Data Protection Policy

Data Protection Policy – FIFA Legal Journal

Fédération Internationale de Football Association (FIFA)
FIFA-Strasse 20
8044 Zurich
Switzerland

Please read the following to learn more about the ways FIFA uses your personal data before you use the FIFA Legal Journal website and before you engage with the Journal's editorial and publication processes.

FIFA is committed to protecting your personal data and respecting your privacy. We encourage you to carefully read this Privacy Policy.

This Privacy Policy explains our data protection and privacy practices and how personal data is collected online and used by FIFA in connection with the FIFA Legal Journal, including the Journal's website and its internal editorial and publication processes. This Policy applies to authors, experts, reviewers, editorial board members, subscribers, and visitors.

When it comes to data, FIFA follows mainly the General Data Protection Regulation (GDPR) but also national and international privacy laws.

This Data Protection Policy has been drafted in English and has been translated into other languages. In the event of discrepancies between the English and the translated texts, the English text shall prevail and be used to solve doubts of interpretation.

Date of issue of this Data Protection Policy: March 2026

1. International transfer

YOUR INFORMATION IS PROCESSED IN SWITZERLAND AND IN THE EUROPEAN ECONOMIC AREA ("EEA"), AND MAY BE PROCESSED ELSEWHERE DEPENDING ON THE LOCATION OF SERVICE PROVIDERS OR TECHNICAL INFRASTRUCTURE SUPPORTING THE LEGAL JOURNAL WEBSITE. IF FIFA PROCESSES YOUR PERSONAL INFORMATION OUTSIDE THE EEA, ALL REASONABLE STEPS WILL BE TAKEN TO ENSURE THAT YOUR INFORMATION IS TREATED AS SAFELY AND SECURELY AS WITHIN THE EEA UNDER THE SWISS DATA PROTECTION ACT ("DPA") AND THE GENERAL DATA PROTECTION REGULATION ("GDPR").

2. How we look after your data

FIFA respects the rights of individuals to have their personal data protected. We will observe the following principles:

  • We process your data lawfully, fairly and transparently.
  • We collect data for a specific purpose. Once that purpose is complete, we won't process your data again.
  • We keep your data accurate, up-to-date and only for as long as we need it.
  • We keep all personal data confidential, accurate and available.
  • Provision of required personal data is necessary to publish articles or receive subscription services.

3. The collection of personal data and how FIFA uses it

FIFA collects only the personal data needed to operate the FIFA Legal Journal, manage subscriptions, and conduct the editorial and publication process.

3.1 Subscription to the FIFA Legal Journal

To subscribe to the digital Journal, individuals must provide only:

  • Name
  • Email address

This information is used exclusively to deliver the Journal and manage subscription preferences.

No additional data is collected for subscription purposes.

3.2 Authors (Experts Invited by the FIFA Editorial Committee)

Authors are not self-registered users and do not interact with any online submission system.

Authors are selected directly by the FIFA Editorial Committee, based on:

  • their recognised expertise,
  • publicly available professional information, and
  • established professional contacts.

Authors provide only the information required for publication:

  • Name
  • Surname
  • Affiliation

This is the information that appears in the published article.

No additional personal data is collected from authors.

3.3 Editorial Workflow

All submission and review processes occur entirely via email and internal FIFA systems.

The editorial process functions as follows:

  • The Editorial Committee contacts selected experts by email to invite them to contribute.
  • If the expert accepts, the manuscript is drafted and sent to the Committee via email.
  • The Committee reviews the manuscript and may provide comments or request revisions.
  • Once the content is finalised, the Committee sends the article to our provider Tirant Lo Blanch.
  • Tirant performs an orthographic and formatting review only.
  • FIFA approves the final version before publication.
  • No external system is used for submissions, review, or communication.

3.4 Editorial Board Responsibilities

Editorial Board members:

  • may correct formatting of existing metadata (e.g., affiliation formatting),
  • must not add any new personal data beyond what the author provides, and
  • process personal data strictly under FIFA's instructions.

3.5 Website browsing

When visiting the FIFA Legal Journal website, certain technical data is collected automatically to ensure secure and reliable website operation. This includes:

  • IP address
  • Browser type
  • Referring website
  • Timestamp and technical logs necessary to ensure system integrity

The website also uses cookies for essential functionality, security, and audience measurement. Details on the categories of cookies used and how to manage cookie settings are provided in the Cookie Policy, available on the Legal Journal website.

4. Lawful basis

FIFA relies on several lawful bases depending on the processing purpose:

4.1 Performance of a contract

Used for:

  • administering article preparation, editorial review, and publication processes;
  • administering the Journal subscription service;
  • ensuring website functionality.

If an author does not provide required information, FIFA cannot process their submission.

4.2 Consent

Used only for:

  • subscribing to receive the Journal by email,
  • optional website profile fields,
  • optional author metadata not required for editorial workflow.

Consent can be withdrawn at any time.

4.3 Legitimate Interests

Used for:

  • maintaining security of the website,
  • strictly anonymised analytics to improve website performance,
  • administrative communication with authors and subscribers,
  • administrative communication related strictly to website operation (not marketing).

Non-essential cookies and analytics operate only with user consent.

4.4 Compliance with legal obligations

Used where retention or disclosure is required by law.

5. Information Sharing and Disclosure

FIFA may send personal data about you to third parties when:

  • FIFA needs to share your personal data to provide a product or service you have requested; or
  • FIFA provides personal data to companies who work on our behalf under data processing agreements providing for the required safeguards for your personal data in accordance with applicable data protection laws, such as Tirant Lo Blanch;
  • FIFA needs to respond to subpoenas, court orders or legal processes;
  • FIFA believes it is necessary, at its sole discretion, to investigate, prevent, or take action regarding illegal activities, suspected fraud, emergency situations involving potential threats to the physical safety of any person, violations of Our Terms, or as otherwise required by law.

Please note that the personal data is handled only by the Editorial Board and editorial team.

FIFA engages third-party service providers strictly for hosting, email delivery, system maintenance, and IT security.

Tirant Lo Blanch, our editorial provider, receives only the final manuscript for orthographic and formatting review and does not receive subscriber data or author personal data beyond what appears in the published article. Tirant Lo Blanch is a privately-owned legal publisher headquartered in Valencia, Spain. It is one of the most prestigious publishers in the Spanish-speaking legal sector, specialising in legal scholarship, academic publications, and professional legal resources.

In addition to its core publishing activities, the Tirant group also develops legal databases, training services, and technological tools for legal professionals.

These providers act solely on FIFA's instructions, under binding data processing agreements, and may be located inside or outside the EEA under valid transfer mechanisms.

6. Where we process your data

Your information is processed in the European Economic Area ("EEA"), and may be processed elsewhere depending on the location of affiliates, business partners, and other entities who are permitted to access such information under the terms of this data protection policy (locations outside the EEA may include countries which may not assure an adequate level of data protection according to applicable laws in the EEA and Switzerland). If FIFA processes your personal information outside the EEA, all reasonable steps will be taken to ensure that your personal information is treated as safely and securely as it would be within the EEA under the General Data Protection Regulation ("GDPR"). This includes the signature of the Standard Contractual Clauses issued by the European Union or another mechanism permitted by GDPR and Swiss law.

7. Security

FIFA wants you to feel confident about using the website. For this reason, FIFA has implemented adequate technical and organisational measures designed to secure your personal data from accidental loss and from unauthorised access, use, alteration or disclosure. Security measures include access controls, encryption, monitoring, and incident-response procedures. However, FIFA cannot guarantee that unauthorised third parties might not maliciously access your personal data.

Identity theft and the practice currently known as "phishing" are of great concern to FIFA. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password or national identification numbers in a non-secure or unsolicited email or telephone communication.

FIFA has implemented procedures to react in case of unauthorised access, use, alteration or disclosure of personal data. If you suspect such an incident has occurred, please get in touch with FIFA via dataprotection@fifa.org.

If you communicate with FIFA by email, please note that the secrecy of internet email is uncertain. By sending sensitive or confidential email messages or information which are not encrypted, you are accepting the risk of a possible lack of confidentiality over the internet.

8. Updating and deleting your data

You can review, correct, update or change your data at any time. If you ask us to delete your data we'll do so, unless there's a legal reason that means we have to keep it. FIFA will respond to any rights request within one month (extendable by two months if necessary).

9. Retention period

Retention periods follow operational and legal requirements:

  • Subscription data: retained until you unsubscribe.
  • Published material: permanently.
  • Unpublished submissions: kept for up to 5 years.
  • Website logs: retained for a limited period (typically 30–90 days) unless needed for security investigations.

10. Roles and responsibilities

FIFA acts as the data controller for all processing related to the Legal Journal website and all related editorial and publication processes. Editorial Board members and editorial team members process data under FIFA's instructions.

11. Children and data

The Legal Journal is not directed to children. FIFA does not knowingly collect data from individuals under 16. We recommend parents and guardians clear their browser cache of cookies to minimise the personal data collected. If we find out we've collected data from a child without permission, we'll delete it.

12. Cookies

Cookies are small pieces of information stored on your browser when you use our website. The website uses cookies for essential functionality, security, and analytics. A detailed Cookie Policy and cookie-consent banner are available on the site, allowing you to manage your preferences at any time.

13. Your rights

You have the following rights under the Swiss Data Protection Act and GDPR:

  • the right to be informed about FIFA's collection and use of personal data;
  • the right of access to the personal data FIFA holds about you;
  • the right to rectification if any personal data FIFA holds about you is inaccurate or incomplete;
  • the right to deletion – i.e. the right to ask FIFA to delete any personal data we hold about you;
  • the right to restrict the processing of your personal data;
  • the right to data portability – i.e. obtaining a copy of your personal data to re-use with another service or organisation;
  • the right to object to FIFA using your personal data for particular purposes;
  • the right to revoke a given consent at any time; and
  • further rights with respect to the objection to automated decision-making and profiling (none used here).

If you have any cause for complaint about FIFA's use of your personal data, please contact FIFA's dedicated team at dataprotection@fifa.org. We may require you to provide verification of your identity. In case you are not satisfied with our response, you always have the right to lodge a complaint with the competent data protection authority within the EEA, namely the Swiss Federal Data Protection and Information Commissioner (FDPIC). Please note that in certain circumstances FIFA may withhold access to your personal data where FIFA has the right to do so under applicable data protection legislation.

14. Changes to this Data Protection Policy

This Data Protection Policy may be amended from time to time. If FIFA amends this Data Protection Policy, any changes will be immediately posted on the website.

15. Contact

If you have any questions about this Data Protection Policy, please contact FIFA's Data Protection Officer by email at dataprotection@fifa.org or by post to FIFA-Strasse 20, 8044 Zurich, Switzerland.

16. Precedence

In the event that the provisions of this Data Protection Policy conflict with the provisions of a third-party Data Protection Policy, the provisions of this Data Protection Policy shall prevail.

17. Jurisdiction and applicable law

This Policy is governed by the substantive laws of Switzerland.

Any dispute shall be subject to the exclusive jurisdiction of the Courts of the City of Zurich.