Be informed that on August 2019 Fide adopted its data protection policy
pursuant to its obligations upon national and international Laws protecting
privacy.
The policy is available here following and it is also published on FIDE
website.
When accessing and operating on Fide Rating System you process personal
data such as name, gender, emails, birthdays and others.
Thus, you are fully involved in FIDE data protection policy and must
respect its protection standards and all the following obligations:
A. You are required to read and accept FIDE data protection policy:
by ticking “I agree” you assume on yourself all the obligations
and relevant responsibilities coming from this policy.
B.
You are required to operate on FRS only for the purposes of FRS and
your role as Rating Officer/Officer:
by ticking “I agree” you assume on yourself the commitment to
operate in a legitimate way only to let FRS properly function and not for
other or personal purposes;
C.
You are required to keep secret and safe all the information you
acquire from FRS:
sharing data or disclosing information you acquired from FRS is totally
forbidden and may lead to your ban from using FRS;
D.
You are required to insert in FRS personal data only upon specific
consent released by the owner:
by inserting personal data in FRS you take yourself the responsibility of
the given consent. FIDE assumes that national Federations process data in a
way fully compliant with the Laws of the relevant countries and FIDE data
protection policy.
Please, be informed that any new record will be notified to the owner.
E. You are required to insert in FRS only true data with specific
concern to e-mails which must be personally given by the player or his/her
legal representative and must be of the player or his/her legal
representative.
F.
You will be considered legally responsible of any breach of this
policy:
in case there were evidences, of any kind of misuse of FRS and that you
broke any Law or FIDE data protection policy, entered false data or
unauthorized data,
you will be considered liable for it and FIDE reserves the right to
charge the responsible in any relevant Court
to claim for damages.
G.
You are invited to read the following data protection policy and commit
yourself to respect it in any point:
In order to perform its aims to be the supreme body responsible for the
sport of chess and give National Federations, players and any other
individual the services FIDE is intended to give as they are listed in the
Statutes, it needs to collect, store and process personal data.
FIDE cares that the data are handled in a fair and transparent way and
makes all the necessary efforts to enforce this goals.
1.
DATA CONTROLLER, REPRESENTATIVE, DPO, DATA PROTECTION COMMITTE
Data Controller:
FIDE – Federation Internationale des Echecs, whose legal seat is Avenue de
Rhodanie 54 – 1007 Lausanne, Switzerland.
Current legal representative is its President Mr. Arkady Dvorkovich.
As per decision Q2PB/2019/11 FIDE designated the following officials:
Data Protection Committee:
Mr Willy Iclicki (BEL): Data Protection Officer;
Mr Marco Biagioli (ITA): Data Protection Legal Advisor;
Mr Vladimir Kukaev (RUS): Data Protection Technical Advisor.
Data Protection Representative for the European Union:
Mr Willy Iclicki (BEL).
Data Protection Officer:
Mr Willy Iclicki (BEL).
2. CONTACTS
Data Protection Representative for the European Union and Data Protection
Officer:
Mr Willy Iclicki (BEL) whose seat inside the European Union is Avenue du
Globe 55 – Box 20 – 1190 Brussels, Belgium.
SECTION A: GENERAL PROVISIONS FOR ORDINARY DATA COLLECTION
3. PURPOSE OF DATA COLLECTION
FIDE collects data in a fair and transparent way only in order to let
itself, its internal bodies and its services work.
The use and storage of the relevant data is necessary in order:
- to let FIDE internal bodies, boards, commissions and committees perform
their duties according to the Statutes and the Regulations, as well as
according to the relevant decisions on their goals;
- to let FIDE services, among which there are FIDE Rating System (FRS),
FIDE titles and classification of players, arbiters, organizers, trainers
and officials, properly function;
- to maintain the functionalities of FRS: like in any other sport, FRS is
necessary to estimate the strength of the players and create a ranking of
them to let any sport activity (championships, tournaments) be run in a
fair way;
- to properly let FIDE to give titles according to the relevant
Regulations;
- to let FIDE appoint people to any duty in its internal bodies or to any
role in its events.
4. LEGAL BASIS
Data are collected and processed by legal agreement and in order to provide
the services requested to FIDE itself.
FIDE processes data in a fair and legitimate way only if it is necessary
for the abovementioned services to work properly: by participating to any
FIDE rated event, as inserted in FRS by any National Federation, and by
requesting any National Federation to issue a FIDE Identification Number
(FIN), or by requesting FIDE to be included in the directory or any other
list, you agree to the process, as indicated above.
5. HOW FIDE COLLECTS DATA – DATA COLLECTORS
FIDE collects data in several different ways:
- Data can be inserted in FRS by National Federations, directly.
In this case, FIDE notifies the insertion of the data in the system by
sending an email to the individual whose data were collected, hence he is
informed that a National Federation inserted his data in FRS and might
exert his rights.
- Data can be inserted in FRS by Elista FIDE Office (EFO), directly.
In this case, FIDE uploads and stores data only after having received an
explicit consent by the individual whose data are going to be collected.
- Data can be sent by any individual himself, by sending an email to the
Administration or manually registering in the FIDE website or connected
services.
In this case, FIDE stores data only after having received an explicit
request by the individual himself.
In all the abovementioned cases, for underage people (in the country they
are citizens of) consents are given or requests are made by their legal
tutors and confirmed by the individuals themselves after the majority.
6. COLLECTED DATA
FIDE collects different data according to the level as mentioned here
following:
- For any individual included in FRS and any other individual to whom FIDE
issues a FIN: Name, Surname, Birthday, Federation, Gender (M or F), email
address.
When the Administration requires a confirmation about the abovementioned
data, it may require a copy of an official identification document.
This data are ordinarily submitted by National Federations and notified
to the single individual as per point nr. 5.
- For people receiving prizemoney or refunds directly from FIDE, it also
collects physical addresses, phone numbers and bank details and local taxes
details.
This data are ordinarily provided directly from the single individual.
- For officials, organs, and people permanently or temporarily involved in
the Administration FIDE also collects a second email address, physical
addresses, phone numbers and bank details.
This data are ordinarily provided directly from the single individual.
- For people applying for titles or exchange of Federation FIDE also
collects physical addresses, phone numbers, place of birth and nationality.
This data are provided from the single individual trough his National
Federation.
- In case of stipulation of specific contracts, additional data may be
required for specific purposes and upon specific consent.
This data are provided directly from the single individual.
- For FIDE employees, FIDE also collects tax details, and social insurance
number/details and any other data required by national authorities upon a
legal obligation.
This data are provided directly from the single individual.
FRS may host a picture of anyone who is recorded in the database.
Underage people photos are not displayed in any case until they reach the
majority, unless it is sent personally by their legal tutors.
Photos about any other person included in FRS are displayed only upon his
or his Federation request addressed to FIDE offices.
In case that FIDE suspects the request needs to be confirmed, may ask the
owner to confirm his willing his picture to be displayed on FRS.
Photos taken during sport public events has not such restrictions.
7. DATA COLLECTING ACTIVITY AND REFUSAL
Data collection is necessary in order to achieve the purposes and complete
the activities above indicated.
In case of refusal to let your data, as indicated above, be processed by
FIDE, the abovementioned activities shall be impossible.
Thus, in case of refusal, the following consequences shall occur:
- For any individual to be included in FRS and any other individual
requiring a FIN, refusal prevents that individual to be included in FRS and
take part to any chess event;
- For people entitled to receive a prizemoney or refunds directly from
FIDE, refusal prevents FIDE to make any payment.
- For officials, organs, and people permanently or temporarily involved in
the Administration, refusal of data policy as mentioned in their contract
or appointment letter, prevents FIDE to include the name in the directory
and the appointment to progress.
- For people applying for titles or exchange of Federation, refusal
prevents FIDE to process their application.
- In case of stipulation of specific contracts which require additional
data, refusal prevents the contract to be concluded.
- For people applying for a job, refusal prevents FIDE to sign the
contract.
8. FORMAT OF STORAGE
Your data are stored electronically and in paper.
The electronic data archives are stored in FIDE servers, which are located
in Germany and Russia. Safety measures as described in point nr. 16
protects the electronic archives.
The paper archive is stored in Lausanne, at the FIDE main office, in
classified files in closed rooms.
9. HOW FIDE PROCESSES DATA
FIDE processes data in automatic and manual ways:
- Automatic processes include publication in FIDE website of the first
level information, rating calculation, putting inactive flag, and
statistical outputs on rating variation, national/continental rankings and
enquires inside the database on any index. Automatic processes are made by
computer programs which operate on the database.
- Manual processes include any edit or change to single data, or any
variation upon single application, or exchanging federation, merge,
separate, delete and add single records, exporting lists of players and
results, downloading rating lists. Manual processes include also any kind
of search and enquiry of the database directly performed by any FIDE
website visitor or operator.
10.
SPECIAL PROCESSES CONNECTED TO SPECIAL OBLIGATIONS (DOPING AND CHEATING
PREVENTION)
FIDE Medical Commission and FIDE Fair Play Commission performs special
processes connected to doping and cheating prevention in sport.
Special processes are necessary in order to maintain FIDE integrity as a
global sport organization and as a part of the obligations FIDE has got,
being recognized by the IOC and member of the WADA.
Special processes connected to these purposes includes personal data
collected during the process itself and/or anti-doping or anti-cheating
investigations.
Personal o sensitive data are acquired only directly from the owner and
subject to maximum level of confidentiality.
They are stored in the computers in use to both the chairmen and the
secretaries of the relevant Commissions, in respect of their mission.
Only member of the relevant commissions can be granted access to that kind
of data and only if it necessary to perform test or investigations.
The Commissions may acquire information and consultations from external
consultants who have no access to names and any other element, which can
lead to anyone’s identification.
FIDE Medical Commission, as a part of anti-doping process, enters data and
hold them through WADA's ADAMS platform, which is encrypted and safeguarded
through passport access.
11. LEVEL OF DATA PUBLICATION
Data stored on FRS can be seen and displayed at different level in FIDE
public website or through private access.
- Any visitor of FIDE website may see: Name, Surname, Year of birth,
Federation, Gender (M or F), rating, title and inactivity flag, history of
games of any person included in FRS.
- Any visitor of FIDE website may see also: email address, physical
address, phone number and place and full birthday of any person who applied
for a title and put voluntarily those data on the application form.
- Any visitor of FIDE website may see also: email address, physical
address, phone number of any Federations’ official included in the
directory.
- National Rating Officers or the people designated by National Federations
have full access to all the records of the players of their Federation,
including all the abovementioned information.
- The personnel of EFO have full access to all the records of the database,
including all the abovementioned information and the full history of data
editing.
People who has full access to any information are enlisted in FIDE
directory under the pages of any specific Federation (Rating
Officer/General Secretary) and Elista Office.
All these people agrees to a non-disclosure policy on the data they can put
or see from FRS.
12. PROFILE
FIDE profiles data in order to make statistical outputs and results of
world/continental/national results and rankings.
Under the section A of this policy regulations, data of those people who
didn’t give any specific consent are not used to be profiled for other
purposes than sport statistic outputs.
13. DURATION
FIDE stores data without any term: your personal data will be stored until
your decision them to be deleted, duly communicated as per point nr. 18.
The only case data are cancelled from the database is on request of the
owner or his heirs. After cancellation, your data will be stored only for
historical reasons in the tournament archives.
14. DATA TRANSFER
Your personal data are stored and protected in FIDE servers which are
located in Germany. Backup copies are also stored in FIDE server in Russia.
Your personal data can be transferred:
- To any National Federation with restriction to data of their own
individuals;
- To any FIDE internal body, committee or commission, and the members of
them with no restrictions, officials and organs;
- To World Chess Events Ltd. (based in London – UK), up to the end of their
contract, with restriction to data already displayed on FIDE website to any
visitor of it, and only for organizational purposes;
- Developers of FIDE website only in order to test and improve FIDE website
functionalities;
Due to the fact data can be transferred to any internal body, committee or
commission, officials and organs, they can be sent in any country whose
members are included in FIDE directory.
15. DISCLOSURE
FIDE is not disclosing data to any kind of company, body or individual for
commercial purposes, nor it is profiling anyone for such goals.
16. DATA SECURITY
FRS access is password protected and has password restore utility. FRS
users can change their passwords and they are not disclosed to anyone.
Part of FRS which access is restricted to EFO is closed for access by
firewall IP access limit, webserver IP access limit and username/password.
FIDE also uses firewall blocking for database and servers, which access is
restricted to EFO IP.
FIDE webserver is protected from attack blocking (URL injections, DDos
attacks) and performs regular security audits for vulnerabilities.
Backups of main database are done daily and stored on remote machines,
which are located in Russia and Germany.
Any personal data included in FRS is encrypted.
17. YOUR RIGHTS
You have anytime the right to:
A. Check the existence of your data in FIDE databases;
B. Request from FIDE access to and rectification or erasure of personal
data or restriction of processing concerning the data subject and to object
to processing as well as the right to data portability;
C. Withdraw consent at any time, without affecting the lawfulness of
processing based on consent before its withdrawal;
D. Lodge a complaint with a supervisory authority;
E. Check the origin from which the personal data belong, and if applicable,
whether it came from publicly accessible sources;
F. Know the existence of automated decision-making, including profiling,
and, at least in those cases, meaningful information about the logic
involved, as well as the significance and the envisaged consequences of
such processing for the data subject.
- Actions under point A can be performed directly by any individual by
checking in FRS from the public access in FIDE website.
- Actions under point B and C shall come through a National Federation. In
case a National Federation is refusing to perform such actions or is not
performing them in a deadline of 30 days, they can be taken directly by
sending a signed letter to FIDE DPO at the abovementioned address,
enclosing a copy of an official identity document and a valid email
address.
FIDE Administration will notify the request by email and will proceed upon
your confirmation.
- Actions under E and F can be taken directly by sending an email to privacy@FIDE.com, enclosing a copy of
an official identity document and a valid email address.
18. DATA CANCELLATION
You have anytime the right to ask FIDE to delete your personal data from
the database: by taking such an action you are aware that data cancellation
from FRS prevents you to take part to any FIDE rated event.
This request shall come through a National Federation and it will be
confirmed by itself.
In case a National Federation will refuse to ask the erasure of your data
or will not do it in a deadline of 30 days, you can apply directly by
sending a signed letter to FIDE DPO at the abovementioned address enclosing
a copy of an official identity document and a valid email address.
FIDE Administration will notify the request by email and will proceed upon
your confirmation.
After the cancellation, your data will be stored in historical reports of
any played tournament or championship and title repository.
The already made processes based on previous consent shall be legal and
lawful also after the withdrawn of the consent and/or the request of data
erasure.
19. DATA BREACH
In case of a data breach FIDE will notify immediately the fact and act
according to the provision of the regulations.
20. LEGAL OBLIGATIONS THROUGH ADMINISTRATIVE AUTHORITIES
If the following situations occur FIDE shares information with any entitled
regulatory or administrative National authority, police or judiciary:
- When a legal request is addressed to FIDE or FIDE believes in good faith
to have the legal obligation to do that;
- When a Law or any judiciary orders FIDE to act in a specific way;
- When it is found that FIDE databases are used to make any breach of a Law
or personal data inserted in FRS are found to be false, or there is clear
danger of misuse of someone’s personal data;
- If any entitled regulatory or administrative National authority asks FIDE
to share any information for a legal reason, FIDE may store data even in
case of withdrawn of consent in order to fulfil any requested action.
21. NOTIFICATIONS OF ANY CHANGE OF DATA PROTECTION POLICY
In case of any change of this data protection policy FIDE will personally
notify to all members whose email address is stored in its database of the
changes.
FIDE will also announce any change with special notices on its website.
Any change will be effective after 30 days from its announcement: meanwhile
everyone has the right to ask his data to be restricted or erased with the
consequences indicated under point nr. 7.
22. DISPUTES
Disputes not subjected to administrative or regulatory authorities shall be
solved in Lausanne competent Court.
SECTION B: PREMIUM SERVICES ONLY FOR CHESS-ID PROGRAM SUBSCRIBERS
23. PURPOSE OF DATA COLLECTION
Only for Chess-ID subscribers, FIDE collects data, in addition to what
already described under Section A, in a fair and transparent way also in
order to give the subscribers the special services indicated in Chess-ID
program portal.
These services may include advertisement for specific tournaments,
promoting FIDE events and activities, promoting FIDE partners’ products and
services, giving news feed and putting in touch various people of the chess
community.
24. LEGAL BASIS
For the purposes of Chess-ID special services, data are collected and
processed only by legal agreement and in order to provide the services
themselves.
FIDE processes data in a fair and legitimate way only if it is necessary to
provide the services requested by the subscribers at the act of registering
or in a following time.
25. HOW FIDE COLLECTS DATA – DATA COLLECTORS
For the purposes of Chess-ID special services, FIDE collects data only upon
registration of the single user and upon his specific consent.
People younger than 16 years old are not allowed to share their data and
put their consent to the premius services.
26. COLLECTED DATA
For any individual registering in Chess-ID portal, and in order to provide
the specific services, FIDE collects: Name, Surname, Birthday, Federation,
Gender (M or F), Elo, title, email address, physical addresses, phone
numbers, geo-localised position, pictures.
When the portal management requires a confirmation about the abovementioned
data, it may require a copy of an official identification document.
This data can only be provided directly from the single individual.
27. DATA COLLECTING ACTIVITY AND REFUSAL
Data collection is necessary in order to provide the special services of
the Chess-ID portal. In case of refusal to let your data, as indicated
above, be processed by FIDE, the abovementioned premium services cannot be
provided.
28. FORMAT OF STORAGE
Your data are only stored electronically.
The electronic data archives are stored in FIDE servers, which are located
in Germany and Russia. Safety measures as described in point nr. 34
protects the electronic archives.
29. HOW FIDE PROCESSES DATA
For any individual registering in Chess-ID portal, FIDE processes data in
automatic and manual ways:
- Automatic processes include profiling, advertising, sending news feeds
and newsletters, providing events information and putting in touch with
other people. Automatic processes are made by computer programs which
operate on the database.
- Manual processes include any edit or change to single data, or any
variation upon single application or any other process directly requested
from the user.
30. LEVEL OF DATA PUBLICATION
Data stored in Chess-ID portal can be seen by any other member of Chess-ID
portal according to your preferences.
Privacy preferences can be changed from the relevant tab.
31. PROFILE
FIDE profiles your data in order to provide you a personal experience of
Chess-ID portal.
Hence FIDE processes your data about geographical position, Elo, title and
game history and played tournaments in order to advice you in events,
products, services of FIDE and its partners, and give you personalised
information and news.
32. DURATION
FIDE stores data for Chess-ID portal until your decision them to be
deleted, from the relevant tab.
33. DATA TRANSFER
Your personal data given to Chess-ID portal and upon specific consent can
be transferred, according to your preferences:
- To any National Federation;
- To any FIDE internal body, committee or commission, and the members of
them, officials and organs;
- To World Chess Events Ltd. (based in London – UK);
- Developers of FIDE website;
- FIDE commercial partners;
- Any other person who subscribed to Chess-ID portal.
34. DATA SECURITY
Chess-ID portal is password protected and has password restore utility.
Users can change their passwords and they are not disclosed to anyone.
The portal is closed for access by username/password and passport utility
from third party applications.
Chess-ID webserver is protected from attack blocking (URL injections, DDos
attacks) and performs regular security audits for vulnerabilities.
Backups of main database are done daily and stored on remote machines,
which are located in Russia and Germany.
Any personal data included in Chess-ID portal is encrypted.
35. YOUR RIGHTS
You have anytime the right to:
G. Check the existence of your data in Chess-ID portal;
H. Request from FIDE access to and rectification or erasure of personal
data or restriction of processing concerning the data subject and to object
to processing as well as the right to data portability;
I. Withdraw consent at any time, without affecting the lawfulness of
processing based on consent before its withdrawal;
J. Lodge a complaint with a supervisory authority;
K. Check the origin from which the personal data belong, and if applicable,
whether it came from publicly accessible sources;
L. Know the existence of automated decision-making, including profiling,
and, at least in those cases, meaningful information about the logic
involved, as well as the significance and the envisaged consequences of
such processing for the data subject.
Any action can be performed directly from the relevant privacy page of
Chess-ID portal.
36. DATA CANCELLATION
You have anytime the right to ask FIDE to delete your personal data from
the database of Chess-ID portal. Moreover, asking FIDE to be erased from
FRS according to Section A, point nr. 18 lead to cancellation from Chess-ID
portal.
By taking such an action you are aware that data cancellation from Chess-ID
portal prevents you to get the relevant services of Chess-ID.
Any action can be performed directly from the relevant privacy page of
Chess-ID portal.
37. DATA BREACH
In case of a data breach FIDE will notify immediately the fact and act
according to the provision of the regulations.
38. LEGAL OBLIGATIONS THROUGH ADMINISTRATIVE AUTHORITIES
If the following situations occur FIDE shares information with any entitled
regulatory or administrative National authority, police or judiciary:
- When a legal request is addressed to FIDE or FIDE believes in good faith
to have the legal obligation to do that;
- When a Law or any judiciary orders FIDE to act in a specific way;
- When it is found that FIDE databases are used to make any breach of a Law
or personal data inserted in Chess-ID portal are found to be false, or
there is clear danger of misuse of someone’s personal data;
- If any entitled regulatory or administrative National authority asks FIDE
to share any information for a legal reason, FIDE may store data even in
case of withdrawn of consent in order to fulfil any requested action.
39. NOTIFICATIONS OF ANY CHANGE OF DATA PROTECTION POLICY
In case of any change of this data protection policy FIDE will personally
notify to all subscribers of Chess-ID portal.
40. DISPUTES
Disputes not subjected to administrative or regulatory authorities shall be
solved in Lausanne competent Court.
FIDE Data Protection Policy version 1.0 – August 2019