This webserver is operated by Iain Moffat G0OZS who is the data controller for the purpose of the relevant law.
Please see the DPA page for details of the web host's
registration under the UK Data Protection Act.
Please note that this will soon be updated due to legislative changes in the UK effective in April 2018.
The Data Controller can be contacted at
Please use the above contact details if you wish to discuss your data with the data controller.
Data Subject Rights
You have rights under British and European Data Protection Law to:
- Obtain a copy of the data a data controller holds on you
- Have any errors corrected
- To have your personal data erased
- To have processing suspended while the data is in dispute
- To have the controller inform any third party who received the data of an erasure request
- To receive your data in a portable machine-readable format
- To lodge a complaint with a supervisory authority
(the Information Commissioner's Office in the UK)
The data controller believes that the processing of file requests by the VMARS Members Only Archive site does
not require identification and for the purposes of article 11(2) of the GDPR the data controller cannot identify
a visitor to the web site solely from the information that is logged. You will not be able to exercise all of
your rights under the GDPR unless you provide further information in order to identify your data.
Why we collect and use your data
For the purposes of article 6 of the EU GDPR the collection and processing of this data is necessary for the
purposes of the legitimate interests pursued by the controller (to investigate technical or security problems
or to report computer misuse) and by a third party, the Vintage and Military Amateur Radio Society ("VMARS")
for the purpose of delivering files to members only.
Both visitors and VMARS officers are data subjects of this web site.
No part of the VMARS Archive Members Only Area sub-site of moffatig.plus.com needs cookies to function and no cookies are used.
Data is collected in log files as part of the normal operation of the web server and operating system.
This data is the minimum necessary for normal operation. Additionally the secure file distribution
application maintains an audit log of all requests.
Web Server Logs
Visits to the public web site are logged in the webserver log file. The following data are logged:
- Time of visit
- IP address of Visitor
- Web Server Login name (for administrative users only)
- Page Requested
- Success or error code for the page
- The Browser and Operating System identification sent by the Visitor's web browser
In the case of an error the technical details of the error which may include user submitted form data
and the program statement or page that failed will be recorded in an error log along with the page and
visitor details. Web server logs are retained for a maximum of 30 days.
Only the server administrator has access to these logs.
Application Log Files
If you submit a form from the VMARS secure file distribution application the following information is logged:
- The Operation performed (e.g. DOWNLOAD)
- Date and Time
- Request Number
- IP Address of requester
- Document ID number
- Secret Key
- File Path
- File Name
This log contains no data that can be used in isolation to identify end users and as per GDPR article
11(2) the data controller advises site visitors that articles 15 through 20 (rights of access, rectification,
erasure, restriction of processing, notification and portability) can only be exercised if a data
subject provides additional information enabling his or her identification.
The Server administrator and the VMARS archivist have access to this log.
Operating System Logs
Secure File Transfer connections used by the VMARS Archivist to upload new content to the web server.
SFTP connections are logged by the operating system. The following information is logged:
These files are retained for one year.
- Time when a session is started
- IP address
- Time when a session is closed
Data Sharing and Transfers
The Data Controller makes the application audit log available to the VMARS archivist as a password protected
The site is backed up (in the form of GPG encrypted files) to rsync.ch in Switzerland which to the best of
the data controller's knowledge and belief are unreadable by the storage provider but to comply with the GDPR
(which sets contractual requirements which can not be met by that solution) a UK based alternative will be
implemented before GDPR is effective on 25th April 2018.
[ Back to Members Only Area ]
[ VMARS Home ]