Please wait ...

Vezi cosul de cumparaturi

Privacy

Homepage About us Privacy

Privacy Policy

Notice on the processing of personal data by FRF

Version 01 august 2025

Introduction

The Romanian Football Federation (FRF) is committed to protecting the personal data of all persons it interacts with in the course of its activities – fans, players, coaches, referees, employees, volunteers, commercial partners, service providers or any other individuals whose personal data are processed in this context.

FRF acknowledges and respects the sensitive nature of personal data and undertakes to process them responsibly, transparently, and in compliance with data protection regulations — in particular, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “the GDPR”) — as well as with the relevant national laws.

The confidentiality and security of personal data are key components of our governance principles, and this commitment reflects the fundamental values of FRF, which include integrity, transparency, and respect for the basic rights of individuals.

With this Privacy Policy, FRF aims to provide clear and accessible information regarding the collection, use, sharing, storage, and protection of your personal data when you interact with our digital platforms or services.

The Policy applies to all channels through which FRF collects personal data, including, but not limited to:

  • official websites managed by FRF:
  • mobile applications developed by or for FRF (including ticketing applications);
  • competition, licensing management, or player registration platforms;
  • official social media accounts and pages of FRF (e.g., Facebook, Instagram, X/Twitter, YouTube, etc.);
  • any other direct or indirect, physical or digital interactions with users (e.g., event registrations, purchase of goods, completion of online or offline forms, participation in campaigns or contests, etc.).

This Policy also seeks to explain what types of personal data we collect, the purposes for which we use them, what is the legal basis of such processing, to whom we may disclose such data, how long we retain them, and what are your rights in connection with your data.

FRF reserves the right to update this policy at any time, in response to legal developments, recommendations from relevant authorities, or changes in our activities. The current version of the Policy is permanently available on the FRF Platforms and can be accessed by users at any time.

  1. Scope

This Privacy Policy defines the principles and rules applicable to all personal data processing activities conducted by the Romanian Football Federation (FRF) as the data controller in the context of its activities.

This Policy applies to all your interactions with FRF, whether direct or indirect, regardless of the communication channel used. Specifically, it applies (without limitation) when you:

  • view or use any of FRF’s official digital platforms, such as websites, mobile applications, or dedicated competition and event management platforms;
  • create an account with FRF applications or services (including ticketing applications);
  • register for sports events, contests, promotional activities, or projects organized by FRF;
  • communicate with FRF through electronic channels (e.g., e-mail, chat, social media networks) or physical channels (e.g., written correspondence, forms);
  • interact with the official social media accounts and pages of FRF;
  • access locations and events managed or coordinated by FRF (e.g., matches, conferences, forums, volunteering actions).

This Policy also applies in situations where your personal data are transmitted to FRF by third parties – such as partners, sports federations, affiliated clubs, local organizers, service providers, or digital platforms – based on a legitimate interest, a legal obligation, or your consent.

In all these situations, FRF acts in compliance with the applicable personal data protection laws – in particular, the General Data Protection Regulation (EU) 2016/679 (“GDPR”) – ensuring that collected data are used exclusively for legitimate purposes, and in an equitable, transparent, and proportionate manner.

  1. Types of data that we collect

Depending on the nature of your relationship with the Romanian Football Federation (FRF) and how you interact with the FRF Platforms or other services offered by our organization, we may collect and process various categories of personal data. Personal data are collected responsibly, exclusively for specific, legitimate, and proportionate purposes, in accordance with applicable laws.

The types of personal data that we may collect include:

• Identification data

This includes the information necessary to recognize you as a unique individual:

  • surname, name;
  • date and place of birth;
  • sex/gender;
  • nationality;
  • personal identification number (CNP), where required by applicable laws;
  • type, series and number of an identification document (e.g., ID card, passport, driving license), including scanned copies thereof, where necessary.

• Contact data

Information allowing us to contact you or identify you within our systems:

  • e-mail address;
  • telephone number (mobile and/or fixed);
  • home or mailing address;
  • postal code;
  • other data provided voluntarily via contact forms.

• Financial data

Processed in the context of payment or refund operations:

  • bank details (e.g., IBAN, account holder’s name);
  • details of the cards used for payments (to the extent permitted by law);
  • information on payments made or received;
  • proof of transactions or invoicing.

• Technical data

Data generated automatically when you access the FRF Platforms:

  • IP address of the device used;
  • browser type and version;
  • operating system and technology platform used;
  • unique identifiers assigned to sessions or devices;
  • other details of the technical configuration of the equipment used for access (e.g., language, time zone, network type).

• Data concerning online activity

Data reflecting the way you interact with our platforms:

  • pages visited and time spent on them;
  • actions performed within applications (clicks, scrolls, interactions);
  • preferences set by the user;
  • login events or errors occurring during use;
  • history of use of certain features or online services.

• Profile data

Data associated with your accounts registered with FRF’s systems:

  • username, password, and other authentication credentials;
  • set preferences (e.g., favorite teams, preferred notification types);
  • answers to polls or questionnaires;
  • opinions, suggestions, or feedback provided during direct or online interactions;
  • history of purchases or event participations.

• Data concerning marketing communications

Data related to consent given and interactions with promotional messages:

  • newsletter subscription/unsubscription options;
  • preferred communication channels (e-mail, SMS, push notifications, etc.);
  • history of consents given or withdrawn;
  • interaction with information campaigns and materials sent by FRF or its partners.

• Other personal data

Depending on the context, we may also collect other categories of data, such as:

  • images, audio, or video recordings captured during events organized or co-organized by FRF (matches, galas, conferences, promotional actions, etc.);
  • data provided during participation in contests, lotteries or campaigns;
  • written or electronic correspondence with FRF representatives (including transcriptions or recordings of telephone conversations).

This list is general and may be supplemented depending on the specific nature of each activity, project, or platform used. In all cases, FRF undertakes to collect only data that are strictly necessary for the declared purpose and to respect the principles of lawfulness, transparency, and proportionality in the processing of personal data.

  1. Data collection methods

The Romanian Football Federation (FRF) collects data by various means, depending on the nature of its interactions with you, the channel used, and the type of service offered. Personal data are processed in accordance with the principles of transparency and lawfulness, and the methods of collection are structured as follows:

a) Direct collection from you

Most data are provided voluntarily by you in the following situations:

  • By completing electronic or paper forms available on FRF’s official websites or at registration stands or points (e.g., forms for ticket purchases, event registrations, information requests, or consents);
  • When creating a user account on FRF’s digital platforms (including mobile applications, ticketing websites, or sports management platforms);
  • When purchasing tickets to matches, competitions, or other events organized or supported by FRF;
  • When subscribing to FRF communications, such as newsletters, competition alerts, or information on available goods and services;
  • By participating in contests, lotteries, promotional campaigns, or other marketing-related activities conducted by FRF, either alone or in partnership with third parties;
  • Through direct correspondence with FRF representatives, including via e-mail, telephone calls, social media messages, or other official communication channels.

b) Collection via third parties

In certain situations, FRF may receive data about you from external sources, such as:

  • Authorized partners of FRF, including affiliated clubs, county football associations, local organizers of sports events, or service providers involved in the service delivery process (e.g., payment processors, ticketing platforms, marketing agencies);
  • Available public sources, such as social media, when you interact with the official pages of FRF (e.g., likes, comments, shares, direct messages);
  • External promotion and communication platforms, e.g., when you log in to FRF’s accounts via Facebook, Google, or other similar services (single sign-on), based on permissions granted by you.

In all these situations, FRF ensures that the third parties involved have the legal right to provide such data and that the data are transferred in compliance with applicable personal data regulations.

c) Automatic collection through technical means

Whenever you access or use FRF’s digital platforms, certain information is automatically collected through computer technologies. This includes, without limitation:

  • Technical data concerning the device used (e.g., browser type, operating system, language settings, type of mobile device);
  • IP address and approximate geographic location, as derived from your Internet connection;
  • Information concerning the use of FRF’s platforms, including accessed pages, time spent on the website, browsing behavior, and actions performed in applications or on web pages;
  • Data collected through cookies, web beacons, and similar technologies, in accordance with FRF’s Cookie Policy.

This information is used to improve the user experience, customize displayed content, analyze platform performance, and ensure cybersecurity.

  1. Processing purposes and legal grounds

The Romanian Football Federation (FRF) processes personal data exclusively for legitimate purposes, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws. Data are processed only when a clearly defined legal basis relevant to the purpose pursued exists.

FRF processes personal data for the following primary purposes:

 

• To execute a contract or complete pre-contractual actions:

This basis is used when data are necessary to supply you with the goods or services ordered or to enable FRF to fulfill its contractual obligations. For example:

  • managing user accounts on FRF’s platforms;
  • processing orders for tickets or goods;
  • validating attendance at competitions, championships or events;
  • delivering contest prizes;
  • providing technical support or assistance in connection with a purchased service.

• Based on express and informed consent:

In certain situations, we will request your consent before processing your data. This consent may be withdrawn at any time, without affecting the lawfulness of any processing carried out before the withdrawal. Consent is used, for instance, to:

  • transmit commercial communications, newsletters, or other promotional materials;
  • conduct personalized marketing campaigns based on your preferences;
  • capture and publish images or video materials during events, where no other applicable legal basis exists;
  • use non-essential cookies or other tracking technologies for analytics or advertising purposes.

• As required by law:

FRF may be under a legal obligation to collect and process certain data in order to comply with applicable laws or regulations. Examples of such obligations include:

  • keeping accounting and financial records as required by tax regulations;
  • preventing, detecting, and reporting fraud or other illegal activities;
  • complying with safety, health and security regulations during organized events;
  • complying with the requirements of regulatory, tax, legal, or sports authorities.

• Based on the legitimate interest of FRF or a third party:

We rely on this legal basis when processing is necessary to pursue the legitimate interests of FRF, provided such interests are not overridden by the fundamental rights and freedoms of the data subjects. Examples include:

  • improving and personalizing services and digital platforms;
  • developing statistics on event attendance and user interaction;
  • managing relationships with fans, partners, or volunteers;
  • ensuring the cybersecurity of IT systems;
  • preventing and handling operational or reputational incidents;
  • publicly promoting FRF’s activities, competitions, or values.

In all such cases, FRF conducts a thorough assessment to ensure that its legitimate interest is not overridden by the rights of the data subject.

• For the performance of a task carried out in the public interest or in the exercise of official authority:

This legal basis applies when FRF carries out activities governed by national or international regulatory frameworks, such as:

  • organization and conduct of national sports competitions;
  • cooperation with public authorities to promote sports, education, and social inclusion;
  • implementation of social, educational, or public health programs in partnership with public or international institutions.

FRF undertakes not to use personal data for purposes other than those stated, unless it obtains your prior express consent or is legally obliged to do so.

  1. Data sharing and disclosure

The Romanian Football Federation (FRF) respects privacy and data protection principles in all operations involving the sharing or disclosure of personal data. Personal data are disclosed exclusively for legitimate and clearly defined purposes, and only to recipients that provide adequate guarantees for their protection, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national laws.

Personal data may be disclosed to the following categories of recipients:

• Entities within FRF’s ecosystem

Data may be shared with FRF affiliates or partners to the extent necessary to conduct joint activities:

  • Affiliated football clubs, county associations, or organizations participating in competitions organized under FRF patronage;
  • Official or institutional partners involved in implementing events or programs supported by FRF.

• External service providers (processors)

Data may be shared with service providers acting for and on behalf of FRF exclusively for the purpose of performing operational or administrative tasks, such as:

  • IT and hosting providers ensuring the operation of digital platforms;
  • Digital marketing providers, for the purpose of sending commercial communications or managing advertising campaigns;
  • Payment processors and financial institutions, in connection with the purchase of tickets, goods, or services;
  • Courier or logistics services, for delivering promotional goods or materials.

To manage the ticket sale process, FRF cooperates with several authorized third-party partners acting as independent controllers or processors, depending on the contractual arrangements. Your personal data may be shared with such persons to the extent necessary for the issuing, distribution and validation of tickets to events organized by FRF.

Specifically, these include:

  • SECUTIX – for home matches of the (men’s and women’s) senior national teams and the men’s U21 national team;
  • PLG – for away matches of the (men’s and women’s) senior and U21 national teams, all youth national teams (U15 – U20), in both domestic and international competitions, as well as for the finals of the Romanian Cup and Romanian Supercup.

Tickets can be purchased:

  • online, either through FRF’s official platform: bilete.frf.ro, or via the “Bilete FRF” mobile application;
  • physically, from authorized ticket offices.

These providers are contractually obliged to protect the confidentiality and security of data and not to use them for their own purposes.

• Public authorities and institutions

FRF may disclose personal data whenever such disclosure is required by law or necessary to:

  • comply with legal, tax, or accounting obligations;
  • respond to official requests from regulatory authorities (e.g., ANSPDCP, ANAF), courts of law, or criminal investigation bodies;
  • ensure public safety and prevent fraud during organized competitions and events.

• Social media platforms and advertising partners

In certain situations, FRF may share aggregated or pseudonymized information to:

  • Social media platforms (e.g., Facebook, Instagram, YouTube), to promote events or analyze campaign performance;
  • Advertising networks or retargeting service providers, to personalize the promoted content.

The shared data do not allow direct identification of data subjects, and the technologies used comply with data protection principles (e.g., by using anonymous technical identifiers or encoding).

• Other third parties, only with your express consent

FRF will not share, disclose, transfer or use your personal data for unauthorized commercial purposes. Personal data will be transmitted to other (public or private) entities only if:

  • you have granted your express, informed, and free consent;
  • you have expressly requested the service that involves sharing data (e.g., participation in a joint campaign conducted by FRF and the relevant partner);
  • this is necessary to protect a vital interest in exceptional situations, in accordance with the applicable legal framework.

FRF does not sell personal data and does not transfer them for purposes that are contrary to the principles of lawfulness, loyalty, and transparency.

  1. International data transfers

The Romanian Football Federation (FRF) makes every effort to store and process users’ personal data within the European Economic Area (EEA), where data protection standards are guaranteed by European Union laws, including Regulation (EU) 2016/679 (GDPR).

However, in certain limited situations, your data may be transferred to partners or providers outside the EEA — for example, when:

  • certain technical services or digital platforms are provided by operators established outside the EEA;
  • international events or activities shared with global sports organizations require the exchange of data;
  • collaboration with affiliated entities or authorities in other jurisdictions is necessary.

In such cases, FRF undertakes to ensure an adequate level of data protection, equivalent to that offered within the EEA, by implementing safeguards in accordance with the requirements of the GDPR.

Such safeguards may include:

  • Standard Contractual Clauses (SCC) adopted by the European Commission;
  • impact assessments concerning data protection in the context of transfer;
  • strict contractual obligations concerning security and privacy;
  • checking the existence of an adequacy decision issued by the European Commission with regard to the country concerned.

Additionally, FRF will inform data subjects whenever such transfer is made and, upon request, can provide copies of the prevailing contractual safeguards used to protect the transfer data.

  1. Storage period

The Romanian Football Federation (FRF) retains personal data only as long as necessary to achieve the purpose for which data were collected or to comply with applicable legal and regulatory obligations.

The precise data retention period varies depending on:

  • the nature of relationship with the data subject (e.g., user, fan, partner, or volunteer);
  • the purpose of processing (e.g., organization of competitions, commercial communication, administrative records);
  • applicable legal requirements (tax, accounting, archiving);
  • statutes of limitation provided by applicable laws;
  • existence of legitimate interests of FRF justifying retention for a reasonable period (e.g., in case of legal disputes, internal inquiries, audits).

Indicative examples:

  • Data collected for contractual purposes (e.g., to issue tickets or deliver goods) are retained for the contract period and an additional period of up to 10 years, as required by tax and accounting laws;
  • Marketing data are retained until consent withdrawal or unsubscription;
  • Data collected via cookies or similar technologies are retained according to FRF’s Cookie Policy;
  • Data associated to inactive accounts may be deleted after a reasonable period of inactivity, subject to prior notice.

After expiry of the storage period:

  • data will be securely and irreversibly erased; or
  • data will be anonymized (eliminating all elements that allow identification) and used for statistics or archival, to the extent permitted by law.

FRF implements clear internal procedures to periodically review stored data, thereby ensuring that data are not retained more than necessary and that their processing complies with the principles of minimization and responsibility.

  1. Your rights

The Romanian Football Federation (FRF) acknowledges and respects the rights guaranteed by the European and national data protection regulations, in particular, Regulation (EU) 2016/679 (GDPR). As data subject, you enjoy several rights regarding the way your personal data are collected, used and retained by FRF.

You may exercise free of charge any of the following rights (unless the law expressly stipulates otherwise):

• Right to object

You have the right to object at any time to the processing of your personal data for direct marketing purposes or based on a legitimate interest of FRF, including with regard to profiling or segmentation. Objection may be expressed simply by contacting us through the communication channels mentioned below.

• Right to withdraw consent

If data are processed based on your consent (e.g., to receive newsletters or commercial communications), you have the right to withdraw your consent at any time. Consent withdrawal will not affect the lawfulness of any processing carried out before withdrawal.

• Right of access

You have the right to request access to the personal data we hold about you, as well as to obtain additional information about how we process that data. In certain cases, you may be able to access your personal data directly through your user account.

• Right to rectification

If the personal data we hold about you are inaccurate, incomplete, or outdated, you have the right to request that they be corrected or updated. This can also be done directly through the platform, provided that an associated user account exists.

• Right to erasure (“right to be forgotten”)

You have the right to request the permanent erasure of your data in the following situations:

  • data are no longer necessary in relation to the purposes for which they were collected;
  • you withdraw your consent and there is no other legal ground for processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing;
  • personal data have been unlawfully processed.

For this purpose, FRF can make available a dedicated electronic form, and the request will be reviewed without undue delay.

• Right to restriction of processing

You have the right to request the restriction of the processing of your personal data in certain circumstances, such as:

  • When the accuracy of the data is contested;
  • When the processing is unlawful, but you oppose erasure and request restriction instead;
  • When FRF no longer needs the data for processing purposes, but you require them to exercise, defend, or challenge a legal right in court.

During this period, data will be retained but not actively used.

• Right to data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format (e.g., .csv, .xml), and/or request the transfer of those data to another controller, where the processing is based on consent or on a contract, and processing is carried out by automated means.

• Right to lodge a complaint

If you consider that FRF has not respected your right or has violated any data protection regulations, you have the right to lodge a complaint with:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Bd. G-ral Gheorghe Magheru nr. 28-30, Sector 1, 010336, București, România
www.dataprotection.ro

Methods of contact for exercising your rights

To exercise any of the rights mentioned above, you can contact us in writing at:

E-mail: dpo@frf.ro

Mailing address: Federația Română de Fotbal – Responsabil cu Protecția Datelor
Str. Vasile Șerbănică nr. 12, Sector 2, București, România

Depending on the nature of your request, we may require you to verify your identity before providing a response. We undertake to respond to any request within no more than 30 calendar days. This period may be extended in complex situations, in accordance with the applicable legal provisions.

  1. Data security

The Romanian Football Federation (FRF) treats the security of your personal data with the utmost responsibility and undertakes to protect such data against any form of unauthorized access, abusive use, accidental loss, destruction, or disclosure.

For this purpose, FRF implements and maintains adequate technical and organizational measures, in line with the current level of technology, the nature of the data processed, and the identified risks, including:

  • strict internal policies concerning data access;
  • encryption of data transmission (including the use of SSL/TLS certificates);
  • role-based access control;
  • system monitoring and activity logging;
  • use of secured storage and backup infrastructures;
  • periodic training of personnel on data protection and the prevention of security incidents.

The data transmitted through the FRF Platforms (e.g., online forms, user accounts, ticket purchases) are protected by SSL encryption, meaning that information is transmitted in a secure format that is difficult to intercept.

However, it is important to keep in mind that data transmission via e-mail or other unsecured channels involves certain risks, and FRF cannot guarantee the absolute confidentiality of information transmitted through such means.

Note: FRF will never ask you to provide passwords, complete banking details or other sensitive information through unsolicited messages (by e-mail, SMS, or telephone). If you receive any such request that appears to come from us, do not provide the requested information and contact the FRF team immediately.

FRF has also implemented procedures for managing security incidents, and in the event of any personal data breach, we will notify the National Supervisory Authority for Personal Data Processing and, if applicable, the affected individuals, as required by law.

  1. Profiling

The Romanian Football Federation (FRF) may use the personal data you provide to better understand the interests, preferences, and behaviors of users of our platforms. This information allows us to personalize the communications, offers and content we provide to you, ensuring that they are relevant and suited to your needs.

Thus, through profiling and behavioral advertising activities, FRF aims to offer you a personalized experience on its digital platforms, as well as in its marketing campaigns.

If you do not wish to participate in such profiling activities or receive personalized behavioral advertisements, you can opt out through international advertising preference management platforms, such as:

Additionally, you can manage and adjust advertising settings and privacy preferences on the social media and digital platforms you use, such as Facebook, Instagram, Google, or X (Twitter).

It is important to note that FRF does not use personal data to make automated decisions that have a direct legal impact or significant effects on you, in accordance with applicable data protection regulations.

 

  1. Children’s privacy

The protection of personal data of children is of particular concern to the Romanian Football Federation (FRF). Our digital platforms, including websites, mobile applications, and online services, are not intended for users under the age of 13, in accordance with applicable recommendations and legal requirements regarding children’s data protection.

For users aged 13 to 16, FRF recommends the active involvement of parents or legal representatives in the registration process, use, and provision of personal data on our platforms. It is important that they are informed and grant their consent to the use of personal data in accordance with applicable laws.

FRF does not deliberately collect personal data from children under the age of 13 and does not permit the registration of minors aged 13 to 16 without the express consent of their parents or legal guardians.

In the event that FRF becomes aware that a child under the age of 13, or a minor aged 13 to 16 without parental consent, has provided personal data, it will promptly delete the account and all associated information, in accordance with internal procedures and data protection legal requirements.

For any situation related to children’s personal data, parents or legal guardians can contact FRF through the official contact channels to request the verification, deletion, or restriction of the processing of such data.

  1. Links to other websites

The digital platforms of the Romanian Football Federation (FRF) may include links to websites and services operated by third parties, such as partners, sponsors, social media networks, or service providers. These links are provided solely for informational purposes and to facilitate users’ access to other relevant resources.

It is important to keep in mind that FRF does not have any control over the content, privacy policies, or personal data processing practices of such third parties. Consequently, FRF cannot be held liable for the manner in which such entities collect, use, or protect your personal data.

We strongly recommend that you carefully review the privacy policies and terms of use of each third-party website that you access before providing any personal data.  Thus, you can understand how your data are protected and what your rights are in relation to those platforms.

  1. Amendments to the Privacy Policy

The Romanian Football Federation reserves the right to periodically update and amend this Privacy Policy to reflect changes in legislation, technological developments, or modifications in the way we collect and process your personal data.

Any material change will be communicated in a clear and transparent manner, particularly to users who have a direct relationship with FRF through our platforms or other means of communication. If applicable laws so require, we will request your express consent before implementing any changes that affect the processing of personal data.

The date of the last update to this Policy is always indicated at the beginning of the document. We recommend that you periodically refer to this Policy to stay informed about how FRF protects your personal data and respects your rights.

  1. Contact

For any questions or requests related to this Privacy Policy, please contact:

Federația Română de Fotbal – Responsabil cu Protecția Datelor

Str. Vasile Șerbănică nr. 12, Sector 2, București, România

E-mail: dpo@frf.ro