Privacy Policy

What this policy covers

We, the Independent Football Regulator (IFR), are committed to protecting the privacy and security of your personal information.

This privacy policy explains how we treat your personal information collected on this website. Personal information is information we hold which is identifiable as being about you.

Our collection, use and disclosure of your personal information is regulated by the United Kingdom’s General Data Protection Regulation (‘GDPR’), the Data Protection Act 2018 and the Data Use and Access Act 2025 (known as Data Protection Legislation).

The IFR is a data controller. This means that we are responsible for deciding how we hold and use personal information about you.

We are required under data protection legislation to notify you of the information contained in this privacy policy.

It is important that you read this policy, as we are collecting and processing personal information about you, making you aware of how and why we are using your information.

The IFR is a statutory body with statutory functions, the IFR will only disclose your information where we are legally allowed to do so.

The software platform this website runs on and associated technology operations are provided by Granicus LLC. Click this link for the Privacy Policy governing their service (external link).


What personal information we collect

Profile Information

We collect information from you when you register to use this site. This includes your email address and additional demographic information as provided by you on the registration form.

Please note that you are able to browse any publicly accessible sections of this website completely anonymously without signing up.

Engagement Information

The content you create as part of your interactions with this website. These can include responses to surveys, comments on discussion forums, or any of the other engagement opportunities available here.

Usage Information

We collect information about your usage of the site, such as pages visited, documents downloaded, etc.

How we use the information we collect

We collect this information in order to:

  • enable us to comply with our legal obligations and carry out our functions as a Regulator; 
  • analyse and interpret it to help meet our objectives and obligations;
  • communicate information to you about engagement opportunities, events and other initiatives; and
  • respond to enquiries and otherwise engage with stakeholders.

External links

Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of linked websites and we suggest you review the privacy policies of those websites before using them.

Third Parties

We may share your data with third parties as necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We require third parties to respect the security of your data and to treat it in accordance with data privacy law.

Examples of third parties would include the following:

Other Government departments and Arms Length Bodies.

Granicus LLC.

The above list is not exhaustive and may be subject to change.

Our third-party service providers will only process your personal information on our instructions or with our agreement, and where they have agreed to treat the information confidentially and to keep it secure.

Security

We have put in place measures to protect the security of your information.

We treat the security of your data very seriously. We have strict security standards, and all our staff and other people who process personal data on our behalf get regular training about how to keep information safe.

We have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you.

In addition, we limit access to your personal information to those persons, or agents who have a business or legal need to do so.

We have taken measures to make sure an adequate level of security for personal information processed via this website.

We have put in place procedures to deal with any suspected data security breach and will notify you and the regulator of a suspected breach where we are legally required to do so.

While no online service is completely secure, we work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take all reasonable measures to do so.

Requesting access or correcting your personal information

Subject to applicable local laws and regulations, you may have some or all of the following rights with respect to your personal data:

  • to access your personal data and to rectify any inaccuracies within that personal data;
  • to request for the erasure of your personal data residing with us;
  • to request your personal data in portable, machine-readable format; and
  • to withdraw your consent to our processing of their personal data.

If you wish to contact us with a request relating to personal information we hold about you, please contact us using the contact details set out below including your name and contact details. We may need to verify your identity before providing you with your personal information.

In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.

Changes to our Privacy policy

We keep our privacy notices under regular review. If there are any changes we will update this page to tell you, for example, about any new uses of personal data.

Check this page to make sure you are aware of what information we collect and how we use it.

From time to time, we may also tell you in other ways about the processing of your personal data.


Contact Us

The contact details for the data controller are:

The Independent Football Regulator (IFR)
The contact details for the data controller’s Data Protection Officer are:
DCMS Data Protection Officer
Department for Culture Media and Sport
100 Parliament Street London
SW1A 2EG 

dpo@dcms.gov.uk (external link) 


The Data Protection Officer provides independent advice and monitoring of DCMS’s use of personal information.

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

0303 123 1113 

casework@ico.org.uk (external link) 

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.