Collecting your data
What information do we collect from you?
We may request specific Personal Data about you in order to help us bring Basketball to the World, improve our services and/or deliver a product or a service that you’ve asked for. You may choose not to provide your Personal Data, but then you might not be able to take advantage of some of the features of our Website and Services. We only collect basic Personal Data about you as defined in the GDPR. Nor do we collect any information about criminal convictions and offenses.
The types of Personal Data we collect and save include:
- Contact and account registration information such as name, email address, physical address, date of birth, and phone number;
- Financial and transactional information such as bank or credit card information, details about payments to and from you and details of products and Services you have purchased or otherwise obtained from us;
- Information that you provide in using our Services, such as information about your customers, their addresses, financial information, and similar content you process through the Services;
- Medical Data that comes directly from you and/or your physician(s) via the TUE application form.
- Marketing and Communications Data including your email address, your preferences in receiving marketing from us and our third parties and your communication preferences;
- Information you provide such as feedback, comments or other messages; and
- Technical and usage information collected in our logs. Such information may include standard web log entries that contain your IP address, page URL, browser plug-in types and versions, device information and identifier, operating system information, and timestamp.
We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, device type, the operating system you are using, and the domain name of your Internet service provider. Aggregated data may be derived from your Personal Data, but is not itself Personal Data and it cannot be used, either on its own or together with other data, to directly or indirectly reveal your identity.
How we use it ?
The collection and use of your Personal Data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your Personal Data or because it is in our legitimate interests. Specifically, we may use your Personal Data for the following purposes:
- Share information about the game we all love;
- Deliver the products, services and transactions you’ve asked for;
- Up our game, by using your data to improve how we deliver services and information;
- Allocate and sell tickets fairly;
- Manage your account and any memberships you have;
- Enhance our digital services and make them even easier to use;
- Create content, such as videos;
- Let you know about products, events and offers;
- Share news about products, events and offers from third parties we work with, with your consent;
- Answer your questions and comments;
- Keep our competitions safe and secure by stopping any potential illegal activity;
- Customise the advertising you see;
- Comply with our Terms of Service.
We apply very high data protection standards. In particular, we will not disclose any Personal Data to third parties unless authorized to do so by law or by virtue of your consent (which does not in any way restrict our rights as provided by the applicable laws).
What Are Your Choices Regarding Our Marketing Materials?
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. We will obtain your consent with regard to sending you marketing and advertising materials per regulation requirements. In general, we will provide a button, checkbox or other means where you affirmatively opt-in to receive marketing emails or other communications from us. You can change your preferences or ask us to stop sending you marketing messages and/or remove your email from our mailing lists by contacting us at firstname.lastname@example.org or by following the instructions within the marketing messages that you have received.
How long will we keep your personal data?
We will retain your personal information on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.
You can review, correct, update or change your data at any time. If you ask us to delete your data, we’ll do so unless there’s a legal reason that means we have to keep it. If that’s the case, we’ll let you know.
How Can You Access and Control Your Information?
After registering for an account on the Website, you may log-in to the account and edit your Personal Data in your profile. For instructions on how you can further access your Personal Data that we have collected, or how to correct errors or inaccuracies in such information, please send an e-mail to email@example.com. We will also promptly stop using your Personal Data and remove it from our servers and database at any time upon your e-mail request. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.
Sharing your data
Do we share your Personal Data?
In general, we will not share your Personal Data except for one of the following reasons:
- for the purposes for which you provided it;
- with your consent;
- as may be required by law, for example with our professional advisors, lawyers, insurers, regulators and other authorities, or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another);
- on a confidential basis with persons or organizations with whom we contract, such as our suppliers, to carry out internal site operations or as necessary to render the Services;
- for anti-doping purposes with the FIBA TUE Advisory Group, ADOs with testing authority and/or results management authority, authorised staff of the World Anti-Doping Agency (WADA), members of the TUE committees of each relevant ADO and WADA, other independent medical, scientific or legal experts;
- with our business partners only in compliance with relevant data protection laws; or
- for marketing purposes with your consent with our affiliates.
What Categories of Personal Data Do We Share?
We share only the categories of Personal Data required for us to carry out our internal site operations or as necessary to render our Services that you have requested. These categories include your contact and registration information, financial and transaction information, information you process through our Services, and your technical and usage information. As discussed above, the categories of third parties with whom we may share such Personal Data include our service providers, suppliers, business partners, affiliates and professional advisors, as well as law enforcement.
Are There Other Ways My Personal Data Could Be Shared?
International data transfers
Your Personal Data may be processed outside the country where you are located depending on the location third party service providers, governing bodies for basketball or FIBA partners who are permitted to access such Personal Data under the terms of this Data Protection Notice. Consequently, you acknowledge that Personal Data which is accessible to other users may be transferred to countries that do not benefit from the same level of Data Protection.
In such cases, we will take all reasonable steps to ensure that your Personal Data is treated safely and securely.
Competitions & ticketing
Being part of the fans, cheering for their favourite team and being thrilled by the best Basketball players in the World mean that you probably purchased a ticket for one of our FIBA competition. When applying for tickets, you agree that your data will be used, processed and stored by FIFA and our third parties. We’ll use your data for things like ticket production, sales, allocation, customer care, safety, security and rights protection. If you consent, we’ll also use your data to tell you about other FIFA products and events, as well as products and services from our third parties.
Protecting your data
We do everything possible to keep your data safe and we’re proud of the work our team members do to defend your data. But we can never guarantee that your data is safe from accidental loss and/or unauthorised access, use, alteration or disclosure. To help protect you from identity theft, we will never ask for your credit card information, account credentials or national identification/passport number by email or phone. If you send sensitive information by unencrypted email, there’s always a risk that your data will be intercepted. If you send us an unencrypted email, we’ll take it that you’re happy to accept that risk. If you suspect someone unauthorised is trying to access your data, please get in touch with us at firstname.lastname@example.org.
How Do We Store and Protect Your Information?
After receiving your Personal Data, we will store it on our Website systems for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and reasonably use the information we collect. Unfortunately, no data transmission over the Internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers’ systems.
For EEA citizens: Whenever we transfer your Personal Data from the EEA to outside of the EEA, we ensure a degree of protection is afforded to it that is similar to that of the EEA by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they provide similar protection to Personal Data shared between Europe and the US.
We store your Personal Data until you request us to remove it from our servers. We will only retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. We store our logs and other technical records indefinitely.
The policy towards children
We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, CCPA, USA Children’s Online Privacy Protection Act (“COPPA”) and associated Federal Trade Commission (“FTC”) rules for collecting Personal Data from minors. If you have concerns about this Website or its Services, wish to find out if your child has accessed our Services, or wish to remove your child’s Personal Data from our servers, please contact us at email@example.com. Our Website will not knowingly accept Personal Data from anyone under 13 years old without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided Personal Data to us, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Website without your permission, please contact us at firstname.lastname@example.org.
Collection of Information by Others
Our Website may include links that take you to certain third party websites. Please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect.
If you are an EEA/UK resident, under the data protection laws that apply to you, you may contact us at email@example.com to exercise your rights to:
- Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request corrections of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of any new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons of which we will notify you, if applicable, at the time of your request.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party), and you object to this processing as you feel it impacts your fundamental rights and freedoms. You may also object to our processing your Personal Data for direct marketing purposes. In some cases, we may deny your objection if we can demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your Personal Data. You may request us to suspend the processing your Personal Data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. Upon request, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially consented for us to use, or that we used in performing our obligations under a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. This withdrawal will not, however, affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Make a complaint to a regulator. You have the right to make a complaint at any time to your local supervisory authority with regard to data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority, so please contact us in the first instance.
Other data protection information
Links to other sites
If you can access other websites through links provided, those websites do not operate under this FIBA Data Protection Notice. If you choose to visit an advertiser or click on another third-party link, you will be directed to that third party’s website. We do not exercise control over third-party websites and therefore recommend you examine the privacy statements posted on these other websites to understand their procedures for collecting, using and disclosing personal information.
Identity theft and the practice currently known as “phishing” are of great concern to FIBA. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password or national identification numbers in a non-secure or unsolicited email or telephone communication.
If you communicate with FIBA by e-mail, through our Social media platform, or through other communication internet channels, you should note that the secrecy of internet is uncertain. By sending sensitive or confidential messages or information which are not encrypted you accept the risk of such uncertainty and possible lack of confidentiality over the Internet. In certain areas, FIBA uses industry standard SSL encryption to protect data transmissions.
We reserve the right to amend this Data Protection Notice at any time without providing reasons. If we amend this Data Protection Notice, any changes will be immediately posted on the FIBA Website and you will be deemed to have accepted the terms of the Data Protection Notice on your first use. We shall place an updated version on this page of the FIBA website. The FIBA website and/or the FIBA Apps may also provide notices of changes to this Data Protection Notice or other matters by displaying notices or links to notices.
Should you have any questions or comments on our Data Protection Notice, please do not hesitate to contact us : firstname.lastname@example.org.
Jurisdiction & application law
In the event that the provisions of this Data Protection Notice conflict with the provisions of third-party similar documents, the provisions of this Data Protection Notice shall prevail.
This Data Protection Notice and all matters arising out of or related to this Data Protection Notice shall be governed by the substantive laws of Switzerland, without regard to conflicts of laws and principles thereof.
Any controversy, claim or dispute between you and FIBA arising out of or relating to this Data Protection Notice shall be subject to the exclusive jurisdiction of the competent Court of Arbitration of Sports of the City of Lausanne, and each party hereby irrevocably consents to the jurisdiction and venue of such Court.