FIDE DATA PROTECTION POLICY

SECTION A: GENERAL INFORMATION

Preamble

In order to perform its aims to be the supreme body responsible for the sport of chess and give National Chess Federations, players and any other individuals the services FIDE is intended to give as they are listed in the Charter, it needs to collect, store and process personal data.

FIDE cares that the data are handled in a fair and transparent way and makes all the necessary efforts to enforce these goals.

1. Data Controller, Representative, DPO, processors

1.1 Data Controller: FIDE – Federation Internationale des Echecs – International Chess Federation, headquartered at the Maison du Sport International, Avenue de Rhodanie 54 – 1007 Lausanne, Switzerland.

1.2 Current legal representative is its President Mr Arkady Dvorkovich.

1.3 Data Protection Representative for the European Union: Mr Marco Biagioli (ITA).

1.4 Data Protection Officer: Mr Marco Biagioli (ITA).

1.5 Data processors: Mr Vladimir Kukaev (RUS), Mr Gennay Rakhvalov (RUS).

2. Contacts

2.1 Data Controller: FIDE – Federation Internationale des Echecs – International Chess Federation, Maison du Sport International, Avenue de Rhodanie 54 – 1007 Lausanne, Switzerland.

2.2 Data Protection Representative for the European Union and Data Protection Officer: Mr Marco Biagioli (ITA), Biagioli Caregnato Law Firm, via Mestrina 69 – 30172 Venice, Italy.

2.3 E-mail addressprivacy@fide.com

SECTION B: REGULATIONS FOR ORDINARY DATA COLLECTION

3. Purpose of data collection

3.1 FIDE collects data in a fair and transparent way only in order to let itself, its internal bodies and its services work.

3.2 The use and storage of the relevant data is necessary in order:

3.2.1 to let FIDE internal bodies, boards, commissions and committees perform their duties according to the Charter and the Regulations, as well as according to the relevant decisions on their goals.

3.2.2 to let FIDE services, among which there are the FIDE Rating System (FRS), FIDE titles and classification of players, arbiters, organizers, trainers and officials, properly function.

3.2.3 to maintain the functionalities of the FRS: like in any other sports, the FRS is necessary to estimate the strength of the players and create a ranking of them to let any sports activity (championships, tournaments) be run in a fair way.

3.2.4 to properly let FIDE to give titles according to the relevant Regulations.

3.2.5 to let FIDE appoint people to any duties in its internal bodies or to any roles in its events.

4. Legal basis

4.1 Data are collected and processed by legal agreement and in order to provide the services requested to FIDE itself.

4.2 When registering to a National Chess Federation affiliated to FIDE in order to be a part of the Chess Sport Community, any individuals agree to be registered in the FRS by the National Chess Federation.

4.3 FIDE processes data in a fair and legitimate way only if it is necessary for the abovementioned services to work properly: by participating to any FIDE rated event, as inserted in the FRS by any National Chess Federations, and by requesting any National Chess Federations to issue a FIDE Identification Number (FIN), or by requesting FIDE to be included in the directory or any other lists, you agree to the process, as indicated above.

4.4 National Chess Federations are responsible for adhering to the national Laws applicable on privacy and data protection.

5. How FIDE collects Data. Authorised Data Collectors

5.1 FIDE collects data in several different ways:

5.1.1 Data can be inserted in the FRS by National Chess Federations, directly.

5.1.1.1 In this case, it means an individual requested a National Chess Federation to be registered in the FRS. FIDE obliges all National Ratings Officers to make a legitimate use of the FRS. Abuses can be punished by FIDE. If any individuals suspect their name was put in the FRS without their consent, they may notify to the National Chess Federation which registered them and FIDE.

5.1.2 Data can be inserted in the FRS by the FIDE Office, directly.

5.1.2.1 This case may only happen when FIDE gives an individual a particular duty. In this case, FIDE uploads and stores data only after the concerned individual had expressed their consent by accepting the duty FIDE gave to them.

5.1.3 Data can be inserted in the Directory by the FIDE Office, directly.

5.1.3.1 In this case, it means that either FIDE or a National Chess Federation appointed new officials and wants them the be featured in the directory. FIDE requires everyone who is featured in the directory to be identified and to get a FIN, as well as it obliges all National Chess Federation to submit requests to feature new officials in the directory only if they expressed their consent to the National Chess Federation. If any individuals suspect their name was put in the directory without their consent, they may notify to the National Chess Federation which registered them and FIDE.

5.14 Data can be sent by any individuals themselves, by sending an e-mail to the Administration or manually registering in the FIDE website or connected services.

5.1.4.1 In this case, FIDE stores data only after having received an explicit request by the individuals themselves.

5.2 In all the abovementioned cases, for underage people (in the country they are citizens of) consents are given or requests are made by their legal tutors and confirmed by the individuals themselves after the majority. Such confirmation is considered to stand until the individual requests FIDE to remove their data.

6. What Data FIDE Collects:

6.1 FIDE collects different sets of data according to the level as mentioned here following:

6.1.1 Level 1: for any individual included in the FRS and any other individual to whom FIDE issues a FIN: Name, Surname, Birthday, Federation, Gender (M or F), e-mail address. This data is ordinarily submitted by National Chess Federations.

6.1.1.1 Level 1/A: when the Administration requires a confirmation about the abovementioned data, it may require a copy of an official government-issued identification document. This copy is promptly eliminated after the verification is complete.

6.1.1.2 Level 1/B: for people receiving prizemoney or refunds directly from FIDE, it also collects physical addresses, phone numbers, bank details and local taxes details. This data is ordinarily provided directly from the single individual.

6.1.2 Level 2: for officials, organs, and people permanently or temporarily involved in the Administration FIDE also collects a second e-mail address, physical addresses, phone numbers and bank details. This data is ordinarily provided directly from the single individual.

6.1.3 Level 3: for National Chess Federations’ Officials, FIDE also collects a second e-mail address, physical addresses and phone numbers. This data is ordinarily provided by National Chess Federation.

6.1.4 Level 4: for people applying for titles or exchange of Federation FIDE also collects citizenship details, physical addresses, phone numbers, place of birth and other documents related to their nationality or residence status. This data is provided from the single individuals trough their National Federation.

6.1.5 Level 5: in case of stipulation of specific contracts, additional data may be required for specific purposes and upon specific consent. This data is provided directly from the single individual.

6.1.6 Level 6: for FIDE employees, FIDE also collects tax details, and social insurance number/details and any other data required by national authorities upon a legal obligation. This data is provided directly from the single individual. When FIDE has a legal obligation to register an individual in the national tax system or social insurance system, some information might be provided by the competent State authorities.

6.2 The FRS may host a picture of anyone who is recorded in the database.

6.2.1 Underage people photos are not displayed in any case until they reach the majority, unless it is sent personally by their legal guardians and their identity has been confirmed.

6.2.2 Photos about any other individuals included in the FRS are displayed only upon their or their Federation request addressed to FIDE offices.

6.2.3 In case that FIDE believes the request needs to be confirmed, it may ask the owner to confirm their willing their picture to be displayed on the FRS, according to the level 1/A.

6.3 Photos taken during sport public events has not such restrictions.

7. Data collection activity and refusal

7.1 Data collection is necessary in order to achieve the purposes and complete the activities above indicated.

7.2 In case of refusal to let your data, as indicated above, be processed by FIDE, the abovementioned activities shall be impossible. Thus, in case of refusal, the following consequences shall occur:

7.2.1 For any individual to be included in the FRS and any other individual requiring a FIN, refusal prevents that individual to be included in the FRS and take part to any chess event.

7.2.2 For people entitled to receive a prizemoney or refunds directly from FIDE, refusal prevents FIDE to make any payment.

7.2.3 For officials, organs, and people permanently or temporarily involved in the Administration, refusal of data policy as mentioned in their contract or appointment letter, prevents FIDE to include the name in the directory and the appointment to progress.

7.2.4 For a National Chess Federations’ officials, organs, and people permanently or temporarily involved in their Administration, refusal to provide a personal e-mail address, an official government-issued identity document and be issued with a FIN, prevents FIDE to include the name in the directory.

7.2.5 For people applying for titles or exchange of Federation, refusal prevents FIDE to process their application.

7.2.6 In case of stipulation of specific contracts which require additional data, refusal prevents the contract to be concluded.

7.2.7 For people applying for a job, refusal prevents FIDE to sign the contract.

8. Format of storage

8.1 Your data are stored electronically and in paper:

8.1.1 The electronic data archives are stored in FIDE servers, which are located in Germany and Russia. Safety measures as described in point nr. 16 protects the electronic archives.

8.1.2 The paper archive is stored in Lausanne, at the FIDE main office, in classified files in closed rooms.

9. How FIDE processes Data

9.1 FIDE processes data in automatic and manual ways:

9.1.1 Automatic processes include publication in FIDE website of the level 1 information, rating calculation, activity status, and statistical outputs on rating variation, national/continental rankings and enquires inside the database on any index. Automatic processes are made by computer programs which operate on the database.

9.1.2 Manual processes include any edit or change to single data, or any variation upon single application, or exchanging federation, merge, separate, delete and add single records, exporting lists of players and results, downloading rating lists. Manual processes include also any kind of search and enquiry of the database directly performed by any FIDE website visitor or operator.

10. Special processes connected to special obligations (doping and cheating prevention)

10.1 FIDE Medical Commission and FIDE Fair Play Commission performs special processes connected to doping and cheating prevention in sport.

10.2 Special processes are necessary in order to maintain FIDE integrity as a global sport organization and as a part of the obligations FIDE has got, being recognized by the IOC and member of the WADA.

10.3 Special processes connected to these purposes includes personal data collected during the process itself and/or anti-doping or anti-cheating investigations.

10.4 Personal o sensitive data are acquired only directly from the owner and subject to maximum level of confidentiality. They are stored in the computers in use to both the chairmen and the secretaries of the relevant Commissions, in respect of their mission.

10.5 Only member of the relevant commissions can be granted access to that kind of data and only if it necessary to perform test or investigations.

10.6 The Commissions may acquire information and consultations from external consultants who have no access to names and any other element, which can lead to anyone’s identification.

10.7 FIDE Medical Commission, as a part of anti-doping process, enters data and hold them through WADA’s ADAMS platform, which is encrypted and safeguarded through passport access.

11. Level of data publication

11.1 Data stored on the FRS can be seen and displayed at different level in FIDE public website or through private access.

11.1.1 Any visitor of FIDE website may see: Name, Surname, Year of birth, Federation, Gender (M or F), rating, title and inactivity flag, history of games of any individuals included in the FRS.

11.1.2 Any visitor of FIDE website may see also: e-mail address, physical address, phone number and place and full birthday of any individuals who applied for a title and put voluntarily those data on the application form (only applicable to forms published before 2020).

11.1.3 Any visitor of FIDE website may see also: e-mail address, physical address, phone number of any Federations’ official included in the directory (only applicable to those officials who gave their consent).

11.1.4 National Rating Officers or the people designated by National Federations have full access to all the records of the players of their Federation, including all the abovementioned information.

11.1.5 The personnel of the FIDE Office have full access to all the records of the database, including all the abovementioned information and the full history of data editing.

11.1.6 People who has full access to any information are enlisted in FIDE directory under the pages of any specific Federation (Rating Officer/General Secretary) and FIDE Office.

11.2 All those people who have full access to the records are bound to a non-disclosure policy on the data they can put or see from the FRS.

12. Profile

12.1 FIDE profiles data in order to make statistical outputs and results of world/continental/national results and rankings.

12.2 Under the section A of this policy regulations, data of those people who didn’t give any specific consent are not used to be profiled for other purposes than sport statistic outputs.

13. Duration

13.1 FIDE stores data without any term: your personal data will be stored until your decision them to be deleted, duly communicated as per art. 18.

13.2 The only case where data is cancelled from the database is on request of the owner or their heirs. After cancellation, your data will be stored only for historical reasons in the tournament archives.

14. Data Transfer

14.1 Your personal data are stored and protected in the FIDE servers which are located in Germany. Backup copies are also stored in the FIDE servers in Russia.

14.2 Your personal data can be transferred:

14.2.1 To any National Chess Federations with restriction to data of the individuals registered under their flags.

14.2.2 To any FIDE internal bodies, committees or commissions, and the members of them with no restrictions, officials and organs.

14.2.3 to the Developers of FIDE website only in order to test and improve FIDE website functionalities.

14.2.4 to World Chess Events Ltd. (based in London – UK), up to the end of their contract, with restriction to data already displayed on FIDE website to any visitor of it, and only for organizational purposes.

14.3 Due to the fact data can be transferred to any internal bodies, committees or commissions, officials and organs, they can be sent in any country whose members are included in FIDE directory.

15. Disclosure

15.1 FIDE is not disclosing data to any kind of company, body or individual for commercial purposes, nor it is profiling anyone for such goals.

15.2 FIDE is not responsible for any uses that any individuals would do with data which is accessible for the public view (level 1).

16. Data security

16.1 The FRS access is password protected and has password restore utility. The FRS users can change their passwords and they are not disclosed to anyone.

16.2 Part of the FRS which access is restricted to the FIDE Office is closed for access by firewall IP access limit, webserver IP access limit and username/password. FIDE also uses firewall blocking for database and servers, which access is restricted to the FIDE Office IP.

16.3 FIDE webserver is protected from attack blocking (URL injections, DDos attacks) and performs regular security audits for vulnerabilities.

16.4 Backups of main database are done daily and stored on remote machines, which are located in Russia and Germany, under FIDE control.

16.5 Any personal data included in the FRS is encrypted.

17. Your rights

17.1 You have anytime the right to:

17.1.1 Check the existence of your data in the FIDE databases.

17.1.2 Request from FIDE access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability.

17.1.3 Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

17.1.4 Lodge a complaint with a supervisory authority.

17.1.5 Check the origin from which the personal data belong, and if applicable, whether it came from publicly accessible sources.

17.1.6 Know the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

17.2 Actions under art. 17.1.1 can be performed directly by any individual by checking in the FRS from the public access in FIDE website or by e-mail to privacy@fide.com.

17.3 Actions under art. 17.1.2 and 17.1.3 shall come through the National Chess Federation under which an individual is registered. In case the National Chess Federation is refusing to perform such actions or is not performing them in a deadline of 30 days, they can be taken directly by any individuals by sending a letter to the FIDE DPO at the abovementioned addresses, enclosing a copy of an official government-issued identity document.

17.3.1 FIDE Administration will notify the request by e-mail and will proceed upon your confirmation.

17.4 Action under art. 17.1.4 shall be taken according to any supervisory authority’s own procedure (please refer to: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en?2nd-language=lt)

17.5 Actions under art. 17.1.5 and 17.1.6 can be taken directly by sending an e-mail to privacy@fide.com, enclosing a copy of an official government-issued identity document.

18. Data cancellation

18.1 You have anytime the right to ask FIDE to delete your personal data from the database: by taking such an action you are aware that data cancellation from the FRS prevents you to take part to any FIDE rated event.

18.2 This request shall come through the National Chess Federation under which an individual is registered, and it will be confirmed by itself.

18.2.1 In case the National Chess Federation requires an internal procedure to perform such action, the applicant shall fulfil it.

18.2.2 In case the National Chess Federation would refuse to ask the erasure of your data or will not do it in a deadline of 30 days, you can apply directly by sending a signed letter to FIDE DPO at the abovementioned addresses, enclosing a copy of an official government-issued identity document.

18.2.2.1 FIDE Administration will notify the request by e-mail and will proceed upon your confirmation.

18.2.2.2 When art. 18.2.1 applies, the deadline mentioned in the art. 18.2.2 is suspended until the National Chess Federation internal procedure has been completed.

18.3 After the cancellation, your data will be stored in historical reports of any played tournament or championship and title repository. Any individual has the right for these data to be pseudonymised.

18.4 The already made processes based on previous consent shall be legal and lawful also after the withdrawn of the consent and/or the request of data erasure.

19. Data breach

19.1 In case of a data breach FIDE will notify immediately the fact and act according to the provision of the regulations.

20. Legal obligations through administrative authorities

20.1 If the following situations occur FIDE shares information with any entitled regulatory or administrative National authority, police or judiciary:

20.1.1 When a legal request is addressed to FIDE or FIDE believes in good faith to have the legal obligation to do that.

20.1.2 When a Law or any judiciary orders FIDE to act in a specific way.

20.1.3 When it is found that FIDE databases are used to make any breach of a Law or personal data inserted in the FRS are found to be false, or there is clear danger of misuse of someone’s personal data.

20.2 If any entitled regulatory or administrative National authority asks FIDE to share any information for a legal reason, FIDE may store data even in case of withdrawn of consent in order to fulfil any requested action.

21. Notifications of any change of data protection policy

21.1 In case of any change of this data protection policy FIDE will notify to all National Chess Federations.

21.2 FIDE will also announce any change with special notices on its website.

21.3 Any change will be effective after five days from its announcement: meanwhile everyone has the right to ask their data to be restricted or erased with the consequences indicated above.

22. Disputes

22.1 Disputes not subjected to administrative or regulatory authorities shall be solved in Lausanne competent Court.

SECTION C: COOKIES

23. Cookies in use

23.1 A cookie is a limited dimension file which is downloaded to your computer when you visit a website, to enhance your browsing experience.

23.2 The FIDE website uses a very limited amount of first party cookies, set by FIDE.

23.2.1 FIDE cookies are only intended to simplify the authentication process on the website: when a registered user enters any text in the username and password fields, the server sets a cookie, which is a unique code on server side and downloads it to the user.

23.2.2 Every time the user makes an authentication request to the website, the web browser checks if such code is valid and if yes, then treats user as logged in.

23.2.3 These cookies are not in use if the user doesn’t try to login the website.

23.3 All cookies downloaded from the FIDE website can be deleted, removed, restricted or blocked without any impact on the possibility to uses the general services.

23.3.1 You can prevent the setting of cookies or disable set cookies at any time by adjusting the settings on your browser. Please notice that every browser allows you to do so in different ways.

24. Third-party cookies

24.1 FIDE doesn’t use third-party cookies. However, be informed that third-party cookies can be installed by other websites you visit to track your activity and they can record also what pages you browsed in FIDE.com. please be informed that FIDE has no control over third-party cookies. In case you visited other websites than FIDE.com, we advise you to read their cookie policy.

24.2 Special policy apply for the use of the e-commerce portal (visit section D).

SECTION D: E-COMMERCE

25. FIDE Online shop

25.1 FIDE holds one online shop under the owner’s domain shop.fide.com that is empowered by an external IT company named Shopify.

25.1.1 The company has two branches: Shopify Commerce Singapore Pte. Ltd., 77 Robinson Road, #13-00 Robinson 77, Singapore 068896 and Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.

25.2 Shopify doesn’t intervene in the e-commerce process but provides FIDE the technology and TEC assistance.

26. Additional data collected in the e-commerce portal

26.1 In case you buy something from the FIDE e-commerce portal, ad additional data set is collected to fulfil the purchase and the delivery.

26.1.1 Level 7: for any individual who purchases any items from the FIDE e-commerce portal, FIDE collects Name, Surname, physical delivery address, e-mail address and phone number. This data is provided directly from the single individual.

27. Data collection activity and refusal

27.1 Data collection described in this section is necessary in order to fulfil the purchase and deliver the goods you bought.

27.2 In case of refusal to let your data, as indicated above, be processed by FIDE, purchase shall be impossible.

28. Format of storage

28.1 Data collected by the e-commerce portal are only stored electronically (please visit section B)

29. How FIDE processes Data in the e-commerce portal

29.1 FIDE processes data in automatic and manual ways:

29.1.1 Automatic processes includes the order processing to the distributor and automated operations in the logistic centres in order to deliver your purchase. Automatic processes are made by computer programs.

29.1.2 Manual processes include packaging and delivering your order by the logistic operators.

30. Publication

30.1 Data coming from the e-commerce portal are not subject to publication.

31. Data Transfer

31.1 once you perform a purchase your personal data are subject to transfer to the following recipients:

31.1.1 your bank and credit card provider, PayPal or other providers of financial instruments used to authorise the payment.

31.1.2 The actual distributor of the item you purchased.

31.1.3 Logistics and post companies in charge of performing the delivery.

32. Financial data

32.1 FIDE uses third-party payment service to allow you to purchase an item or make payments.

32.2 Once you perform a purchase, FIDE redirects you to the third-party payment service website.

32.2.1 Any information that you provide to a third-party payment service website will be subject to their privacy policy.

32.2.2 Any information that FIDE receives from the third-party payment service will be handled according to this privacy policy.

32.2.3 FIDE has no access to any financial information that you provide to the third-party payment service.

33. Profile

33.1 FIDE e-commerce portal doesn’t profile users.

34. Mailing list

34.1 FIDE e-commerce portal offers the opportunity to join a mailing list regarding new available items and other commercial information.

34.2 In case you decide to subscribe the mailing list, you may receive periodical e-mails with various offers and commercial information.

35. Your rights

35.1 all the rights stated in art. 17 and 18 of the section B can be applied to the e-commerce portal.

35.2 Regarding the e-commerce portal, you can exercise your rights directly emailing FIDE at privacy@fide.com.

35.3 FIDE has no authority on the data you provided for the purchase and were transferred to third-party payment services, logistics and post companies and distributors.

36. Additional cookies

36.1 When you decide to visit the FIDE e-commerce portal, additional cookies will be placed to your device.

36.2 the use of these additional cookies is necessary to perform your orders and transactions. For example, the e-commerce portal places user-input cookies to keep track of a user’s input when filling in forms that lasts more than one page.

36.3 A detailed list of cookies placed by the e-commerce portal may be found at: https://www.shopify.com/legal/cookies, section “Merchant Storefront”.

FIDE Data Protection Policy version 2.0 – February 2024