UEFA Privacy Policy
Friday, October 4, 2024
Article body
UEFA
Union des Associations Européennes de Football
Route de Genève 46
Case postale
CH-1260 Nyon 2
Switzerland
UID Register number CHE-103.107.646
We outline in this privacy policy (the “Privacy Policy”) how personal data are collected and processed at UEFA and UEFA’s affiliates (“UEFA", "we" or "our"). UEFA is a data controller and takes your privacy seriously and understands the importance of maintaining the confidentiality of your personal data and other information stored about you.
UEFA is committed, in the course of its activities and in compliance with applicable data protection laws, to ensure the confidentiality, integrity and availability of your personal data, as well as to respect your privacy.
The commitments described in this Privacy Policy fulfil the values, the principles of action and behaviour of UEFA and are established in compliance with applicable Swiss and European laws.
This Privacy Policy has been drafted in English and has been translated in other languages. In the event of any discrepancy between the English and the translated texts, the English text shall prevail and be used to solve doubts of interpretation.
Date of issue of the latest version of this Privacy Policy: September 2024
1 WHAT THIS PRIVACY POLICY COVERS
This Privacy Policy applies to UEFA's processing of your personal data when you (“you” and “your”) visit and use any UEFA website, app or service which links to this Privacy Policy. We refer to these websites, apps, social media profiles and pages and services in this Privacy Policy, collectively the “UEFA Platforms”.
This Privacy Policy also covers UEFA's collecting and processing of any personal data that UEFA's business partners share with UEFA.
2 THE PERSONAL DATA WE COLLECT FROM YOU
UEFA collects and processes personal data in respect of your use of and interactions with the UEFA Platforms in order to provide you with a service, to respond to you and to publish and share information plus documents related to football. “Personal data” means any information that may be linked directly or indirectly to you as an individual. The types of personal data we may collect and process vary from UEFA Platform to UEFA Platform but can be summarised as follows:
Personal data we collect:
(i) Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender and ID number.
(ii) Contact Data includes billing address, delivery address, email address and telephone numbers.
(iii) Financial Data includes bank account and payment card details.
(iv) Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
(v) Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access UEFA Platforms.
(vi) Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
(vii) Usage Data includes information about how you use UEFA Platforms.
(viii) Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
(ix) Cookie and Device Data.
(x) Other. Other information you may provide to us, for example competition entries, photographs we take or video/audio recordings we make.
3 HOW WE COLLECT YOUR PERSONAL DATA
We collect your personal data in a number of ways as described below.
Information you give to us directly:
We collect information on you where you:
(i) register an account with us (including via social media profiles such as Facebook and Google+) or log in and make changes to your online account;
(ii) register to receive marketing communications from us;
(iii) purchase products or service or tickets from us;
(iv) attend UEFA events as a spectator, guest, volunteer, accredited person, etc.
(v) enter into a competition on UEFA Platforms;
(vi) interact with our social media profiles; and
(vii) contact us (including over the phone, or via email, post, live chat or social media messaging).
Personal data we collect from third parties:
We collect information on you from third parties, such as national football associations, clubs, UEFA’s commercial and media partners and UEFA suppliers, where you:
(i) have a contract in place with such third parties which requires the transfer of your personal data to us; and/or
(ii) register through such third parties to receive marketing communications from us.
In such case, we ensure and check that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.
Personal data we collect automatically:
UEFA also automatically receives and records non-sensitive information on its technical infrastructure logs about your computer when you visit UEFA Platforms, regardless of whether you have registered for an account or not by just browsing our servers.
UEFA also collects, including but not limited to, your Web browser software, your internet protocol (IP) address which identifies your computer, UEFA's cookies, the referring website, the page you requested, your location, and your online activity on UEFA Platforms.
Collecting this information enables us to better understand the visitors of UEFA Platforms, where they come from, and what content is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of UEFA Platforms to our visitors.
Some of this information is collected using cookies and similar tracking technology, as explained further in our Cookie Policy which is available here.
Other purposes
We will use the personal data we collect from you only for the purposes described in this Privacy Policy or for purposes that we explain to you at the time we collect your personal data. However, we also use your personal data for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
4 HOW DO WE USE YOUR PERSONAL DATA
The personal data we hold on you will be used in a number of ways depending on the UEFA Platform as explained below. Under data protection laws we have to have a lawful basis for processing your personal data. We have indicated the lawful basis we rely on below in the headings.
Where we rely on legitimate interest as this lawful basis, our legitimate interest is necessary for promoting our business, improving the services we offer to you and your experience when you interact with us, and ensuring effective operational management and internal administration of our business and the exercise of our rights.
To fulfil contracts
If you enter into a contract with us (for example to purchase a ticket, open an account, purchase a product or to enter into a competition) we need to process personal data in order to fulfil the contract by providing the services, processing payments and corresponding in relation to the same. If you do not provide the information to us, we may not be able fulfil the contract and provide the products or services to you.
Where we have your consent
We ask for your consent to send you direct marketing communications relating to ticketing sales periods, events, tournament information and other UEFA activities we run. You can choose to unsubscribe at any time as explained in ‘your rights’ below. In some limited circumstances, we do not need to obtain your consent for marketing as explained in the legitimate interest section below.
Where we have a legal obligation
To protect, investigate, deter and report fraudulent, unauthorized or illegal activity. Where you are interested in purchasing tickets this includes the prevention of credit card fraud and the retention of certain payment details to enable refunds and for financial record keeping requirements.
We are also under legal obligations in respect of health and safety, ensuring that individuals who have been banned do not attend events and other integrity in sport requirements. This may involve the processing of personal data about you and the disclosure of information to the police, state authorities and other bodies where required by law.
Where we have a legitimate interest
We may process your personal data where it is necessary for our legitimate interests as a business in the following situations:
• Recording at UEFA events (final tournaments, club finals, draws, congresses, conferences, etc.) at which you are part of a group or a larger number of people.
• Account management and record keeping and correspondence in relation to products and services you receive from us.
• Fraud detection and checks.
• To respond to any enquiries, information requests or complaints you make to us or that are made about you.
• To inform you of upcoming events, promotions and community initiatives and communicate with you about these, where you have shown an interest.
• To send you marketing communications where we have a commercial relationship (for example where you pay us for tickets to an event or purchase items from our store) with you and you have not objected to receiving such communications from us.
• To contact you for your views and feedback on our events and activities.
• To assist with internal record keeping.
• To provide you with, and maintain the quality of, our website and to analyse the use of our website in order to help guide improvements.
• Profiling, data matching and other enrichment activities to enable better service and personalisation as explained in more detail in Section 10 below.
• To assist in the prevention of or detection of a crime or equivalent malpractice.
• To assist in the identification and prosecution of offenders.
• To monitor the security of UEFA events, activities and stadia.
We may also use aggregate anonymised information in order to help us develop our services and may provide such information to third parties. This information cannot identify you.
5 PERSONAL DATA SHARING AND DISCLOSURE
We may share your personal data with the parties set out below for the purposes set out above.
• With our other group companies UEFA Events SA and UEFA Club Competitions SA for internal reasons, primarily for business and operational purposes in line with this Privacy Policy.
• With external third parties who perform functions on our behalf and who also provide services to us, i.e. professional advisors, technology providers and hosting companies; advertising companies and exchanges; analytics companies; payment providers; fraud and credit checking companies. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
• With external third-party data services; who help up to segment and understand our audience by providing additional information.
• With external third-party platforms and advertisers (such as Facebook or Google) to help us identify customers similar to our audience or to serve relevant adverts and content to you on third party websites. The information shared with these advertisers is pseudonymised to protect your personal data.
• With external third parties who are independent data controllers such as UEFA Member Associations, football clubs that participate in UEFA events and activities and venues used for UEFA events and activities.
• With police and state authorities in particular to carry out security or administrative controls in relation to venues or events You have requested access to.
• With external third parties, where UEFA finds that it is necessary, as determined in UEFA’s sole discretion, to investigate, prevent or take action regarding illegal activities, suspected fraud, emergency situations involving potential threats to the physical safety of any persons, violations of contractual obligations or as otherwise required by law.
• Certain third parties pursuant to court orders or warrants.
• To third parties where you give us express permission to share your personal data in the course of your relationship with us from time to time.
UEFA will not sell, rent or transfer your personal data to third parties without your consent and for reasons other consistent with the purpose for which the data were originally collected or for other purposes authorized by law.
6 TRANSFER OF PERSONAL DATA
Your personal data is generally stored within the EEA but in limited circumstances may be transferred to suppliers located in the US or within UEFA member associations’ territories that are not within the EEA. Where UEFA transfer your personal data from within the EEA to a country outside the EEA, we ensure adequate security measures are in place to offer equivalent protection as your personal data would receive within the EEA and in compliance with applicable data protection law. We have in place EU Model Contractual Clauses as an adequate safeguard for transfers outside the EEA. For further details on how we safeguard your personal data transferred outside the EEA (including how to obtain a copy of such safeguards) contact us using the details set out in Section 14 below.
7 DATA RETENTION AND ARCHIVING
Personal data processed by UEFA will be retained only for as long as is necessary to fulfil the purposes outlined above in this Privacy Policy. This will generally (but not in all cases) be for the duration of time where you utilise our services, to comply with our legal obligations or to protect UEFA’s rights. When determining the relevant retention periods for your personal data, we will take into account factors including:
• our contractual obligations and rights in relation to the personal data involved;
• legal obligation(s) under applicable law to retain data for a certain period of time;
• statute of limitations under applicable law(s) which is the period during which contractual claims could be brought, being 10 years in Switzerland;
• our legitimate interests where we have carried out balancing tests (see section on ‘How do we use your personal data’ above);
• (potential) disputes; and
• guidelines issued by relevant data protection authorities.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
8 YOUR RIGHTS
You have a number of rights (subject to certain conditions) when it comes to your personal data.
Rights | What does this mean? |
Your right to object to processing | You have the right to object to the use of your data for marketing or for any further use under the grounds of legitimate interests (i.e. profiling or data matching) by emailing UEFA using the details set out below. |
Your right to opt-out of direct marketing communications | You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails and newsletters we send you. |
Your right to access your personal data | You have the right to obtain access to your personal data at any time. You are generally able to access your personal data at any time by accessing your account on the UEFA Platform. |
Your right to update and rectification | You are entitled to have your personal data updated or corrected if it is inaccurate or incomplete. You are generally able to review, correct or update your personal data at any time by accessing your account on the UEFA Platform where it has been created. However, you may choose to send us a written request to do so on your behalf using the below contact details. |
Your right to erasure | You can request the deletion or removal of your personal data where there is no compelling reason for UEFA to keep using it. You are generally able to delete your personal data at any time by accessing your account on the UEFA Platform where it was created and/or by filling the following form: Deletion Request Form. You may also choose to send us a written request to do so on your behalf at any time using the below contact details. |
Your right to restrict processing | You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, UEFA can still store your personal data, but will not use it further. |
Your right to data portability | You have rights to obtain and reuse your personal data for your own purposes across different services. |
Your right to lodge a complaint | You have the right to lodge a complaint about the way UEFA handle or process your personal data with your national data protection regulator by contacting the applicable data protection regulator directly. |
Your right to withdraw consent | If you have given UEFA your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. |
To exercise any other of these rights, you can contact us in writing (including via email or regular mail) using the contact details below. Please note that we may require to receive a proof of your identity before we can respond to your request.
Email: privacy@uefa.ch
Mail: Union des Associations Européennes de Football (UEFA)
Corporate Legal Services
Data Protection - Data Subject Request
Route de Genève 46
Case postale,
CH-1260 Nyon 2
Switzerland
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
• baseless or excessive/repeated requests, or
• further copies of the same information.
UEFA may refuse, restrict or defer the provision of information where UEFA has the right to do so under current data protection legislation.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
9 DATA SECURITY
We want you to feel confident about using the UEFA Platforms. Therefore, UEFA defines and implements the reasonable technical and organizational measures necessary to maintain the security of personal data, according to the nature of the personal data processed and the circumstances of the processing, with the objective of avoiding (in the realm of the possible and having regard to the state of the art) non-authorised processing or access, alteration or loss (to ensure confidentiality, integrity and availability respectively).
UEFA uses industry standard SSL encryption to protect data transmissions. If you communicate with UEFA otherwise than via UEFA Platforms (e.g. by e-mail), you should however note that the secrecy of Internet is uncertain. By sending sensitive or confidential e-mail messages or information which are not encrypted, you accept the risk of such uncertainty and possible lack of confidentiality over the Internet.
Identity theft and the practice currently known as “phishing” are of great concern to UEFA. Safeguarding information to help protect you from identity theft is a great concern. UEFA do not and will not, at any time, request your credit card information, your account ID, login password or national identification numbers in a non-secure or unsolicited e-mail or telephone communication.
10 PROFILING
We may use the personal data you provide to us via UEFA Platforms, alone or in combination with personal data you have provided to our advertising partners to better understand your interests so we can try to predict what other products, services and information you might be most interested in. We call this profiling. Profiling enables us to tailor our communications (both directly from us and via our advertisers) and those of our third parties to make them more relevant and interesting for you.
If you do not want us to do this you may opt-out here http://www.networkadvertising.org/choices/, or http://www.aboutads.info/ or, for EU users only here: http://youronlinechoices.eu/.
Additionally, you may also opt-out of interest-based advertising by accessing the settings pages of our external advertisers:
• Facebook
• Instagram
• X
• Google
We do not use your personal data to make automated decisions about you that may have legal or similarly significant effects on you. Further information about your rights is set out at Section 8.
11 CHILDREN'S PRIVACY
The protection of personal data of children and adolescents is of particular concern to UEFA. The UEFA Platforms and their content are not directed at children under the age of thirteen (13). UEFA recommends that parents discuss the use of the Internet and the provision of personal data on websites with their children before allowing minors between thirteen (13) and sixteen (16) to register.
UEFA will not knowingly collect personal data from or about children under thirteen (13) or knowingly allow minors between thirteen (13) and sixteen (16) to register as users without parental permission. If a parent or legal guardian becomes aware that his or her child under sixteen (16) has registered as a user without their consent, he or she should delete the relevant account or if this is not possible, inform UEFA immediately. If UEFA becomes aware that a child under thirteen (13) or between thirteen (13) and sixteen (16) but without parental permission has registered as a UEFA user, their access as a user will immediately be denied and their account deleted as quickly as possible (including all personal data associated with that account).
If you believe that UEFA might have any personal data from or about a child under thirteen (13), please notify UEFA in writing by email or mail to Union des Associations Européennes de Football – Corporate Legal Services - Data Protection, Route de Genève 46, Case postale, CH-1260 Nyon 2, Switzerland.
12 LINKS TO OTHER SITES
If any part of the UEFA Platforms link to other websites owned and operated by third parties, and you choose to visit or click on another third-party link, you will be directed to that third party’s website. We do not exercise control over third party websites and therefore recommend you examine the privacy statements posted on these other websites to understand their procedures for collecting, using and disclosing personal data.
We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
13 CHANGES TO THIS PRIVACY POLICY
The Privacy Policy is available at any time on all UEFA Platforms and may be amended from time to time.
When we amend our Privacy Policy, we will however notify you where we have made significant changes and where we have a relationship with you. We will obtain your consent to any material Policy changes if and where this is required by applicable data protection laws.
You can see when this Privacy Policy was last updated by checking the “Date of issue of the latest version of this Privacy Policy” displayed at the top of this Policy.
14 CONTACT US
If you have any questions about this Privacy Policy, please contact us on the details below.
Email: privacy@uefa.ch
Mail:
Headquarters office
Union des Associations Européennes de Football (UEFA)
Corporate Legal Services
Data Protection
Route de Genève 46
Case postale
CH-1260 Nyon 2
Switzerland
EU office
Union des Associations Européennes de Football (UEFA)
Data Protection
Rue d’Arlon 25
BE-1050 Brussels
Belgium