Privacy Policy

Art. 13 EU Reg. 679 of 27 April 2016


Pursuant to Article 13 of the “European Regulation 2016/679 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data” (hereinafter “GDPR”), Bologna Football Club 1909 S.p.A. (hereinafter “Bologna FC” or the “Data Controller”) with registered office in Via Casteldebole 10 – 41132 – Bologna -, in its capacity as Data Controller, is required to provide users who make use of the services made available (website,, “Sites”, “Bologna FC” “App” application, cashiers, ticket offices, points of sale and any other collection point of Bologna FC) with certain information regarding the processing of personal data. This document constitutes the “Privacy Policy” of Bologna FC (subject to any appropriate future updates).

This Privacy policy is drafted in the Italian language and translated into English. In the event of any conflict or uncertainty or doubt as to interpretation, the meaning of the Italian version shall prevail.


I. – Warnings and Protection of Minors.


The processing of your personal data will apply the principles of lawfulness, correctness and transparency. Personal data will be collected for specified, explicit, legitimate purposes (purpose limitation) and will be adequate, relevant and limited in relation to the purposes for which they are processed (data minimisation). They will always be kept up-to-date and accurate and stored for a period of time not exceeding what is necessary for the purpose of executing the contract, without prejudice to the fulfilment of legal and fiscal obligations that establish longer retention periods (retention limitation). Personal data shall be processed by adopting all appropriate security measures to guarantee its integrity, confidentiality and unavailability to unauthorised third parties (integrity and confidentiality). If not expressly indicated, the provision of personal data through the collection points on the Sites or in the App is reserved for those over 14 years of age, except for the purchase of products and services, which is reserved for those over 18 years of age.



II. – Reference standards, purposes, legal bases and retention periods.


The processing operations, which we will explain to you in detail below, have their legal basis in the rules governing your right to the protection of your personal data, your right to confidentiality, and those that allow you to express or revoke, at any time, your informed consent to the processing operations, namely: EU General Regulation 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the Privacy Code (Legislative Decree 196/2003).


Bologna FC will use your personal data, collected through your interactions with Bologna FC’s logical and physical domains, for the purposes that are described in detail below, together with the legal basis for processing and the data retention periods.


a) – Browsing – to allow the use of Bologna FC’s technological resources (Internet sites and apps) and the enjoyment of their contents, as well as to ascertain any computer crimes.


The legal basis for the processing is represented by the need to execute a contract to which you, as a data subject, are a party or to carry out a request of yours (Art. 6(1)(b) GDPR) as well as, with regard to the purposes of investigating possible criminal offences, by the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).


Except as provided for in the cookie policy, data is deleted within seven days and retained for a longer period only in the case of defensive needs.


b) – Registration to restricted areas – Allow registration and access to restricted areas of the Sites or App.


The legal basis for the processing is the need to execute a contract to which you, as a data subject, are party or to fulfil a request of yours (Art. 6(1)(b) GDPR).


Data is kept as long as the account is active, unless kept for a longer period for defensive purposes.


c) – Tickets, Season Tickets and Accreditation – Manage and execute the fulfilments related to the purchase of tickets and/or season tickets and the related legal obligations (VRO – Verification of the obstructive requirements, pursuant to the Ministerial Decree of 15 August 2009), including the identification of the purchaser and the users of the purchased tickets, as well as the issuing of accreditation to persons authorised to access the stadium for office or service reasons.


The legal basis for the processing is represented by the need to execute a contract to which you, as a data subject, are a party or to carry out a request made by you (Art. 6(1)(b) GDPR) and the need to fulfil legal obligations to which the Controller is subject (Art. 6(1)(c) GDPR).


In the event of the processing of data belonging to special categories pursuant to Art. 9 of the GDPR, such as data relating to the state of health, provided, for example, for access and/or transport to stadium areas and/or benefits reserved for persons with disabilities, consent to the processing will be required, which therefore constitutes the legal basis pursuant to Art. 9(2)(a) of the GDPR. The transport services for the disabled are carried out in collaboration with PMG Italia S.p.a. co-owner of the relevant processing.


For purposes related to the issuance of tickets, data are kept for seven days from the date of the football event to which they refer (Ministerial Decree 6.06.2005) except for security and judicial needs. Furthermore, the data is kept for 5 years from the termination of the contract for administrative, accounting and legal defence purposes. Data relating to health conditions will be kept for the time strictly necessary to benefit from the facilitation.


d) – We Are One Card (Fidelity Card) – Manage and execute, including the identification of the purchaser, the fulfilments, including legal ones, relating to the purchase, issuance, activation of the We Are One Card, as well as related services and benefits. It should be noted that the We Are One Card is equipped with RFID technology with a microchip that allows the card to be read near the turnstiles located at the entrances to the stadium, at a distance of up to 6 centimetres. The turnstiles do not store any personal data.


The legal basis for the processing is represented by the need to execute a contract to which you, as a data subject, are a party or to carry out a request made by you (Art. 6(1)(b) GDPR) and the need to fulfil legal obligations to which the Controller is subject (Art. 6(1)(c) GDPR).


The data provided are kept for 5 years beyond the expiry date of the card for administrative, accounting and legal defence purposes.


e) – Code of Conduct – In relation to the purchase of tickets, season tickets, accreditations and We Are one cards, ascertain the relevant conduct and apply the corresponding sanctions in accordance with the Stadium Regulations and the Code of Regulations for the sale of admission tickets to football events (Code of Conduct), accepted by the purchaser/user of the tickets pursuant to the contract with Bologna FC at the time of purchase. The conduct and the identity of the perpetrators could also be ascertained by means of the video surveillance system, reports of the stewards on duty, the members of the SLO office and the Security Delegate and/or his deputy, the reports of the Judicial Police\Digos, the images disseminated through social networks, in the event that the identity of the person deemed responsible for the relevant conduct can be ascertained, all open sources, in the event of publicly ascertained facts.


The legal basis of the processing is represented and by the need to fulfil legal and regulatory obligations to which the Data Controller is subject (art. 6, par.1, letter c. GDPR), including the provisions of the FIGC (art. 27 of the Code of Sports Justice, FIGC circular of 8 May 2018, prot. no. 21316/SS 17-18), by the need to execute a contract to which you, as a data subject, are a party (art. 6, par. 1, letter b. GDPR), by the legitimate interest of the Controller (art. 6, par. 1, letter f. GDPR).


The data shall be kept for 5 years from the conclusion of the relevant proceedings. It should be noted that the images taken from the video surveillance system, for the above-mentioned purposes, will be kept by Bologna FC for forty-eight hours, unless a different period of time is needed to comply with the procedures established by the Code of Conduct.


f) – Services – To allow the provision of Services requested by you from time to time such as, by way of example: purchase of products, memberships, enrolment in football schools and campuses, participation in events, participation in sports selections, CSR (corporate social responsibility) initiatives carried out directly or in collaboration with our partners, as well as, in general, the performance of activities related to the execution of a contractual relationship with Bologna FC, including any assistance requested by you and the fulfilment of legal obligations, including tax obligations, and including the exercise of your privacy rights.


The legal basis for the processing is represented by the need to execute a contract to which you, as a data subject, are a party or to carry out a request made by you (Art. 6(1)(b) GDPR) and the need to fulfil legal obligations to which the Controller is subject (Art. 6(1)(c) GDPR).


Data are retained for 10 years after termination in the case of a contractual relationship. In other cases they will be retained until the purpose pursued is achieved, and no longer than 5 years after collection.


g) – Defence in court – Defending or asserting, when necessary, the rights of the Company in court.


The legal basis for the processing is represented and the legitimate interest of the Controller (Art. 6(1)(f) GDPR and Art. 9(2)(f) GDPR).


h) – Use of Images – Without prejudice to the right to chronicle, disseminate your image by means of the content and/or experiences that you wish to share, or with prior authorisation to use the image (e.g. during participation in events), through the communication channels of the Owner. Your image portrayed during sporting events may be processed for historical archiving purposes by the Controller.


The legal basis for the processing is your consent (Art. 6(1)(a) GDPR).


Data are retained until consent is revoked.

h.1) – Video-surveillance – to process the images collected by the video-surveillance system at sporting events taking place at the Dall’ara Stadium for the purposes of protecting public safety, preventing, investigating or repressing offences pursuant to the Decree of the Ministry of the Interior of 06.06.2005 laying down the procedures for the installation of video-surveillance systems in sports facilities with a capacity of more than ten thousand, during sporting competitions involving football.

The legal basis is represented by the fulfilment of a legal obligation to which the Controller is subject (Art.6., paragraph 1 lett. c. GDPR).

The images are deleted after 7 days from the football event to which they refer, except when necessary in relation to specific needs to preserve the images for the protection of the rights of the Data Controller, including in court, or if a specific investigative request by the judicial, police, or sports authorities must be complied with,

i) – Soft Spam – Sending you commercial communications by e-mail regarding products and services similar to those you have purchased, unless you expressly refuse to receive such communications, which you may do at the time of purchase or subsequently.

The legal basis for these purposes is Art. 130, para. 4 of Legislative Decree 196/2003 and the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR).


The data are stored until you object to their use for that purpose (opt out), i.e. for up to 24 months after your last purchase.


l) – Marketing – Subject to your consent, carry out marketing activities, including the processing of statistics and/or market research, send you our newsletter or other information and promotional material relating to the activities, products and services of Bologna F.C. and its partners, send you communications and surveys to improve the service (“Customer satisfaction”) or to collect your opinions. Such communications may be carried out by means of automatic systems, e-mail, sms, paper mail and/or use of the telephone with operator, web and push notifications; the Data Controller collects a single consent for the marketing purposes described herein, pursuant to the General Provision of the Guarantor for the Protection of Personal Data “Guidelines on promotional activities and the fight against spam” of 4 July 2013. Should you wish to object to the processing for the marketing purposes indicated, you may do so at any time through the functions available on the technology used or by communicating this to the email address indicated in the section on exercising your rights. Any revocation will not affect the lawfulness of the processing based on the consent given before the revocation (“Marketing”).


The legal basis for the processing is your consent (Art. 6(1)(f) GDPR).


Data are stored until consent is revoked or deleted 24 months after the last recorded interaction.


m) – Sending personalised communications based on profiling – Subject to your consent, to analyse your interests, habits, consumption choices, and preferences in relation to the products and services offered, with the aid of electronic tools capable of processing by aggregation and comparison your personal data in order to make the communications addressed to you relating to products and services provided by the Data Controller more consistent with your interests and choices. The aforementioned analysis will take into consideration both your purchasing behaviour (date, object and amount of the transactions you have made on the Website or App or at points of sale in the territory and online, including the purchase of tickets, subscriptions and fidelity cards), and your behaviour in consulting the commercial communications sent to you by e-mail, and your browsing behaviour, i.e. information on how you use the App and/or the Website as a registered user, including your similarity in consumption behaviour with other users. More specifically, ‘clusters’ (homogeneous groups made up of profiles with a certain level of correlation) will be created with the users’ data, depending on the user’s preferences, online behaviour and purchases made, including through physical points of sale, in order to develop targeted, personalised digital communications in line with the users’ tastes.


Data are stored until consent is revoked or deleted 12 months after the last recorded interaction.


In relation to the purposes set out in letters m) and n), limited to the data collected through the website, Bologna FC and EPI s.r.l. act as Joint Data Controllers pursuant to Article 26 of the GDPR.


Summary information, supplementary to this one, dedicated to the specific service offered or made available through the app, the website, or third-party applications, may be issued at the time the data are provided.



III. – Nature of the data being processed


The optional, explicit and voluntary sending of electronic mail to the addresses indicated on the Bologna FC websites entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message.

The following categories of personal data concerning you will or may be processed for the purposes indicated.


a). – Common personal data.

In the event of registration on the Sites or use of the services available: first and last name, date and place of birth, tax code, residential address, family status, e-mail address, username, password and telephone number, data relating to purchase preferences, online behaviour, data relating to tickets purchased, seat, row sector and event.

Your identity document may also be required for the use of particular services. Furthermore, an image of you may also be processed.


(b) – Technical treatments.

Also subject to processing are the IP number, one or more identifiers of your mobile device, and the type of browser used by you to connect to it (non-directly identifiable data), the use of the APP also for receiving push notifications, automatically recorded by logical protection and access control devices (LOG FILES) and in the event of activation of specific services. This personal data will be used not only to ensure the availability of the service, but also to control network traffic. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data is used for the purpose of allowing user authentication, if any, and to obtain statistical, anonymous information on the use of the Sites, the services and the APP and to check their correct functioning and are deleted immediately after processing, unless their storage is indispensable for the reasons indicated above. The computer systems and software procedures used to operate the APP (such as Apple Store and Google Play) acquire, in the course of their normal operation, certain data relating to the User whose transmission is implicit in the use of internet communication protocols, smartphones and devices used. The User may consult the information on Privacy available on the following sites:



Google play


The data could also be used to ascertain liability in the event of hypothetical computer crimes.


c) – Cookies

The Site uses session (non-persistent) technical cookies, strictly limited to what is necessary for safe and efficient navigation on the Site.

The Site uses analytical cookies for statistical purposes with configurations that exclude the processing of identifying data. The Site uses profiling cookies.

Please read the cookie policy available at this link ;


d) – Special categories of personal data.

In the event that Bologna FC collects special categories of personal data, pursuant to art. 9 EU Reg. 679/2016 (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sex life or sexual orientation), you will be informed in advance and put in a position to express – in the manner provided for by law – the relevant consent.



IV. – Nature of conferment, data sources.


IV.1.- The provision of your personal data is not compulsory as a rule, but in some cases it is indispensable to enable you to benefit from all available services.


For the purposes set out in Section II of this notice, the provision of data is necessary in the following cases:

letter a) Browsing: failure to do so may make it impossible to browse the Sites and use the App;

letter b) Registration: failure to provide this information may make it impossible to use the services for which registration is required;

letters c) and d) Tickets, Season Tickets and We Are One Card: failure to do so may result in Bologna FC being unable to issue tickets for admission to the stadium and to issue the We Are One Card;

letter e) Code of Conduct and f) Services: failure to do so may make it impossible to provide the services;

letter h.1) Video surveillance: the provision is mandatory, failure to provide it prevents access to the event.

For the purposes set out in Section II of this notice, the provision of data is optional in the following cases:

letter h) Use of Images: failure to authorise the use of images does not affect the right to participate in the event or otherwise to benefit from the services;

(i) Soft Spam, (l) Marketing, (m) Profiling: failure to provide the information does not imply any consequence, except that you will not be able to receive commercial communications regarding offers, discounts and initiatives, if applicable also personalised according to your needs and preferences, from Bologna FC. and/or third party companies.


IV.2. – Data Sources.

We will collect your data, either directly from you, through your interactions with the Websites and with the APP and in general with Bologna FC services (such as browsing, subscribing to the online shop, subscribing to newsletters, filling in forms, subscribing to the Web Push channels of the Websites, purchasing tickets, subscriptions and fidelity cards both online and at points of sale), or through the information received from authorised third parties, authorities, public sources, third party service providers, if any appointed as external data processors.


V. – Method of processing your personal data.

In relation to all the above-mentioned purposes, your personal data will be subject to computer and paper processing and processed by special computer procedures also for the purpose of customising the services that Bologna FC is able to offer you. Your data will be processed in such a way as to guarantee its logical and physical security and confidentiality, and may be processed by means of manual, computerised and telematic tools suitable for storing, transmitting and sharing your data. The logic of the processing will be strictly related to the purposes pursued. With particular regard to the purpose of profiling, please refer to what is described in detail in paragraph II letter m).


VI. – Data recipients and transfers abroad.

VI.1. – Persons responsible for and authorised to process data.

The following may become aware of the personal data, as referred to in this information notice, in their capacity as Data Processors or Persons in charge of the processing: within Bologna FC, qualified personnel, each within the limits of his or her competences and duties and on the basis of the tasks assigned and the instructions given. Outside Bologna FC, third parties, also specifically designated as Data Processors or Persons in charge of the processing – of which Bologna FC makes use such as consultants, also in associated form, companies offering IT services, companies offering marketing and call centre services, other service companies, as well as other entities in compliance with any legal obligations.


VI.2. – Transfer of personal data abroad.

Your personal data will be stored within the European Union. In case of transfer also through third parties, service providers, the relevant operations will take place exclusively within the scope of and in compliance with EU Reg. 679/2016 Art. 44 ff.


VI.3. – Dissemination (to unspecified external parties) of data.

Under no circumstances may personal data be disseminated, except as provided for in Section II, letter h).


VII. – Rights of the data subject.

Articles 15 to 22, GDPR grant data subjects the exercise of specific rights. The GDPR grants data subjects the right to access and obtain a copy of their personal data. The right to obtain a copy of data must not infringe the rights and freedoms of others. By requesting access, the data subject has the right to obtain confirmation from Bologna FC as to whether or not their personal data is being processed and to know the purposes and categories of data processed, the third parties to whom the data is disclosed and whether the data is transferred to a non-EU country with adequate safeguards. The data subject also has the right to know the storage time of his or her personal data and the right to request the rectification of inaccurate data and the integration of incomplete data, the deletion (right to be forgotten), the restriction of processing, the revocation of consent, the portability of data and the right to object, at any time and without having to provide justification, to processing for direct marketing purposes. The rights may be exercised by e-mail to the address of Bologna FC, or by regular mail to the registered office of the company: Bologna Football Club 1909 S.p.A., Via Casteldebole 10 – 41132 – Bologna – (BO).

A data subject who considers that the processing of his or her personal data violates the provisions of the GDPR or internal data protection regulations has the right to lodge a complaint with the Italian Data Protection Authority based in Rome, Piazza Venezia, 11, pursuant to Art. 77 GDPR and/or to take legal action.



VIII. – Data Controller.

The data controller is Bologna Football Club 1909 S.p.A. with registered office in Via Casteldebole 10 – 41132 – Bologna – (BO)



IX – Data Protection Officer.

DPO can be reached at the following e-mail address:


This mandatory information is subject to changes and updates.










Pre-sales only for Season Ticket holders«We are one» cardholderscitizens of Bologna. Regular sales will begin on .