Policies

Data Protection

DALVirtual data protection standards explain how staff and systems should handle member and applicant information.

Access control

Member information should only be accessed by authorized staff who need it for application review, operations, support, moderation, or system administration.

• Staff must not share private applicant or member information outside authorized DALVirtual channels.
• Access should be removed when a staff member leaves a department or no longer needs the information.
• Internal notes, reports, and staff discussions should remain confidential.

Storage and security

DALVirtual should use reasonable technical and organizational measures to protect data. This may include limited staff access, secure passwords, two-factor authentication where available, and careful handling of exported files.

Data accuracy

Members should keep contact and profile information accurate. Staff may correct obvious errors or ask members to update information needed for airline operations.

Data removal

Members may request removal of personal information. DALVirtual may keep limited records when needed for security, moderation history, abuse prevention, legal obligations, or legitimate operational records.

Incident response

If DALVirtual becomes aware of unauthorized access, staff should review the issue, limit further exposure, preserve relevant details, and notify affected members when appropriate.