Pilot Data & Marketing

The Marketing system lets pilots opt in to receive communications from your Virtual Airline. Opted-in subscribers can be exported for email campaigns, with built-in unsubscribe handling.

How Pilots Subscribe

Pilots can opt in through several methods, all tracked in the system:

• During registration - Checkbox on the signup form

• Profile settings - Toggle in Phoenix under Profile → Settings

• Dashboard prompt - Alert shown to pilots who have not opted in (can be dismissed)

The toggle in Phoenix shows: "Allow [Airline Name] to contact you with news, events, and promotions. Your first name, last name, and email will be shared with the Virtual Airline for direct marketing purposes."

Viewing Subscribers

In Orwell, go to Pilots → Marketing.

The stats overview shows:

• Total subscribers

• New subscribers (last 30 days)

• Unsubscribes (last 30 days)

• Net change

• Breakdown by subscription method (registration vs profile)

The table lists all opted-in pilots with their ID, name, email, subscription date, and how they subscribed.

Exporting Subscribers

Click Export Subscribers to download a CSV containing:

• First name

• Last name

• Email address

• Unique unsubscribe link

The unsubscribe link is unique per pilot and does not require login. When clicked, vAMSYS immediately revokes their marketing consent.

Unsubscribing Pilots

Pilots can unsubscribe through:

• Email link - The unsubscribe URL in your marketing emails

• Profile settings - In Phoenix, pilots go to Profile → Settings and turn off the Marketing Communications toggle

• Staff action - Use the Unsubscribe button on the Marketing page (individual or bulk)

Usage Guidelines

Click Usage Guidelines on the Marketing page for a quick reference. Key points:

• Fresh export each time - Generate a new export before each campaign to respect recent unsubscribes

• Individual emails only - Send one email per recipient with their unique unsubscribe link. Never use CC or BCC.

• Include unsubscribe link - Every marketing email must contain the unsubscribe URL from the export

• Delete after use - Do not store exports long-term

Privacy Law Compliance

GDPR (General Data Protection Regulation) is European law that governs how personal data can be collected and used. It applies to anyone handling data of EU residents, regardless of where you are located.

Similar laws exist in other regions:

• UK GDPR - Nearly identical to EU GDPR, enforced by the ICO

• Canada (PIPEDA) - Requires consent for commercial electronic messages

• Australia (Privacy Act) - Requires consent or easy opt-out for direct marketing

• California (CCPA/CPRA) - Requires transparency and opt-out rights

GDPR is the most comprehensive standard. The consent mechanism in vAMSYS satisfies all these laws. If you follow GDPR best practices, you are generally compliant with other privacy regulations.

Your Role as Data Controller

When you export and use pilot data, you become a Data Controller under GDPR. This means:

• You decide why and how pilot data is used

• You are legally responsible for your use of that data

• vAMSYS does not assume responsibility for misuse of pilot data by VAs

If pilot data is misused, liability rests with your Virtual Airline, not vAMSYS.

What vAMSYS Handles

vAMSYS collects explicit consent from pilots on your behalf. The opt-in clearly states their name and email will be shared with your Virtual Airline for marketing. This gives you the lawful basis to send marketing emails to opted-in pilots.

What You Are Responsible For

Consent is only one part of GDPR. Once you export pilot data, you become responsible for your own processing activities. This includes how you store the export, what tools you use to send emails, how long you keep the data, and how you handle data requests.

If you only view pilot data within vAMSYS for operational purposes (managing registrations, administering pilots), the vAMSYS Privacy Policy covers that processing.

However, you need your own privacy policy if you:

• Send marketing or engagement emails

• Export or download pilot data

• Store pilot data outside of vAMSYS

• Use third-party tools or services with pilot data

Service Emails vs Marketing Emails

GDPR treats different types of emails differently. Understanding this distinction is essential.

Service emails are strictly necessary to operate the service. vAMSYS handles these. Examples: account verification, password resets, security alerts, system notifications. These do not require marketing consent.

Marketing emails promote, encourage, or increase participation. Examples: invitations to fly, event announcements, newsletters, "come back and fly" messages. These require explicit opt-in consent.

Prohibited Practices

The following violate GDPR and may result in enforcement action against your Virtual Airline:

• Scraping email addresses - Copying emails from the pilot list or using scripts to collect addresses

• CC/BCC bulk emails - This leaks personal data and prevents individual unsubscribe handling

• Reusing old exports - Always generate a fresh export to respect recent unsubscribes

• Emailing non-opted-in pilots - If they are not in the export, you have no lawful basis to email them

• Disguising marketing as service emails - Do not send promotional content under the guise of operational messages

Using External Mailing Platforms

If you use Mailchimp, SendGrid, or similar services, you assume full responsibility for GDPR compliance. You must provide your own lawful basis, transparency notices, and unsubscribe handling. vAMSYS has no liability for that processing.

Enforcement

vAMSYS actively protects pilot data. Access to pilot email addresses may be restricted if misuse is suspected. Serious or repeated violations may lead to suspension or termination of your Virtual Airline.