.com needs cookies to function and no cookies are used.

Data Collected

Data is collected in log files as part of the normal operation of the web server and operating system. This data is the minimum necessary for normal operation. Additionally the secure file distribution application maintains an audit log of all requests.

Web Server Logs

Visits to the public web site are logged in the webserver log file. The following data are logged:
  1. Time of visit
  2. IP address of Visitor
  3. Web Server Login name (for administrative users only)
  4. Page Requested
  5. Success or error code for the page
  6. The Browser and Operating System identification sent by the Visitor's web browser


In the case of an error the technical details of the error which may include user submitted form data and the program statement or page that failed will be recorded in an error log along with the page and visitor details. Web server logs are retained for a maximum of 30 days.

Only the server administrator has access to these logs.

Application Log Files

If you submit a form from the VMARS secure file distribution application the following information is logged:
  1. The Operation performed (e.g. DOWNLOAD)
  2. Date and Time
  3. Request Number
  4. IP Address of requester
  5. Document ID number
  6. Secret Key
  7. File Path
  8. File Name


This log contains no data that can be used in isolation to identify end users and as per GDPR article 11(2) the data controller advises site visitors that articles 15 through 20 (rights of access, rectification, erasure, restriction of processing, notification and portability) can only be exercised if a data subject provides additional information enabling his or her identification.

The Server administrator and the VMARS archivist have access to this log.

Operating System Logs

Secure File Transfer connections used by the VMARS Archivist to upload new content to the web server. SFTP connections are logged by the operating system. The following information is logged:
  1. Time when a session is started
  2. Username
  3. IP address
  4. Time when a session is closed
These files are retained for one year.

Data Sharing and Transfers

The Data Controller makes the application audit log available to the VMARS archivist as a password protected download link.

The site is backed up (in the form of GPG encrypted files) to rsync.ch in Switzerland which to the best of the data controller's knowledge and belief are unreadable by the storage provider but to comply with the GDPR (which sets contractual requirements which can not be met by that solution) a UK based alternative will be implemented before GDPR is effective on 25th April 2018.


[ Back to Members Only Area ]       [ VMARS Home ]

 

 

 

Enquiries and comments relating to content and keys: archivist[at]vmars/dot/org/dot/uk

Enquiries and comments relating to data protection: iain[at]moffatig/dot/plus/dot/com