Data Protection Policy
Last Updated: February 10, 2026
1. Overview
MyFootball.Info is committed to protecting your personal data and respecting your privacy rights. This Data Protection Policy outlines our commitment to compliance with:
• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA) - United States
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Other applicable international data protection laws
We process personal data lawfully, fairly, and transparently in accordance with these regulations.
• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA) - United States
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Other applicable international data protection laws
We process personal data lawfully, fairly, and transparently in accordance with these regulations.
2. Legal Basis for Processing
We process personal data under the following legal bases:
Consent: You have given explicit consent for us to process your personal data for specific purposes (e.g., marketing communications).
Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., providing platform services).
Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, system security, service improvement).
Legal Obligation: Processing is necessary to comply with legal or regulatory requirements (e.g., tax reporting, data breach notifications).
Consent: You have given explicit consent for us to process your personal data for specific purposes (e.g., marketing communications).
Contractual Necessity: Processing is necessary for the performance of a contract with you (e.g., providing platform services).
Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, system security, service improvement).
Legal Obligation: Processing is necessary to comply with legal or regulatory requirements (e.g., tax reporting, data breach notifications).
3. Data Protection Principles
We adhere to the following core principles:
Lawfulness, Fairness & Transparency: We process data legally, fairly, and in a transparent manner.
Purpose Limitation: We collect data only for specified, explicit, and legitimate purposes.
Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary.
Accuracy: We keep personal data accurate and up to date, and erase or rectify inaccurate data without delay.
Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected.
Integrity & Confidentiality: We implement appropriate security measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Lawfulness, Fairness & Transparency: We process data legally, fairly, and in a transparent manner.
Purpose Limitation: We collect data only for specified, explicit, and legitimate purposes.
Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary.
Accuracy: We keep personal data accurate and up to date, and erase or rectify inaccurate data without delay.
Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected.
Integrity & Confidentiality: We implement appropriate security measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.
4. Data Subject Rights
Under GDPR, CCPA, and other data protection laws, you have the following rights:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances.
Right to Restriction of Processing: Request limitation of processing of your personal data in specific situations.
Right to Data Portability: Request transfer of your personal data to another service provider in a structured, commonly used, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw previously given consent at any time (without affecting lawfulness of processing based on consent before withdrawal).
Right Not to be Subject to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or significant effects.
To exercise any of these rights, contact us at dpo@myfootball.info. We will respond within 30 days.
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances.
Right to Restriction of Processing: Request limitation of processing of your personal data in specific situations.
Right to Data Portability: Request transfer of your personal data to another service provider in a structured, commonly used, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw previously given consent at any time (without affecting lawfulness of processing based on consent before withdrawal).
Right Not to be Subject to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or significant effects.
To exercise any of these rights, contact us at dpo@myfootball.info. We will respond within 30 days.
5. Data Processing Activities
We process the following categories of personal data:
| Data Category | Purpose | Retention Period |
|---|---|---|
| Account Data | Service provision, authentication | Duration of account + 30 days |
| Contact Information | Communication, support | Duration of account + 30 days |
| Usage Data | Analytics, service improvement | 90 days |
| Transaction Data | Billing, tax compliance | 7 years (legal requirement) |
| Marketing Preferences | Marketing communications | Until opt-out or account deletion |
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure adequate safeguards for such transfers:
EU-US Data Transfers:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules (BCRs) where applicable
Data Transfer Mechanisms:
• We implement appropriate technical and organizational measures
• We conduct Transfer Impact Assessments (TIAs) for high-risk transfers
• We maintain documentation of all international data transfers
For specific information about data transfers, contact our Data Protection Officer.
EU-US Data Transfers:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules (BCRs) where applicable
Data Transfer Mechanisms:
• We implement appropriate technical and organizational measures
• We conduct Transfer Impact Assessments (TIAs) for high-risk transfers
• We maintain documentation of all international data transfers
For specific information about data transfers, contact our Data Protection Officer.
7. Data Breach Notification
In the event of a personal data breach, we are committed to:
Detection & Assessment: Identifying and assessing the breach within 24 hours of discovery.
Supervisory Authority Notification: Notifying the relevant supervisory authority (e.g., ICO, CNIL, state Attorney General) within 72 hours of becoming aware of a breach, as required by law.
Individual Notification: Notifying affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms.
Documentation: Maintaining records of all data breaches, including facts, effects, and remedial actions taken.
Our breach response plan includes containment, investigation, remediation, and post-incident review.
Detection & Assessment: Identifying and assessing the breach within 24 hours of discovery.
Supervisory Authority Notification: Notifying the relevant supervisory authority (e.g., ICO, CNIL, state Attorney General) within 72 hours of becoming aware of a breach, as required by law.
Individual Notification: Notifying affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms.
Documentation: Maintaining records of all data breaches, including facts, effects, and remedial actions taken.
Our breach response plan includes containment, investigation, remediation, and post-incident review.
8. Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee our data protection strategy and GDPR compliance:
Contact Information:
Email: dpo@myfootball.info
Address: 1420 Celebration Blvd, Suite 313, Celebration, Florida 34747
Responsibilities:
• Monitoring compliance with GDPR and other data protection laws
• Advising on data protection impact assessments (DPIAs)
• Cooperating with supervisory authorities
• Serving as point of contact for data subjects and supervisory authorities
• Training staff on data protection requirements
You may contact our DPO with any questions or concerns about data protection.
Contact Information:
Email: dpo@myfootball.info
Address: 1420 Celebration Blvd, Suite 313, Celebration, Florida 34747
Responsibilities:
• Monitoring compliance with GDPR and other data protection laws
• Advising on data protection impact assessments (DPIAs)
• Cooperating with supervisory authorities
• Serving as point of contact for data subjects and supervisory authorities
• Training staff on data protection requirements
You may contact our DPO with any questions or concerns about data protection.
9. Third-Party Processors
We work with carefully vetted third-party processors to provide our services. All processors are bound by Data Processing Agreements (DPAs) that comply with GDPR Article 28.
Categories of Processors:
• Cloud hosting and infrastructure providers
• Payment processing services
• Email and communication platforms
• Analytics and monitoring tools
• Customer support software
Processor Requirements:
• GDPR-compliant Data Processing Agreements
• Appropriate technical and organizational security measures
• Commitment to data protection principles
• Regular security audits and certifications
For a complete list of sub-processors, contact dpo@myfootball.info.
Categories of Processors:
• Cloud hosting and infrastructure providers
• Payment processing services
• Email and communication platforms
• Analytics and monitoring tools
• Customer support software
Processor Requirements:
• GDPR-compliant Data Processing Agreements
• Appropriate technical and organizational security measures
• Commitment to data protection principles
• Regular security audits and certifications
For a complete list of sub-processors, contact dpo@myfootball.info.
10. Security Measures
We implement industry-leading security measures to protect personal data:
Technical Measures:
• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication (MFA)
• Regular security patches and updates
• Intrusion detection and prevention systems
• Database encryption and access controls
Organizational Measures:
• Role-based access control (RBAC)
• Regular security awareness training
• Background checks for employees with data access
• Confidentiality agreements for all staff
• Incident response and business continuity plans
• Annual third-party security audits
Certifications & Compliance:
• ISO 27001 (Information Security Management)
• SOC 2 Type II compliance
• GDPR and CCPA compliance frameworks
Technical Measures:
• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication (MFA)
• Regular security patches and updates
• Intrusion detection and prevention systems
• Database encryption and access controls
Organizational Measures:
• Role-based access control (RBAC)
• Regular security awareness training
• Background checks for employees with data access
• Confidentiality agreements for all staff
• Incident response and business continuity plans
• Annual third-party security audits
Certifications & Compliance:
• ISO 27001 (Information Security Management)
• SOC 2 Type II compliance
• GDPR and CCPA compliance frameworks
11. Cookies & Consent Management
We use cookies and similar tracking technologies in compliance with ePrivacy Directive and GDPR:
Cookie Consent: We obtain explicit consent before placing non-essential cookies on your device.
Cookie Categories:
• Strictly Necessary: Essential for platform functionality (no consent required)
• Performance/Analytics: Help us improve the platform (consent required)
• Functional: Remember your preferences (consent required)
• Targeting/Advertising: We do not currently use advertising cookies
Managing Cookies:
• You can withdraw consent at any time through your browser settings
• You can access our cookie preference center in the footer of our website
• Blocking essential cookies may impact platform functionality
For more information, see our Cookie Policy (section 6 of our Privacy Policy).
Cookie Consent: We obtain explicit consent before placing non-essential cookies on your device.
Cookie Categories:
• Strictly Necessary: Essential for platform functionality (no consent required)
• Performance/Analytics: Help us improve the platform (consent required)
• Functional: Remember your preferences (consent required)
• Targeting/Advertising: We do not currently use advertising cookies
Managing Cookies:
• You can withdraw consent at any time through your browser settings
• You can access our cookie preference center in the footer of our website
• Blocking essential cookies may impact platform functionality
For more information, see our Cookie Policy (section 6 of our Privacy Policy).
12. Children's Data
We take special care when processing data of minors:
Age Restrictions: Our platform is not intended for individuals under 13 years old. We do not knowingly collect personal data from children under 13.
Parental Consent: For users between 13-18 years old, we may require verifiable parental consent in accordance with applicable laws.
Player Data: When clubs input data about minor players (athletes), we require clubs to have obtained appropriate consent from parents/guardians.
Enhanced Protections:
• Stricter access controls for minor's data
• Additional security measures
• Limited retention periods
• Prohibition on profiling or automated decision-making affecting minors
If you believe we have collected data from a child without proper consent, contact us immediately at dpo@myfootball.info.
Age Restrictions: Our platform is not intended for individuals under 13 years old. We do not knowingly collect personal data from children under 13.
Parental Consent: For users between 13-18 years old, we may require verifiable parental consent in accordance with applicable laws.
Player Data: When clubs input data about minor players (athletes), we require clubs to have obtained appropriate consent from parents/guardians.
Enhanced Protections:
• Stricter access controls for minor's data
• Additional security measures
• Limited retention periods
• Prohibition on profiling or automated decision-making affecting minors
If you believe we have collected data from a child without proper consent, contact us immediately at dpo@myfootball.info.
13. Complaints & Supervisory Authorities
You have the right to lodge a complaint with a data protection supervisory authority:
EU Supervisory Authorities:
• Contact your national Data Protection Authority (DPA)
• List available at: EDPB Member List
United States:
• Federal Trade Commission (FTC)
• State Attorney General (for CCPA complaints in California)
Brazil:
• Autoridade Nacional de Proteção de Dados (ANPD)
We encourage you to contact us first at dpo@myfootball.info so we can address your concerns directly.
EU Supervisory Authorities:
• Contact your national Data Protection Authority (DPA)
• List available at: EDPB Member List
United States:
• Federal Trade Commission (FTC)
• State Attorney General (for CCPA complaints in California)
Brazil:
• Autoridade Nacional de Proteção de Dados (ANPD)
We encourage you to contact us first at dpo@myfootball.info so we can address your concerns directly.
14. Updates to This Policy
We may update this Data Protection Policy to reflect changes in our practices or legal requirements:
Version Control: We maintain version history with effective dates.
Notification: Material changes will be communicated via:
• Email to registered users
• Prominent notice on the platform
• Update to the "Last Updated" date
Review Schedule: This policy is reviewed annually or when significant changes occur.
Previous Versions: Available upon request from our Data Protection Officer.
Version Control: We maintain version history with effective dates.
Notification: Material changes will be communicated via:
• Email to registered users
• Prominent notice on the platform
• Update to the "Last Updated" date
Review Schedule: This policy is reviewed annually or when significant changes occur.
Previous Versions: Available upon request from our Data Protection Officer.
15. Contact Information
For any questions, concerns, or requests related to data protection:
Data Protection Officer:
Email: dpo@myfootball.info
General Privacy Inquiries:
Email: privacy@myfootball.info
Mailing Address:
MyFootball.Info - Data Protection
1420 Celebration Blvd, Suite 313
Celebration, Florida 34747
United States
We will respond to all requests within 30 days as required by GDPR.
Data Protection Officer:
Email: dpo@myfootball.info
General Privacy Inquiries:
Email: privacy@myfootball.info
Mailing Address:
MyFootball.Info - Data Protection
1420 Celebration Blvd, Suite 313
Celebration, Florida 34747
United States
We will respond to all requests within 30 days as required by GDPR.