1.1. Confidential information refers to any data or proprietary information from IVAO, a Third Party or a user that is not generally known, or has not yet been revealed, to the general public. Whether in tangible or intangible form, whenever and however disclosed, including, but not limited to:
- Any concepts, samples, reports, data, know-how, works-in-progress, designs, drawings, photographs, development tools, specifications, software programs, source code, object code, flow charts, and databases;
- Any marketing strategies, plans, financial information, or projections, operations, sales estimates, business plans, and performance results relating to IVAO’s past, present, or future activities;
- Any other information reasonably recognized as Confidential Information, such as user-related data (e.g., email addresses, dates of birth, suspensions), instructions, training sessions, checkouts or examinations, and related documentation.
All such information should be treated as confidential unless explicitly intended for user support purposes, such as manuals for software accessible to users.
1.2. Protecting confidential information is vital to ensuring the security and smooth operation of IVAO's activities.
1.3. This policy establishes guidelines for the identification, handling, and protection of IVAO's and its members' confidential information.
2.1. Information disclosed by IVAO, Third Parties or Staff Members must solely be used for the purpose of fulfilling the duties with regard to their assigned staff position(s).
2.2. Any disclosure of confidential information must be done in accordance with applicable laws and regulations. Staff Members should exercise caution and ensure proper authorization before sharing any confidential information.
2.3. Staff Members must immediately report any breach or suspected breach of the security of confidential information to the designated contact at IVAO.
2.4. Staff Members should exercise discretion and caution when discussing confidential information in meetings, emails, or other communications, ensuring that only authorized individuals are privy to such discussions.
2.5. Any requests for access to confidential information from external parties shall be handled in accordance with IVAO's policies and procedures, and authorization should be obtained from relevant supervisory personnel before disclosing such information.
2.6. IVAO reserves the right to not share any Confidential Information it chooses not to disclose.
2.7. In the event that the Staff Member is asked to disclose or communicate the Confidential Information to any judicial, administrative, regulatory authority or similar or obliged to reveal such information by mandatory law, it shall notify promptly IVAO of the terms of such disclosure and will collaborate to the extent practicable with IVAO in order to comply with the order and preserve the confidentiality of the Confidential Information.
3.1. All Staff Members have a responsibility to protect the confidential information they have access to in the course of their duties.
3.2. Staff Members shall not use confidential information for personal gain, financial or otherwise, nor shall they engage in any activities that may compromise the confidentiality or integrity of the information.
3.3. Staff Members must follow the policies and procedures established by IVAO for the handling and protection of confidential information.
4.1. Confidential information must be stored securely and accessed only by those with a legitimate need to access it in the course of their duties.
4.2. Measures should be taken to protect confidential information against unauthorized access, disclosure, or alteration, both physically and electronically. This includes:
- Electronic Security: Confidential information stored electronically must be protected with strong passwords, encryption, and access controls. Access to sensitive databases, systems, or files should be restricted to authorized users only, and logs of access should be maintained for auditing purposes.
- Transmission Security: When transmitting confidential information electronically, secure methods such as encryption and secure file transfer protocols (e.g., SFTP, HTTPS) should be used to prevent interception or unauthorized access during transmission.
- Disposal: When confidential information is no longer needed or has reached the end of its retention period, it should be securely disposed of using methods that render the information unreadable and unrecoverable, such as secure deletion methods for electronic files.
- Training and Awareness: All staff members shall receive training on the proper handling and protection of confidential information and be made aware of the importance of confidentiality and their responsibilities in safeguarding sensitive information.
4.3. Confidential information must be stored exclusively on IVAO-owned assets, such as G-Drive, servers, or other designated platforms approved by IVAO Board of Governors. The use of external storage media for storing confidential information is strictly prohibited unless explicitly authorized by IVAO for specific purposes and accompanied by appropriate security measures.
5.1. All Staff Members are required to comply with this policy and to participate in any training or programs related to the protection of confidential information.
5.2. Non-compliance or breach of this policy by the Staff Member may result in dismissal as a staff member, up to and including legal actions and/or network suspension. A suspension resulting from a breach of this policy shall not be less than 3 years.
6.1. This policy will be periodically reviewed by the IVAO Board of Governors to ensure its effectiveness and continued relevance.
6.2. Any modifications to this policy will be communicated to all IVAO members and will take effect as determined by the Board of Governors.
7.1. This policy shall be construed and interpreted by the laws of Belgium. The court of Brussels shall have jurisdiction.
7.2. IVAO Board of Governors will have the final say in the change and interpretation of this policy. For any further information assistance or questions, please contact: legal@ivao.aero.