FIFA Global Football Platform

Data Protection Policy 


Fédération Internationale de Football Association (FIFA)

FIFA-Strasse 20
8044 Zurich
Switzerland

Please read the following to learn more about the ways FIFA uses your personal data before you proceed with the use of the FIFA Global Football Platform (“Platform”).

This Data Protection Policy has been drafted in English and has been translated into other languages. In the event of discrepancies between the English and the translated texts, the English text shall prevail and be used to solve doubts of interpretation.

Date of issue of this Data Protection Policy: February 2026

1.       International Transfer

YOUR INFORMATION IS PROCESSED IN SWITZERLAND AND IN THE EUROPEAN ECONOMIC AREA (“EEA”), AND MAY BE PROCESSED ELSEWHERE DEPENDING ON THE LOCATION OF AFFILIATES, BUSINESS PARTNERS, AND OTHER ENTITIES WHO ARE PERMITTED TO ACCESS SUCH INFORMATION UNDER THE TERMS OF THIS DATA PROTECTION POLICY (LOCATIONS OUTSIDE THE EEA MAY INCLUDE COUNTRIES WHICH MAY NOT ASSURE AN ADEQUATE LEVEL OF DATA PROTECTION ACCORDING TO APPLICABLE LAWS IN THE EEA AND SWITZERLAND). IF FIFA PROCESSES YOUR PERSONAL INFORMATION OUTSIDE THE EEA, ALL REASONABLE STEPS WILL BE TAKEN TO ENSURE THAT YOUR PERSONAL INFORMATION IS TREATED AS SAFELY AND SECURELY AS IT WOULD BE WITHIN THE EEA AND SWITZERLAND AND UNDER THE SWISS DATA PROTECTION ACT (“DPA”) AND THE GENERAL DATA PROTECTION REGULATION (“GDPR”).

2.   The collection of personal data and how FIFA uses it

The Platform is an online digital platform developed and operated by FIFA to enable:

    • Member Associations (“MAs”) to exchange information with FIFA,
    • Nomination, approval and management of participants in FIFA Global Football Development (“GFD”) educational events,
    • Administration of training events,
    • Access to MAspecific information, and
    • Communication between FIFA and MA Technical Directors.

The Platform supports Member Associations and their affiliated staff in managing nominations, participation, and administration of FIFA Global Football Platform courses and events.

Your personal data may also be provided to FIFA by your Member Association when you are nominated for an educational event or when the MA updates its organisational information in the Platform. 

3.       The personal data FIFA collects

FIFA processes various categories of personal data depending on your user role, the type of educational event and specific operational needs. Some information is always required; some is optional; others are collected only when required for a specific course. These data fields and conditions follow the Platform’s internal data inventory.


3.1 Personal Details (Basic Account and Profile Information)

At registration, users must provide their first name, last name, and login email. These are mandatory to create an account and maintain access to the Platform. Optional contact details may include recovery email, personal or work numbers and a communication email.

After registration and before a course begins, additional profile information may be requested, such as date of birth, nationality, gender, preferred platform language, and—optionally—a profile picture.

These fields support user identification, duplicate detection, communication, and statistical analysis.


3.2 Travel Information (Only When Travel Is Required by the Course)

If a course requires FIFA to arrange travel, the Platform will request travel document information only after the participant has accepted their nomination and has been approved to join the course.

The requested information may include: document type, document names, nationality, passport number, date of issue and expiry, and a passport scan.

These fields remain invisible and uncollected for educational events that do not involve travel.


3.3 Professional Experience Data (Only When Required as a Prerequisite)

Some educational events  require verification of professional experience. In such cases—again, only after a participant is approved—the user may be asked to provide a LinkedIn profile link or upload a CV or similar document.


3.4 Education and Licence Information (Only for Courses That Require It)

For educational event with educational or licence prerequisites, the Platform may request information such as licence type, level, confederation, Member Association, licence number, and issue/expiry dates. Supporting documentation (licence or certificate files) may also be required.

If the educational event does not require educationrelated documentation, these fields do not appear.


3.5 Measurements (Only for Courses Providing Kit or Equipment)

For courses where FIFA provides kit or uniform items, the participant may be required to provide clothing and shoe sizes, kit preferences, and weight.

These details are collected only after the educational event is approved and only for the specific educational events where needed. They are not requested otherwise.


3.6 Member Association Role Information (Technical Directors & MA Admins)

To support MAspecific workflows, FIFA may request information about internal roles within the MA, including the FIFAdefined role name, the MAs own role label, the start date, andif applicablethe end date of the role.

This information is visible to the MA Technical Director and their designated administrative staffIt is also accessible to authorised FIFA personnel for the purpose of understanding MA organisational structures and maintaining accurate contact points.

 

4.       Lawful basis

FIFA relies on different lawful bases depending on the type of data and the specific purpose for which it is processed:


4.1 Performance of a Contract 

Used for all information mandatory for educational event participation, including:

    • identity and profile data;
    • travel data required for arranging transportation;
    • experience/education documents required for eligibility;
    • measurements required for kit/equipment;
    • all nomination, approval and course‑administration workflows.

Participation in a FIFA GFD course requires FIFA to perform specific operational tasks, including eligibility checks, travel arrangements, and logistical preparation. Therefore, the personal data requested for a given educational event is mandatory and processed under performance of a contract.

This includes:

    • identity and contact data;
    • date of birth and nationality;
    • licence/education documents required for eligibility;
    • experience documents required for eligibility;
    • travel document details and passport image (where needed by airlines or immigration);
    • kit measurement data required for equipment.

If a participant does not provide required data, FIFA cannot register them, confirm eligibility, arrange necessary travel or provide required equipment, and the participant therefore cannot attend the course.

Note: Only optional features (e.g., profile picture) rely on consent.


4.2 Consent

FIFA processes certain personal data on the basis of your freely given, specific, informed and unambiguous consent. Consent is requested only for data that is not strictly required to create a user account or to deliver the core services of the Platform, and only when such data is necessary for a specific course or logistical requirement.

FIFA only relies on consent for optional features that are not required for course participation, such as a profile picture, an optional communication email, or an optional link to a professional profile (e.g., LinkedIn). Withdrawal of consent affects only these optional features and does not impact eligibility for or participation in any course.

Where consent is required, the Platform ensures that:

    • it is presented separately from other terms,
    • refusal to give consent does not impact unrelated services, and
    • consent granularity matches the type of data collected.

FIFA only relies on consent for optional features that are not required for course participation, such as a profile picture, an optional communication email, or an optional link to a professional profile (e.g., LinkedIn). Withdrawal of consent affects only these optional features and does not impact eligibility for or participation in any course.


4.3 Legitimate Interests

FIFA may process certain data based on its legitimate interest in managing the relationship with MAs and improving GFD operations, including:

    • data analysis to improve future educational events
    • role information within the MA (FIFA role name, MA role name, start and end dates) for structural and engagement purposes
    • internal communication between FIFA and Technical Directors
    • system usage analytics and security measures

4.4 Compliance with Legal Obligations

Some travel and identity information may be necessary to comply with transportprovider requirements or immigration/security regulations when travel is arranged by FIFA.

5.       Cookies

FIFA may use cookies when you visit the Platform. Please read and understand our Cookie Policy.

When you visit the Platform, FIFA will use cookies to collect certain information about you. Cookies are small data files which are transferred to your computer’s hard disk in order to memorise information like registration IDs and passwords. A cookie will typically contain the name of the domain from which the cookie has originated, the “lifetime” of the cookie and various values.

FIFA might further use session ID cookies to enable certain features of the Platform, to better understand how you interact with the Platform and to monitor aggregate usage by Platform users and web traffic routing on the Platform. Session ID cookies are, unlike persistent cookies, deleted from your computer when you log off from the Platform and close your browser.

Please note that you can always choose to block cookies by updating your Web browser privacy settings.

To do so, you will have to access the Help menu in your browser’s menu bar and search for the term “cookies”. Please note, however, that if you block cookies, you may not be able to use all sections of the Platform or all functionality of the services.

6.       Information Sharing and Disclosure

FIFA may send personal data about you to third parties when: 

a) you specifically acknowledge and agree that FIFA may disclose your personal data to third parties contributing to the delivery of services requested by yourself;

b) FIFA needs to share your personal data to provide a product or service you have requested;

c) FIFA provides personal data to companies who work on behalf of FIFA under data processing agreements providing for the required safeguards for your personal data in accordance with applicable data protection laws;

d) FIFA needs to respond to subpoenas, court orders or legal processes;

e) FIFA believes it is necessary, at its sole discretion, to investigate, prevent, or take action regarding illegal activities, suspected fraud, emergency situations involving potential threats to the physical safety of any individual, violations of Our Terms located at Terms of Services (https://inside.fifa.com/terms-of-service), or as otherwise required by law; and/or

f) you have freely consented to your personal data being shared with FIFA’s commercial affiliates and/or contractual partners to be informed about their products and services.

 

The GFD Platform does not publish personal data publicly, and each MA can only access information related to its own organisation.

7.       Security 

FIFA wants you to feel confident about using the Platform. For this reason, FIFA has implemented adequate technical and organisational measures designed to secure your personal data from accidental loss and from unauthorised access, use, alteration or disclosure. However, FIFA cannot guarantee that unauthorised third parties might not maliciously access your personal data. 

 

Identity theft and the practice currently known as “phishing” are of great concern to FIFA. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your bank card information, your account ID, login password or national identification numbers in a non-secure or unsolicited email or telephone communication.

 

FIFA has implemented procedures to react in case of unauthorised access, use, alteration or disclosure of personal data. If you suspect such an incident has occurred, please get in touch with via dataprotection@fifa.org.

 

If you communicate with FIFA by email, please note that the secrecy of internet email is uncertain. By sending sensitive or confidential email messages or information which are not encrypted, you are accepting the risk of a possible lack of confidentiality over the internet.

8.       Your rights

You have the following rights under the DPA and GDPR:

a) the right to be informed about FIFA’s collection and use of personal data;

b) the right of access to the personal data FIFA holds about you;

c) the right to rectification if any personal data FIFA holds about you is inaccurate or incomplete;

d) the right to deletion– i.e. the right to ask FIFA to delete any personal data we hold about you;

e) the right to restrict the processing of your personal data;

f) the right to data portability – i.e. obtaining a copy of your personal data to re-use with another service or organisation;

g) the right to object to FIFA using your personal data for particular purposes;

h) the right to revoke a given consent at any time; and

i) further rights with respect to the objection to automated decision-making and profiling; the Platform does not use automated decision-making or profiling that produces legal or similarly significant effects on users.

If you have any cause for complaint about FIFA’s use of your personal data, please contact FIFA’s dedicated team under dataprotection@fifa.org. We may require you to provide verification of your identity. In case you are not satisfied with our response, you always have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) or the competent data protection authority within the EEA. Please note that in certain circumstances FIFA may withhold access to your personal data where FIFA has the right to do so under applicable data protection legislation.

9.       Updating/deleting your information

You may review, correct, update, change or request that FIFA deletes your personal data at any time by accessing your account on the Platform. FIFA will ensure the deletion in case there are no legal reasons obliging FIFA to keep your personal data.

10.   Retention Periods

Retention periods follow the operational and legal requirements of the Platform:

    • User account data: retained for 3 years of inactivity (with reminders 6 months before deletion).
    • Work‑related MA role details: retained only for the duration of the role; then visibility reduced to name and role only.
    • User‑uploaded documents (passport, CV, certificate): available to FIFA only during the event and for 3 months thereafter; still available to the user.
    • This data remains available to the user after the event. It is no longer available to FIFA Coordinators 3 months after the event.
    • Educational event information accessible to FIFA Coordinators: retained up to 3 months after event completion.

 

11.   Controller roles and responsibilities

FIFA acts as the data controller for all processing activities conducted within the Platform, including account creation, course administration, verification processes, and event logistics. Member Associations act as independent controllers when providing information about their staff or nominees, validating Member Association data, or managing their internal organisational roles. FIFA and the MAs do not act as joint controllers because they process personal data for different purposes and determine those purposes independently.

 

12.   Links to other sites

If any part of the Platform links to other websites external to FIFA, those websites do not operate under this Data Protection Policy. If you choose to visit an advertiser or click on another third-party link, you will be directed to that third party’s website. FIFA does not exercise control over third-party websites and therefore recommends that you read and understand the data protection policies posted on these other websites to understand their procedures for processing, collecting, using and disclosing of personal data.

 

13.   Changes to this Data Protection Policy

This Data Protection Policy may be amended from time to time. If FIFA amends this Data Protection Policy, any changes will be immediately posted on the Platform and you will be deemed to have accepted the terms of the Data Protection Policy on your first use of the Platform following the alterations. 

14.   Contact

If you have any questions about this Data Protection Policy, please visit FIFA’s Data Protection Portal and FIFA’s Data Protection Pocket Guide, contact FIFA’s Data Protection Officer by email at dataprotection@fifa.org or by post to Fédération Internationale de Football Association (FIFA), FIFA-Strasse 20, 8044 Zurich, Switzerland.

15.   Precedence

In the event that the provisions of this Data Protection Policy conflict with the provisions of a third-party data protection policy, the provisions of this Data Protection Policy shall prevail.

16.   Jurisdiction and applicable law

This Data Protection Policy and all matters arising out of or related to this Data Protection Policy shall be governed by the substantive laws of Switzerland, without regard to conflicts of laws and principles thereof.

Any controversy, claim or dispute between you and FIFA arising out of or relating to this Data Protection Policy shall be subject to the exclusive jurisdiction of the competent Courts of the City of Zurich 1, and each party hereby irrevocably consents to the jurisdiction and venue of such courts.