Privacy Policy

Last updated date : 

1. Introduction



FOOTPASS® (hereinafter "FootPass" or "we") is committed to protecting the privacy and personal data of users (hereinafter "you"). This privacy policy explains what information is collected, why it is collected, how it is used, and your rights. By accessing our services, you agree to the provisions of this policy.


We apply the principles of “Privacy by Design” and “Privacy by Default” recommended by Swiss data protection legislation. This means that the protection of your privacy is integrated from the design of our services, and by default, only strictly necessary data is processed.



2. Scope



This policy applies to all services offered by FootPass via the website footpass.app, its subdomains, and its mobile applications, as well as to data processing carried out to manage PassIDs, bindings, and permissions.



3. Data Controller



The data controller is FootPass SA, a company established under Swiss law in formation. Its complete contact details (share capital, registration number in the commercial register, address) will be specified once the formalities are completed. Temporarily, the registered office is located at [to be completed], CH-8000 Zurich, Switzerland. FootPass SA uses the hosting services of Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. Requests related to personal data may be addressed to privacy@footpass.app.



4. Data Collected



We collect several categories of data, including:


  • Identification and Contact Data: name, first name, nationality, date and place of birth, contact details (address, phone, email address), role, and structure in football.

  • Official Documents: copies of identity documents (passport or ID card), photographs or selfies necessary for identity verification, certificates and contractual documents uploaded or signed.

  • Content and Communications: messages, files, photos, and videos exchanged via messaging, as well as associated metadata.

  • Technical Information: connection data, IP addresses, logs, device identifiers, and cookies.

  • Payment and Billing Data: information necessary for managing subscriptions and transactions.

  • Relationship and Permission Data: bindings, permissions, and mandates between users (e.g., player↔agent, structure↔member).



This data is collected directly from you or generated when using the services. The GDPR distinguishes between direct and indirect situations of collection of personal data.



5. Purposes and Legal Bases



The data is used for the following purposes:


  1. Account Creation and Management: issuing a verified PassID, managing bindings and permissions, providing access to services (legal basis: performance of a contract).

  2. Trust Framework and Security: verifying the identity and role of users, preventing fraud and impersonation, ensuring traceability of exchanges (legal basis: legitimate interest of the data controller).

  3. Providing Services: secure messaging, creation and management of Rooms, storage and signing of documents, management of safes and subscriptions (legal basis: performance of the contract).

  4. Customer Relationship and Assistance: managing requests and complaints, providing support (legal basis: performance of the contract).

  5. Billing and Payment Management: collecting subscriptions and processing transactions (legal basis: contractual and legal obligation).

  6. Service Improvement: analyzing usage, measuring audience, developing new features (legal basis: legitimate interest). Non-essential cookies are subject to consent.

  7. Communication: sending information on updates and offers from FootPass. These marketing communications are based on your consent.

  8. Legal Compliance: meeting our legal and regulatory obligations, including accounting, anti-money laundering, or cooperation with authorities (legal basis: legal obligation).



For each processing, FootPass defines a legal basis among the options provided in Article 6 of the GDPR (consent, contract, legal obligation, public interest, legitimate interest, or vital interests safeguard).



6. Data Recipients



Data is accessible only to:


  • FootPass teams authorized and subject to confidentiality obligations;

  • our technical providers and subcontractors (hosting, identity verification, electronic signature, payment, email sending, support) who act on the instructions of FootPass and in compliance with applicable rules;

  • partners and counterparts that you authorize via a binding or mandate (e.g., club, agent, media), within the scope defined by your authorizations;

  • competent administrative or judicial authorities, upon legal request.



FootPass does not sell your data and does not transfer it to unauthorized third parties.



7. International Transfers



The data is hosted within the European Union. When we engage providers located outside Switzerland or the European Union, we ensure they provide an adequate level of protection through transfer mechanisms provided by applicable regulations (standard contractual clauses, adequacy decisions, or binding corporate rules).



8. Retention Period



Your data is retained for the duration necessary to achieve the purposes for which it was collected, and then archived to meet legal obligations. For your information:


  • Account and PassID Data: duration of account use and three years after its closure or inactivity, followed by legal archiving.

  • Bindings and Permissions: duration of validity of the binding + one year.

  • Contractual and Accounting Documents: ten years, in accordance with our legal obligations.

  • Logs and Technical Data: twelve months.

  • Prospect Data: three years from the last unsuccessful contact.



Upon expiry of these periods, the data is deleted or irreversibly anonymized.



9. Your Rights



Under the Swiss Federal Data Protection Act (LPD) and, where applicable, the General Data Protection Regulation (GDPR) for persons concerned located in the European Union, you have various rights:


  • Right of Access: obtain confirmation that we are processing your data and receive a copy.

  • Right of Rectification: have inaccurate or incomplete data rectified.

  • Right of Deletion/Erase: request the deletion of your data where permitted by law.

  • Right to Restrict Processing: obtain the restriction of processing in certain cases (e.g., during the examination of a dispute).

  • Right to Object: object to certain processing, particularly those based on our legitimate interest.

  • Right to Withdraw Consent: withdraw your consent at any time for processing based on that consent.



If you are located in the European Union, you may also benefit from the right to data portability and the right to set post-mortem directives. Requests can be sent to privacy@footpass.app or by postal mail. Proof of identity may be required to protect data confidentiality. We will respond within one month (extendable to three months in case of complexity).



10. Security



FootPass implements appropriate technical and organizational measures to protect your data: encryption of exchanges, role-based access control, redundant backups, security audits, environment segmentation, and careful selection of providers. Although these measures reduce risks, no system is infallible; we encourage users to maintain the confidentiality of their credentials.



11. Cookies and Other Trackers



We use cookies essential for the operation of the site (authentication, personalization, security) and optional cookies (audience analysis, optimization). The law requires informing users of the purposes of these cookies and obtaining their consent for non-essential cookies. You can manage your preferences via our cookie management module. Refusing non-essential cookies does not impair access to the service but may limit certain functionalities.



12. Data of Minors



Minors cannot create a FootPass account without the written consent of their legal representative. The legal representative creates and manages the minor's PassID and controls their bindings and permissions. FootPass does not deliberately collect data regarding minors without this framework. Any request regarding a minor's data must be made by the legal representative.



13. Changes to the Policy



This policy may be modified at any time to account for legal, regulatory, or technical developments. We will inform users by notification or by publishing a new version on our site. Continued use of our services after the update constitutes acceptance of the revised policy.



14. Contact and Complaints



For any questions regarding this policy or to exercise your rights, you can contact our DPO at privacy@footpass.app or send postal mail to the provisional address of the registered office mentioned above. In case of unresolved disputes, you can contact the competent supervisory authority: in Switzerland, this is the Federal Data Protection and Transparency Officer (PFPDT); in the European Union, it is the supervisory authority of the Member State of your habitual residence. We invite you to contact us first to seek an amicable solution.



End of the Privacy Policy.