We're a trusted marketplace for soccer tickets. Prices are set by sellers and may be above or below face value.

Touchline26Reliable. Secure. Enjoy the match.

Privacy Policy

Last updated June 2026

Touchline26 ("we", "our", or "us") acts as an authorized subcontractor of FIFA for the sale of tickets to the FIFA World Cup 2026β„’. As a data processor and controller, we are committed to protecting your privacy in compliance with Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and all applicable data protection laws. FIFA's own Data Protection Policy is available at legal.fifa.com

1. Data Controller and Data Protection Officer

The data controller for your personal data is Touchline26.

If you have any questions about this Privacy Policy or wish to exercise your rights, you may contact our Data Protection Officer at privacy@touchline26.com.

2. What Personal Data We Collect and Why

In connection with ticket sales for FIFA World Cup 2026β„’, we collect and process the following categories of personal data:

2.1 Account and Identification Data

Data collected: Your full name, email address, hashed password (bcrypt), and, where required for ticket personalization, your date of birth, nationality, and country of residence.

Why we collect it: To create and manage your user account, to verify your identity, and to comply with FIFA's ticket personalization and stadium entry requirements. Under FIFA ticketing rules, the name on the ticket must match a government-issued photo ID at the stadium gate.

2.2 Transaction and Ticket Data

Data collected: The specific match, seat assignment, ticket category, price paid, order status, purchase history, and ticket transfer records.

Why we collect it: To process your ticket purchase (legal basis: performance of a contract), to allocate tickets from FIFA's official ticket inventory, to track order fulfillment, and to provide customer support.[reference:3]

2.3 Payment Information

Data collected: Payment card details, billing address, and transaction identifiers.

Why we collect it: To process payment for tickets. All payment processing is handled by our PCI-DSS compliant third-party payment processors. We do not store full payment card details on our servers.

2.4 Communications Data

Data collected: Your email correspondence with us, WhatsApp messages (at your initiation), and customer support records.

Why we collect it: To send order confirmations, deliver issued tickets, respond to inquiries, and provide support. Communications are retained as necessary to document and resolve customer issues.

2.5 Technical Data

Data collected: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, and device identifiers.

Why we collect it: To maintain the security of our platform, detect and prevent fraud, and to improve our website functionality.

3. Legal Basis for Processing

We process your personal data on the following legal bases (as required by the GDPR, Swiss FADP, and other applicable laws):

  • Contractual necessity: To fulfill our obligations under the ticket sale contract, including ticket delivery and customer support.
  • Legal obligation: To comply with FIFA's ticket regulations, anti-fraud laws, anti-money laundering obligations, stadium security requirements, and tax laws.
  • Legitimate interests: To improve our services, detect fraud, protect our legal rights, and ensure the security of our platform.
  • Consent: Where required, we will obtain your consent before processing your data for marketing or other optional purposes.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and fulfill your ticket order
  • To verify your identity for ticket personalization and transfer
  • To communicate with you regarding your order, including confirmations, updates, and delivery
  • To comply with FIFA's ticket terms and stadium entry requirements
  • To detect, investigate, and prevent fraudulent or unauthorized ticket sales
  • To analyze and improve our platform's performance and security
  • To comply with legal and regulatory obligations

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 FIFA

As an authorized subcontractor, we share necessary ticket purchaser data with FIFA to validate ticket issuance, ensure compliance with tournament rules, and for stadium entry security. FIFA will process your data in accordance with its own Privacy Policy, which may be accessed at legal.fifa.com.

5.2 Service Providers

We engage third-party service providers to perform functions on our behalf, including:

  • Payment processing (PCI-DSS compliant processors)
  • Cloud hosting and data storage
  • Email and communication services
  • Fraud detection and security monitoring

These providers are contractually bound to process your data only in accordance with our instructions and applicable data protection laws.

5.3 Law Enforcement and Regulatory Authorities

We may disclose your personal data to law enforcement, regulatory authorities, or other government agencies where required by law, court order, or to protect our legal rights or the safety of others.

5.4 Corporate Transactions

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

6. International Data Transfers

Your personal data may be transferred to, stored, and processed in Switzerland, the European Economic Area (EEA), and other countries where FIFA or our service providers operate. FIFA complies with Swiss FADP and GDPR for cross-border data transfers and ensures adequate safeguards are in place, such as EU Standard Contractual Clauses.[reference:4]

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Hashed password storage using bcrypt
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication for staff
  • Secure session management with httpOnly, Secure, and SameSite cookies

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account data: Retained for the duration of your account activity plus a reasonable period thereafter as required by FIFA ticketing regulations.
  • Transaction data: Retained for a minimum of 7 years to comply with tax and anti-fraud laws, or longer if required by law.
  • Communications data: Retained for as long as necessary to document customer support interactions and for legal record-keeping.

9. Cookies and Tracking Technologies

We use a single secure, httpOnly session cookie to maintain your login session. This cookie is essential for the functioning of our platform and does not require consent under applicable cookie laws.

We do not use third-party advertising trackers, analytics cookies, or any other tracking technologies that collect personal data for marketing purposes. Your browsing activity on our platform is not shared with any third-party advertising networks.

10. Your Data Protection Rights

Under the GDPR, Swiss FADP, and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access: You have the right to obtain confirmation as to whether we process your personal data and to request a copy of that data.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Right to be forgotten): You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to object: You have the right to object to processing of your personal data based on legitimate interests.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@touchline26.com. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or FIFA's data protection standards. The "Last updated" date at the top of this policy indicates when the most recent changes were made. We will notify you of material changes by email or through a notice on our website.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Touchline26 Data Protection Officer
Email: privacy@touchline26.com