In order to perform its aims to be the supreme body responsible for the sport of chess and give National Federations, players and any other individual the services FIDE is intended to give as they are listed in the Statutes, it needs to collect, store and process personal data.

FIDE cares that the data are handled in a fair and transparent way and makes all the necessary efforts to enforce this goals.

1. DATA CONTROLLER, REPRESENTATIVE, DPO, DATA PROTECTION COMMITTE

Data Controller:

FIDE – Federation Internationale des Echecs, whose legal seat is Avenue de Rhodanie 54 – 1007 Lausanne, Switzerland.

Current legal representative is its President Mr. Arkady Dvorkovich.

As per decision Q2PB/2019/11 FIDE designated the following officials:

Data Protection Committee:

Mr Willy Iclicki (BEL): Data Protection Officer;

Mr Marco Biagioli (ITA): Data Protection Legal Advisor;

Mr Vladimir Kukaev (RUS): Data Protection Technical Advisor.

Data Protection Representative for the European Union:

Mr Willy Iclicki (BEL).

Data Protection Officer:

Mr Willy Iclicki (BEL).

2. CONTACTS

Data Protection Representative for the European Union and Data Protection Officer:

Mr Willy Iclicki (BEL) whose seat inside the European Union is Avenue du Globe 55 – Box 20 – 1190 Brussels, Belgium.

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Data Protection Committee:

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

SECTION A: GENERAL PROVISIONS FOR ORDINARY DATA COLLECTION

3. PURPOSE OF DATA COLLECTION

FIDE collects data in a fair and transparent way only in order to let itself, its internal bodies and its services work.

The use and storage of the relevant data is necessary in order:

• to let FIDE internal bodies, boards, commissions and committees perform their duties according to the Statutes and the Regulations, as well as according to the relevant decisions on their goals;
• to let FIDE services, among which there are FIDE Rating System (FRS), FIDE titles and classification of players, arbiters, organizers, trainers and officials, properly function;
• to maintain the functionalities of FRS: like in any other sport, FRS is necessary to estimate the strength of the players and create a ranking of them to let any sport activity (championships, tournaments) be run in a fair way;
• to properly let FIDE to give titles according to the relevant Regulations;
• to let FIDE appoint people to any duty in its internal bodies or to any role in its events.

4. LEGAL BASIS

Data are collected and processed by legal agreement and in order to provide the services requested to FIDE itself.

FIDE processes data in a fair and legitimate way only if it is necessary for the abovementioned services to work properly: by participating to any FIDE rated event, as inserted in FRS by any National Federation, and by requesting any National Federation to issue a FIDE Identification Number (FIN), or by requesting FIDE to be included in the directory or any other list, you agree to the process, as indicated above.

5. HOW FIDE COLLECTS DATA – DATA COLLECTORS

FIDE collects data in several different ways:

• Data can be inserted in FRS by National Federations, directly.

In this case, FIDE notifies the insertion of the data in the system by sending an email to the individual whose data were collected, hence he is informed that a National Federation inserted his data in FRS and might exert his rights.

• Data can be inserted in FRS by Elista FIDE Office (EFO), directly.

In this case, FIDE uploads and stores data only after having received an explicit consent by the individual whose data are going to be collected.

• Data can be sent by any individual himself, by sending an email to the Administration or manually registering in the FIDE website or connected services.

In this case, FIDE stores data only after having received an explicit request by the individual himself.

In all the abovementioned cases, for underage people (in the country they are citizens of) consents are given or requests are made by their legal tutors and confirmed by the individuals themselves after the majority.

6. COLLECTED DATA

FIDE collects different data according to the level as mentioned here following:

• For any individual included in FRS and any other individual to whom FIDE issues a FIN: Name, Surname, Birthday, Federation, Gender (M or F), email address.

When the Administration requires a confirmation about the abovementioned data, it may require a copy of an official identification document.

This data are ordinarily submitted by National Federations and notified to the single individual as per point nr. 5.

• For people receiving prizemoney or refunds directly from FIDE, it also collects physical addresses, phone numbers and bank details and local taxes details.

This data are ordinarily provided directly from the single individual.

• For officials, organs, and people permanently or temporarily involved in the Administration FIDE also collects a second email address, physical addresses, phone numbers and bank details.

This data are ordinarily provided directly from the single individual.

• For people applying for titles or exchange of Federation FIDE also collects physical addresses, phone numbers, place of birth and nationality.

This data are provided from the single individual trough his National Federation.

• In case of stipulation of specific contracts, additional data may be required for specific purposes and upon specific consent.

This data are provided directly from the single individual.

• For FIDE employees, FIDE also collects tax details, and social insurance number/details and any other data required by national authorities upon a legal obligation.

This data are provided directly from the single individual.

FRS may host a picture of anyone who is recorded in the database.

Underage people photos are not displayed in any case until they reach the majority, unless it is sent personally by their legal tutors.

Photos about any other person included in FRS are displayed only upon his or his Federation request addressed to FIDE offices.

In case that FIDE suspects the request needs to be confirmed, may ask the owner to confirm his willing his picture to be displayed on FRS.

Photos taken during sport public events has not such restrictions.

7. DATA COLLECTING ACTIVITY AND REFUSAL

Data collection is necessary in order to achieve the purposes and complete the activities above indicated.

In case of refusal to let your data, as indicated above, be processed by FIDE, the abovementioned activities shall be impossible.

Thus, in case of refusal, the following consequences shall occur:

• For any individual to be included in FRS and any other individual requiring a FIN, refusal prevents that individual to be included in FRS and take part to any chess event;
• For people entitled to receive a prizemoney or refunds directly from FIDE, refusal prevents FIDE to make any payment.
• For officials, organs, and people permanently or temporarily involved in the Administration, refusal of data policy as mentioned in their contract or appointment letter, prevents FIDE to include the name in the directory and the appointment to progress.
• For people applying for titles or exchange of Federation, refusal prevents FIDE to process their application.
• In case of stipulation of specific contracts which require additional data, refusal prevents the contract to be concluded.
• For people applying for a job, refusal prevents FIDE to sign the contract.

8. FORMAT OF STORAGE

Your data are stored electronically and in paper.

The electronic data archives are stored in FIDE servers, which are located in Germany and Russia. Safety measures as described in point nr. 16 protects the electronic archives.

The paper archive is stored in Lausanne, at the FIDE main office, in classified files in closed rooms.

9. HOW FIDE PROCESSES DATA

FIDE processes data in automatic and manual ways:

• Automatic processes include publication in FIDE website of the first level information, rating calculation, putting inactive flag, and statistical outputs on rating variation, national/continental rankings and enquires inside the database on any index. Automatic processes are made by computer programs which operate on the database.
• Manual processes include any edit or change to single data, or any variation upon single application, or exchanging federation, merge, separate, delete and add single records, exporting lists of players and results, downloading rating lists. Manual processes include also any kind of search and enquiry of the database directly performed by any FIDE website visitor or operator.

10. SPECIAL PROCESSES CONNECTED TO SPECIAL OBLIGATIONS (DOPING AND CHEATING PREVENTION)

FIDE Medical Commission and FIDE Fair Play Commission performs special processes connected to doping and cheating prevention in sport.

Special processes are necessary in order to maintain FIDE integrity as a global sport organization and as a part of the obligations FIDE has got, being recognized by the IOC and member of the WADA.

Special processes connected to these purposes includes personal data collected during the process itself and/or anti-doping or anti-cheating investigations.

Personal o sensitive data are acquired only directly from the owner and subject to maximum level of confidentiality.

They are stored in the computers in use to both the chairmen and the secretaries of the relevant Commissions, in respect of their mission.

Only member of the relevant commissions can be granted access to that kind of data and only if it necessary to perform test or investigations.

The Commissions may acquire information and consultations from external consultants who have no access to names and any other element, which can lead to anyone’s identification.

FIDE Medical Commission, as a part of anti-doping process, enters data and hold them through WADA's ADAMS platform, which is encrypted and safeguarded through passport access.

11. LEVEL OF DATA PUBLICATION

Data stored on FRS can be seen and displayed at different level in FIDE public website or through private access.

• Any visitor of FIDE website may see: Name, Surname, Year of birth, Federation, Gender (M or F), rating, title and inactivity flag, history of games of any person included in FRS.
• Any visitor of FIDE website may see also: email address, physical address, phone number and place and full birthday of any person who applied for a title and put voluntarily those data on the application form.
• Any visitor of FIDE website may see also: email address, physical address, phone number of any Federations’ official included in the directory.
• National Rating Officers or the people designated by National Federations have full access to all the records of the players of their Federation, including all the abovementioned information.
• The personnel of EFO have full access to all the records of the database, including all the abovementioned information and the full history of data editing.

People who has full access to any information are enlisted in FIDE directory under the pages of any specific Federation (Rating Officer/General Secretary) and Elista Office.

All these people agrees to a non-disclosure policy on the data they can put or see from FRS.

12. PROFILE

FIDE profiles data in order to make statistical outputs and results of world/continental/national results and rankings.

Under the section A of this policy regulations, data of those people who didn’t give any specific consent are not used to be profiled for other purposes than sport statistic outputs.

13. DURATION

FIDE stores data without any term: your personal data will be stored until your decision them to be deleted, duly communicated as per point nr. 18.

The only case data are cancelled from the database is on request of the owner or his heirs. After cancellation, your data will be stored only for historical reasons in the tournament archives.

14. DATA TRANSFER

Your personal data are stored and protected in FIDE servers which are located in Germany. Backup copies are also stored in FIDE server in Russia.

Your personal data can be transferred:

• To any National Federation with restriction to data of their own individuals;
• To any FIDE internal body, committee or commission, and the members of them with no restrictions, officials and organs;
• To World Chess Events Ltd. (based in London – UK), up to the end of their contract, with restriction to data already displayed on FIDE website to any visitor of it, and only for organizational purposes;
• Developers of FIDE website only in order to test and improve FIDE website functionalities;

Due to the fact data can be transferred to any internal body, committee or commission, officials and organs, they can be sent in any country whose members are included in FIDE directory.

15. DISCLOSURE

FIDE is not disclosing data to any kind of company, body or individual for commercial purposes, nor it is profiling anyone for such goals.

16. DATA SECURITY

FRS access is password protected and has password restore utility. FRS users can change their passwords and they are not disclosed to anyone.

Part of FRS which access is restricted to EFO is closed for access by firewall IP access limit, webserver IP access limit and username/password. FIDE also uses firewall blocking for database and servers, which access is restricted to EFO IP.

FIDE webserver is protected from attack blocking (URL injections, DDos attacks) and performs regular security audits for vulnerabilities.

Backups of main database are done daily and stored on remote machines, which are located in Russia and Germany.

Any personal data included in FRS is encrypted.

17. YOUR RIGHTS

You have anytime the right to:

1. Check the existence of your data in FIDE databases;
2. Request from FIDE access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
3. Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
4. Lodge a complaint with a supervisory authority;
5. Check the origin from which the personal data belong, and if applicable, whether it came from publicly accessible sources;
6. Know the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

• Actions under point A can be performed directly by any individual by checking in FRS from the public access in FIDE website.
• Actions under point B and C shall come through a National Federation. In case a National Federation is refusing to perform such actions or is not performing them in a deadline of 30 days, they can be taken directly by sending a signed letter to FIDE DPO at the abovementioned address, enclosing a copy of an official identity document and a valid email address.

FIDE Administration will notify the request by email and will proceed upon your confirmation.

• Action under point D shall be taken according to any supervisory authority’s own procedure (please refer to: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en?2nd-language=lt
• Actions under E and F can be taken directly by sending an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it , enclosing a copy of an official identity document and a valid email address.

18. DATA CANCELLATION

You have anytime the right to ask FIDE to delete your personal data from the database: by taking such an action you are aware that data cancellation from FRS prevents you to take part to any FIDE rated event.

This request shall come through a National Federation and it will be confirmed by itself.

In case a National Federation will refuse to ask the erasure of your data or will not do it in a deadline of 30 days, you can apply directly by sending a signed letter to FIDE DPO at the abovementioned address enclosing a copy of an official identity document and a valid email address.

FIDE Administration will notify the request by email and will proceed upon your confirmation.

After the cancellation, your data will be stored in historical reports of any played tournament or championship and title repository.

The already made processes based on previous consent shall be legal and lawful also after the withdrawn of the consent and/or the request of data erasure.

19. DATA BREACH

In case of a data breach FIDE will notify immediately the fact and act according to the provision of the regulations.

20. LEGAL OBLIGATIONS THROUGH ADMINISTRATIVE AUTHORITIES

If the following situations occur FIDE shares information with any entitled regulatory or administrative National authority, police or judiciary:

• When a legal request is addressed to FIDE or FIDE believes in good faith to have the legal obligation to do that;
• When a Law or any judiciary orders FIDE to act in a specific way;
• When it is found that FIDE databases are used to make any breach of a Law or personal data inserted in FRS are found to be false, or there is clear danger of misuse of someone’s personal data;
• If any entitled regulatory or administrative National authority asks FIDE to share any information for a legal reason, FIDE may store data even in case of withdrawn of consent in order to fulfil any requested action.

21. NOTIFICATIONS OF ANY CHANGE OF DATA PROTECTION POLICY

In case of any change of this data protection policy FIDE will personally notify to all members whose email address is stored in its database of the changes.

FIDE will also announce any change with special notices on its website.

Any change will be effective after 30 days from its announcement: meanwhile everyone has the right to ask his data to be restricted or erased with the consequences indicated under point nr. 7.

22. DISPUTES

Disputes not subjected to administrative or regulatory authorities shall be solved in Lausanne competent Court.

SECTION B: PREMIUM SERVICES ONLY FOR CHESS-ID PROGRAM SUBSCRIBERS

23. PURPOSE OF DATA COLLECTION

Only for Chess-ID subscribers, FIDE collects data, in addition to what already described under Section A, in a fair and transparent way also in order to give the subscribers the special services indicated in Chess-ID program portal.

These services may include advertisement for specific tournaments, promoting FIDE events and activities, promoting FIDE partners’ products and services, giving news feed and putting in touch various people of the chess community.

24. LEGAL BASIS

For the purposes of Chess-ID special services, data are collected and processed only by legal agreement and in order to provide the services themselves.

FIDE processes data in a fair and legitimate way only if it is necessary to provide the services requested by the subscribers at the act of registering or in a following time.

25. HOW FIDE COLLECTS DATA – DATA COLLECTORS

For the purposes of Chess-ID special services, FIDE collects data only upon registration of the single user and upon his specific consent.

People younger than 16 years old are not allowed to share their data and put their consent to the premius services.

26. COLLECTED DATA

For any individual registering in Chess-ID portal, and in order to provide the specific services, FIDE collects: Name, Surname, Birthday, Federation, Gender (M or F), Elo, title, email address, physical addresses, phone numbers, geo-localised position, pictures.

When the portal management requires a confirmation about the abovementioned data, it may require a copy of an official identification document.

This data can only be provided directly from the single individual.

27. DATA COLLECTING ACTIVITY AND REFUSAL

Data collection is necessary in order to provide the special services of the Chess-ID portal. In case of refusal to let your data, as indicated above, be processed by FIDE, the abovementioned premium services cannot be provided.

28. FORMAT OF STORAGE

Your data are only stored electronically.

The electronic data archives are stored in FIDE servers, which are located in Germany and Russia. Safety measures as described in point nr. 34 protects the electronic archives.

29. HOW FIDE PROCESSES DATA

For any individual registering in Chess-ID portal, FIDE processes data in automatic and manual ways:

• Automatic processes include profiling, advertising, sending news feeds and newsletters, providing events information and putting in touch with other people. Automatic processes are made by computer programs which operate on the database.
• Manual processes include any edit or change to single data, or any variation upon single application or any other process directly requested from the user.

30. LEVEL OF DATA PUBLICATION

Data stored in Chess-ID portal can be seen by any other member of Chess-ID portal according to your preferences.

Privacy preferences can be changed from the relevant tab.

31. PROFILE

FIDE profiles your data in order to provide you a personal experience of Chess-ID portal.

Hence FIDE processes your data about geographical position, Elo, title and game history and played tournaments in order to advice you in events, products, services of FIDE and its partners, and give you personalised information and news.

32. DURATION

FIDE stores data for Chess-ID portal until your decision them to be deleted, from the relevant tab.

33. DATA TRANSFER

Your personal data given to Chess-ID portal and upon specific consent can be transferred, according to your preferences:

• To any National Federation;
• To any FIDE internal body, committee or commission, and the members of them, officials and organs;
• To World Chess Events Ltd. (based in London – UK);
• Developers of FIDE website;
• FIDE commercial partners;
• Any other person who subscribed to Chess-ID portal.

34. DATA SECURITY

Chess-ID portal is password protected and has password restore utility. Users can change their passwords and they are not disclosed to anyone.

The portal is closed for access by username/password and passport utility from third party applications.

Chess-ID webserver is protected from attack blocking (URL injections, DDos attacks) and performs regular security audits for vulnerabilities.

Backups of main database are done daily and stored on remote machines, which are located in Russia and Germany.

Any personal data included in Chess-ID portal is encrypted.

35. YOUR RIGHTS

You have anytime the right to:

1. Check the existence of your data in Chess-ID portal;
2. Request from FIDE access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
3. Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
4. Lodge a complaint with a supervisory authority;
5. Check the origin from which the personal data belong, and if applicable, whether it came from publicly accessible sources;
6. Know the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Any action can be performed directly from the relevant privacy page of Chess-ID portal.

36. DATA CANCELLATION

You have anytime the right to ask FIDE to delete your personal data from the database of Chess-ID portal. Moreover, asking FIDE to be erased from FRS according to Section A, point nr. 18 lead to cancellation from Chess-ID portal.

By taking such an action you are aware that data cancellation from Chess-ID portal prevents you to get the relevant services of Chess-ID.

Any action can be performed directly from the relevant privacy page of Chess-ID portal.

37. DATA BREACH

In case of a data breach FIDE will notify immediately the fact and act according to the provision of the regulations.

38. LEGAL OBLIGATIONS THROUGH ADMINISTRATIVE AUTHORITIES

If the following situations occur FIDE shares information with any entitled regulatory or administrative National authority, police or judiciary:

• When a legal request is addressed to FIDE or FIDE believes in good faith to have the legal obligation to do that;
• When a Law or any judiciary orders FIDE to act in a specific way;
• When it is found that FIDE databases are used to make any breach of a Law or personal data inserted in Chess-ID portal are found to be false, or there is clear danger of misuse of someone’s personal data;
• If any entitled regulatory or administrative National authority asks FIDE to share any information for a legal reason, FIDE may store data even in case of withdrawn of consent in order to fulfil any requested action.

39. NOTIFICATIONS OF ANY CHANGE OF DATA PROTECTION POLICY

In case of any change of this data protection policy FIDE will personally notify to all subscribers of Chess-ID portal.

40. DISPUTES

Disputes not subjected to administrative or regulatory authorities shall be solved in Lausanne competent Court.

FIDE Data Protection Policy version 1.0 – August 2019