Data Privacy & Protection
How we handle your data at 309 Squadron.
General Information
309 Squadron uses this portal to facilitate squadron operations, communication, and resource sharing. We are committed to protecting your personal data in accordance with RAFAC policies and GDPR regulations.
This application integrates with Microsoft 365 services (Teams, SharePoint, Exchange) to provide a seamless experience. Data is processed securely within the Squadron's Microsoft 365 tenant.
App Security & Biometrics
If you use our official Mobile or Web Applications, your login tokens are stored in your device's native Secure Storage. If you enable Biometric Unlock (Face ID or Touch ID), this is processed entirely locally by your device. We do not collect, store, or have access to your biometric data.
Analytics & Settings
Analytics: We use PostHog for anonymous analytics and session replay to improve the portal. Passwords and sensitive forms are masked.
Settings: We store your portal preferences (e.g. tour completion status) securely in Azure Table Storage linked to your account.
Data Subject Rights (GDPR) & Export
Under GDPR and UK Data Protection laws, you have the right to access the data we hold about you. You can export a full copy of your Microsoft Entra ID user profile—which includes your contact details, organisational information, and portal settings—directly from the Settings menu in the dashboard at any time. This generates an instant, secure JSON export file containing all data associated with your account.
Cadet Privacy Notice
What data can I see?
- Training Programme events relevant to cadets.
- Announcements targeted at cadets.
- Key documents and uniform guides.
- Your own profile information (Name, Email).
Who can see my data?
Staff members can view your attendance, contact details, and any forms you submit through official channels. Other cadets cannot see your personal information through this portal.
Staff Data Handling Policy
Staff Responsibilities
- You have access to cadet personal data for operational purposes only.
- Do not share cadet contact information outside of official channels (SMS/BADER).
- Ensure any downloaded documents containing PII are stored securely and deleted when no longer required.
System Access
As a staff member, you have elevated privileges to create events, send notifications, and manage announcements. Access and operations may be logged for auditing purposes.