FootyMind's Commitment to GDPR Compliance
Last Updated: January 1, 2025
FootyMind is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and outlines your rights as a data subject.
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union (EU) and European Economic Area (EEA). It strengthens data protection rights for individuals and imposes strict obligations on organizations that process personal data.
Important: This page is specifically focused on GDPR compliance. For comprehensive information about our privacy practices, please also read our Privacy Policy.
Understanding GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is EU legislation that:
- Protects the personal data and privacy of EU/EEA citizens
- Gives individuals greater control over their personal information
- Harmonizes data protection laws across Europe
- Applies to any organization processing EU citizens' data, regardless of location
- Imposes significant penalties for non-compliance (up to €20 million or 4% of annual turnover)
Who Does GDPR Apply To?
GDPR applies to:
- EU/EEA Residents: If you're located in the EU or EEA, GDPR protects your data
- UK Residents: The UK has its own version (UK GDPR) with similar protections
- Organizations: Any company processing EU citizens' data, regardless of where the company is based
What is Personal Data?
Under GDPR, personal data is any information relating to an identified or identifiable person, including:
- Name, email address, phone number
- IP address, device identifiers
- Location data
- Online identifiers (cookies, user IDs)
- Behavioral data (browsing history, preferences)
- Any other information that can identify you directly or indirectly
Your Rights Under GDPR
GDPR grants you comprehensive rights over your personal data. FootyMind respects and facilitates the exercise of these rights.
1. Right to Access (Article 15)
What it means: You have the right to know what personal data we hold about you.
You can request:
- Confirmation that we're processing your data
- A copy of your personal data we hold
- Information about how we use your data
- Details about data recipients and retention periods
- Information about automated decision-making (if applicable)
How to exercise: Email us at gdpr@footymind.com with "Subject Access Request" in the subject line.
Timeframe: We will respond within 30 days (may be extended to 60 days for complex requests).
2. Right to Rectification (Article 16)
What it means: You can correct inaccurate or incomplete personal data.
You can request:
- Correction of inaccurate information
- Completion of incomplete data
- Updates to outdated information
How to exercise: Update your account settings directly, or contact us at gdpr@footymind.com.
Timeframe: We will correct or complete your data within 30 days.
3. Right to Erasure / "Right to be Forgotten" (Article 17)
What it means: You can request deletion of your personal data.
When this applies:
- The data is no longer necessary for its original purpose
- You withdraw consent and there's no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Legal obligations require erasure
Exceptions: We may refuse if the data is needed for:
- Compliance with legal obligations
- Establishment, exercise, or defense of legal claims
- Public interest purposes
How to exercise: Email gdpr@footymind.com with "Right to Erasure Request" in the subject.
Timeframe: We will delete your data within 30 days, unless exceptions apply.
4. Right to Restriction of Processing (Article 18)
What it means: You can limit how we use your data while issues are resolved.
When you can restrict processing:
- You contest the accuracy of the data (during verification)
- Processing is unlawful, but you don't want erasure
- We no longer need the data, but you need it for legal claims
- You've objected to processing (pending verification of legitimate grounds)
What happens: We will store the data but not actively use it (except with your consent or for legal claims).
How to exercise: Contact gdpr@footymind.com with your restriction request.
5. Right to Data Portability (Article 20)
What it means: You can receive your data in a structured, commonly used, machine-readable format.
What you can request:
- A copy of your data in CSV, JSON, or XML format
- Transfer of your data directly to another service provider (where technically feasible)
Limitations: Only applies to data you provided to us based on consent or contract, and only to automated processing.
How to exercise: Email gdpr@footymind.com with "Data Portability Request."
Timeframe: We will provide your data within 30 days.
6. Right to Object (Article 21)
What it means: You can object to certain types of data processing.
When you can object:
- Direct Marketing: Absolute right to object at any time (we must stop immediately)
- Legitimate Interests: You can object if processing is based on our legitimate interests
- Profiling: You can object to automated decision-making and profiling
How to exercise:
- For marketing: Click "Unsubscribe" in emails or contact unsubscribe@footymind.com
- For other objections: Email gdpr@footymind.com
7. Rights Related to Automated Decision-Making (Article 22)
What it means: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
FootyMind's Position: We do not make automated decisions that legally or significantly affect you. Our prediction algorithms are for informational purposes only.
8. Right to Withdraw Consent (Article 7)
What it means: If we process your data based on consent, you can withdraw that consent at any time.
How to exercise:
- Account settings for marketing preferences
- Cookie settings in your browser
- Email gdpr@footymind.com to withdraw consent
Effect: Withdrawal doesn't affect the lawfulness of processing before withdrawal.
How to Exercise Your GDPR Rights
Contact Methods
To exercise any of your GDPR rights, contact us using:
Primary Contact - Data Protection Officer
- Email: gdpr@footymind.com
- Alternative Email: dpo@footymind.com
- Subject Line: Include the specific right you're exercising (e.g., "Subject Access Request")
Postal Address
Data Protection Officer
FootyMind
[Your Company Address]
[City, Postal Code]
[Country]
What to Include in Your Request
To process your request efficiently, please include:
- Your Full Name: As registered on your account
- Email Address: Associated with your FootyMind account
- Specific Request: Clearly state which right you're exercising
- Additional Details: Any relevant information to help us locate your data
- Proof of Identity: We may request verification to protect your data
Identity Verification
To protect your privacy, we may need to verify your identity before processing requests. We may ask for:
- Confirmation of email address
- Account details
- Government-issued ID (for sensitive requests)
Response Timeframes
- Standard Response: Within 30 days of receiving a valid request
- Complex Requests: May be extended to 60 days (we'll inform you within 30 days)
- Free of Charge: First request is free; excessive requests may incur a reasonable fee
When We May Refuse
We may refuse or limit requests if:
- The request is manifestly unfounded or excessive
- Legal obligations prevent compliance
- We need to establish, exercise, or defend legal claims
- Public interest overrides your rights
If we refuse, we'll explain why and inform you of your right to complain to a supervisory authority.
Legal Basis for Processing Your Data
Why We Need a Legal Basis
Under GDPR, we must have a valid legal reason to process your personal data. We rely on the following legal bases:
1. Consent (Article 6(1)(a))
What it is: You've given clear, specific permission for processing.
When we use it:
- Marketing emails and newsletters
- Non-essential cookies
- Optional features requiring data sharing
Your control: You can withdraw consent at any time.
2. Contract Performance (Article 6(1)(b))
What it is: Processing is necessary to provide our services.
When we use it:
- Creating and managing your account
- Providing football predictions and tips
- Delivering requested services
- Processing transactions (if applicable)
3. Legal Obligation (Article 6(1)(c))
What it is: We must process data to comply with the law.
When we use it:
- Tax and accounting requirements
- Responding to lawful requests from authorities
- Age verification for gambling-related services
- Anti-money laundering checks (if applicable)
4. Legitimate Interests (Article 6(1)(f))
What it is: Processing is necessary for our legitimate business interests, provided your rights don't override them.
When we use it:
- Website analytics to improve user experience
- Fraud prevention and security measures
- Network and information security
- Improving our prediction algorithms
- Direct marketing to existing customers (with easy opt-out)
Balancing test: We've assessed that these interests don't override your rights and freedoms.
5. Vital Interests (Article 6(1)(d))
What it is: Processing is necessary to protect someone's life.
When we use it: We generally don't rely on this basis, but it may apply in emergency situations.
How FootyMind Complies with GDPR
Our GDPR Compliance Measures
1. Data Protection by Design and Default
We build privacy into our systems from the ground up:
- Privacy-friendly settings as default
- Minimal data collection (only what's necessary)
- Privacy impact assessments for new features
- Regular security audits and updates
2. Transparent Information
- Clear, plain-language privacy notices
- Detailed information about data processing
- Easy-to-find privacy policies and documentation
- Notification of any significant changes
3. Data Security
- Encryption of data in transit (SSL/TLS) and at rest
- Access controls and authentication
- Regular security testing and vulnerability assessments
- Staff training on data protection
- Incident response procedures
- Data breach notification protocols (within 72 hours to authorities)
4. Data Minimization
- We only collect data that's necessary for our purposes
- We don't collect excessive or irrelevant information
- We regularly review and delete unnecessary data
5. Storage Limitation
- Data is kept only as long as necessary
- Clear retention periods for different data types
- Automatic deletion of data when retention period expires
- Secure erasure methods for deleted data
6. Third-Party Processors
- We only work with GDPR-compliant service providers
- Data Processing Agreements with all processors
- Regular audits of third-party compliance
- Ensuring processors implement appropriate security measures
7. International Data Transfers
When transferring data outside the EU/EEA, we use:
- Standard Contractual Clauses (SCCs): EU-approved contracts for data transfers
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Binding Corporate Rules: Internal policies for multinational companies
- Appropriate Safeguards: Additional security measures for international transfers
8. Records of Processing Activities
- We maintain detailed records of all data processing activities
- Documentation of purposes, categories of data, recipients
- Records available to supervisory authorities upon request
9. Data Protection Impact Assessments (DPIA)
- We conduct DPIAs for high-risk processing activities
- Evaluation of necessity and proportionality
- Assessment of risks to individuals' rights
- Implementation of measures to mitigate risks
What Data We Process and Why
Categories of Personal Data
Below is a comprehensive overview of the personal data we collect, how we use it, and how long we retain it:
| Data Category | Examples | Purpose | Legal Basis | Retention Period |
|---|---|---|---|---|
| Account Data | Name, email, password, username | Account management, authentication | Contract | Account lifetime + 1 year |
| Usage Data | Pages visited, clicks, time spent | Improve services, analytics | Legitimate Interests | 24 months |
| Device Data | IP address, browser, device type | Security, fraud prevention | Legitimate Interests | 12 months |
| Preference Data | Favorite teams, notification settings | Personalization | Consent / Contract | Account lifetime |
| Communication Data | Support emails, feedback | Customer service | Legitimate Interests | 3 years |
| Marketing Data | Email consent, preferences | Newsletter, promotions | Consent | Until withdrawn |
| Cookie Data | Cookie IDs, preferences | Functionality, analytics | Consent | Varies (see Cookie Policy) |
We retain your data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. You can request deletion of your data at any time by contacting our Data Protection Officer.
Children's Privacy Under GDPR
Age Requirements
FootyMind does not knowingly collect personal data from children under 16 (or the applicable age of digital consent in your country) without parental consent.
Important Notes:
- Our services are intended for users 18+ due to gambling-related content
- We do not target or market to children
- If we discover we've collected data from a child without proper consent, we'll delete it
Parental Rights
If you're a parent or guardian and believe your child has provided us with personal data:
- Contact us immediately at gdpr@footymind.com
- We will verify the situation and delete the data if necessary
- You have the right to access, rectify, or erase your child's data
Data Breach Notification
Our Obligations
Under GDPR, if a data breach occurs that poses a risk to your rights and freedoms, we will:
To Supervisory Authority
- Notify within 72 hours of becoming aware of the breach
- Provide details of the breach, its impact, and our response
- Document all breaches, even if not reported
To Affected Individuals
- Notify you without undue delay if the breach poses a high risk
- Describe the nature of the breach in clear language
- Provide contact details of our DPO
- Explain the likely consequences and our mitigation measures
- Advise you on steps to protect yourself
Our Security Measures
We take extensive measures to prevent breaches:
- Regular security audits and penetration testing
- Employee training on data security
- Incident response plan and procedures
- Continuous monitoring for suspicious activity
- Encryption and access controls
Right to Lodge a Complaint
Supervisory Authorities
If you're unhappy with how we've handled your personal data or your GDPR rights, you have the right to lodge a complaint with a supervisory authority.
Where to Complain
You can complain to the supervisory authority in:
- The EU country where you live
- The EU country where you work
- The EU country where the alleged infringement occurred
Key Supervisory Authorities
United Kingdom
- Information Commissioner's Office (ICO)
- Website: www.ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Ireland
- Data Protection Commission (DPC)
- Website: www.dataprotection.ie
- Phone: +353 57 868 4800 / +353 (0)761 104 800
Germany
- Federal Commissioner for Data Protection and Freedom of Information (BfDI)
- Website: www.bfdi.bund.de
France
- Commission Nationale de l'Informatique et des Libertés (CNIL)
- Website: www.cnil.fr
Other EU Countries
Find your national supervisory authority at: EDPB Member List
We Encourage Direct Contact First
While you have the right to complain to a supervisory authority, we encourage you to contact us first at gdpr@footymind.com. We're committed to resolving any concerns you may have.
Updates to This GDPR Compliance Page
Changes and Notifications
We may update this GDPR Compliance page to reflect:
- Changes in data protection laws or regulations
- Updates to our data processing practices
- New features or services
- Feedback from supervisory authorities
How We Notify You
For significant changes, we will:
- Update the "Last Updated" date at the top of this page
- Display a prominent notice on our website
- Send email notifications to registered users
- Request consent again if required by law
Version History
We maintain records of previous versions of this policy. Contact us if you'd like to review historical versions.
Contact Our Data Protection Officer
Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee our GDPR compliance. You can contact our DPO for:
- Questions about how we process your data
- Exercising your GDPR rights
- Privacy concerns or complaints
- Data protection inquiries
Contact Information
- Email: dpo@footymind.com
- Alternative Email: gdpr@footymind.com
- Response Time: Within 30 days
Related Policies
For more information about our data practices:
- Privacy Policy - Comprehensive privacy information
- Cookie Policy - How we use cookies
- Terms of Service - Legal terms of use
- Disclaimer - Important service information
Your Privacy is Our Priority
At FootyMind, we take your data protection rights seriously. We're committed to:
- Full transparency about how we use your data
- Respecting and facilitating your GDPR rights
- Implementing robust security measures
- Continuous improvement of our data protection practices
- Prompt and helpful responses to your inquiries
Your GDPR Rights Summary:
✓ Access: Get a copy of your data
✓ Rectification: Correct inaccurate data
✓ Erasure: Request deletion ("right to be forgotten")
✓ Restriction: Limit how we use your data
✓ Portability: Receive your data in a portable format
✓ Object: Stop certain types of processing
✓ Withdraw Consent: Change your mind at any time
✓ Complain: Lodge complaints with supervisory authorities
Contact us anytime at gdpr@footymind.com to exercise your rights.
Your data, your rights, your control. We're here to help.