Privacy Policy




In compliance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation) please find here information on the processing of your personal data. This policy is not applicable to other websites linked to the Data Controller’s domain and the Data Controller waives all and any responsibility for third-party websites. This policy is provided in compliance with art. 13 of Regulation (EU) 2016/679 and is also inspired by the provisions of Directive 2002/58/EC, as amended by Directive 2009/136/CE, on Cookies as well as on the Provision of the Italian Data Protection Authority on cookies dated 08.05.2014.

Processed personal data: “Personal data”: any  information relating to  an  identified or  identifiable  natural person (‘data  subject’);  an identifiable natural person is  one  who  can  be  identified,  directly or  indirectly,  in  particular by reference to  an identifier such as a name, an identification number, location data, an online identifier or  to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;  (C26, C27, C30)

Browsing data

IT systems and software procedures that manage this site, while working, acquire some personal data that are transmitted as a matter of course in the use of Internet communication protocols. Such data include IP addresses or user computer and terminal domain names, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the answering file, the numerical code showing the status of the server answer (successful, error, etc.) and other parameters concerning the user’s operating system and IT environment.

Data collected from the data subject

The discretionary, explicit and voluntary sending of messages to the contact addresses, as well as the filling in and sending of the forms posted in the Data Controller’s website entails the acquisition of the sender’s contact data for the purpose of addressing the relevant requests and of all the personal data included in the communication.

Login data

When accessing the event registration for the first time, users are requested to insert their personal data including, without limitation: name, surname, email address, phone number and their profession (e.g., club, agent, player, independent scout, trainer, controller, journalist)

Data concerning children. Children under 16 years of age cannot supply their personal data. The Data Controller will not be in any way responsible for any false statements that may be provided by the minor and, in any case, if Data Controller ascertains the false declaration, it will immediately delete any personal data and any material acquired.  The Data Controller shall guarantee to the holder of legal or parental responsibility the exercise of the data subject’s  rights concerning child’s personal data provided by articles 15 and following of Regulation (EU) 2016/679.

Personal information concerning payments

Wyscout makes services available for purchase through the web-site. Wyscout spa shall collect and process data for invoicing and payment processing purposes in connection with the purchase of services made available by Wyscout.

Cookies and other technologies

For additional information on cookies and other technologies used, please refer to the cookies policy shown in the footer of this website.

1 The DATA CONTROLLER pursuant to articles 4 and 24 of REGULATION (EU) 2016/679 is Wyscout spa with registered office in Corso Garibaldi, 32/8 16043 Chiavari (GE) ITALY, represented by the Chairman of the Board of Directors and CEO, who can be contacted by email at

The DATA PROTECTION OFFICER (DPO) pursuant to articles 37 – 39 of REGULATION (EU) 2016/679, appointed, can be contacted by email at


Personal data shall be processed for the following purposes:

  1. A)-website browsing: data necessary for the provision of the web services shall be processed, also with the purpose of obtaining statistical information on the use of said services (most popular pages, number of visitors per time slot or day, geographical areas of origin, etc.) and to monitor the correct operation of the services offered;

– filling in the data collection forms for Wyscout spa services (e.g., registration) and e-commerce;

– filling in the data collection forms for contacts, etc.;

LAWFULNESS: personal data shall be processed in compliance with the lawfulness conditions pursuant to art. 6 of EU Reg. 2016/679:

– for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

–  for  the  purposes  of  the  legitimate interests  pursued by the  controller or  by  a  third  party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for  that purpose may take place (recital 47).

  1. B)for direct marketing based on the user’s account, for the delivery of communications, newsletters and promotional and business information, market research or other product research and direct sales, information material, for the assessment of customer satisfaction, for commercial and advertising material or material concerning events and initiatives, by the Data Controller: by automated means such as e-mail, SMS (Short Message Service) or other, as well as by telephone calls via operator and paper mail.

LAWFULNESS: personal data shall be processed in compliance with the lawfulness conditions pursuant to art. 6 of EU Reg. 2016/679:

– upon prior consent and until data subject’s objection to the processing for marketing purposes;

The Controller sends newsletters and promotional materials through systems that generate reports, in order to compare and improve the outcomes of such communications.  Thanks to such reports, the Data Controller shall be able to know, for instance: the number or readers, the number of opened messages, the number of single clicks and of clicks; the devices and operating systems used to read the communication; details on the activities of individual users; details of sent, delivered and undelivered and of forwarded emails. All these data are used to compare and improve, if necessary, the outcome of the such communications.


Personal data will be communicated to recipients, who will process the data as processors (art. 28 of REGULATION (EU) 2016/679) and / or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of REGULATION (EU) 2016/679), for the purposes listed above in paragraph 3, and to third parties. More specifically, data will be communicated to:

– companies controlled by, controlling or under the joint control of Wyscout spa or its associated companies; – service providers specifically identified and authorised by Wyscout or other subjects with whom Wyscout executed co-operation agreements with regard to the Platform or the services covered by the platform; – subjects providing management services for the computer system and communication networks (including email); –  firms or Companies within the context of assistance and consultancy relationships; – competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request. Subjects belonging to the abovementioned categories shall be appointed Data Processors or shall operate as independent Data Controllers.


A transfer of  personal data  to  European Union and non-European Union Countries can occur in order to fulfil any of the connected purposes mentioned above. Data shall be transferred in compliance with article 44 and following of EU Regulation 679/2016, only on the basis of an adequacy decision or subject to appropriate safeguards. Information on the data transfer safeguards can be obtained by writing an email message to


Data shall be processed automatically and manually, in a manner and with tools that ensure maximum security and confidentiality, by specifically appointed subjects. In compliance with the provisions of art. 5 par. 1 lett. e) of EU Reg. 2016/679, the collected personal data shall be be kept in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed.  In particular, Personal Data shall be processed for the minimum necessary period, as detailed in Recital 39 of the Regulation, equal to the duration of any existing contractual relationships, without prejudice to an additional retention period that can be required by law, as also provided for in Recital 65 of the Reg. UE 2016/679.  With regard to processing activities carried out with the data subject’s consent, please remember that said consent can be withdrawn at any time. The retention period is determined on the basis of criteria available for the data subject by writing an e-mail at


Data subjects have the right to obtain, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (articles 15 and following of REGULATION (EU) 2016/679).  You can exercise your rights by contacting the DPO by email  address or by writing to the Data Controller’s main offices mentioned above.  You can withdraw your consent at any time, with regard to direct marketing communications and for  the  purposes  of  the  legitimate interests, by writing an email at  for automatic direct marketing (e-mail, SMS), with the “cancellation from automated communications” subject line, or using our automatic cancellation systems for emails. In order to stop any traditional direct marketing communication (operator phone calls, paper mail), please write an email to with the “cancellation from traditional communications” subject line. You have the right to lodge a complaint with the Data Protection Authority. There is no automated decision-making.


You are free to provide personal data in dedicated areas through registration forms. Provision of personal data is optional. Failure to provide personal data for the purposes of paragraph A) of this privacy policy shall entail the impossibility to be provided with the services by the data controller.

Provision of personal data for the purposes of paragraph B) of this privacy policy is optional. Failure to provide such data shall prevent the sending of direct marketing communications as described in paragraph B), but shall not impede the provision of the services described in paragraph A).

The data subject can give consent to the processing of personal data for the purposes of paragraph B) also at the moment of the creation of the account, by ticking the desired option.


The data controller reserves the right to amend, update, add or remove parts of this privacy policy at its sole discretion and at any time. The data subject is required to review any changes on a regular basis. In order to facilitate this review, the policy will contain an indication of the date on which the policy was updated. In any case, Wyscout spa will send you a message anytime there is a substantial change in the Privacy Policy.

Updated on: 24 th September 2019

back to top