Privacy Policy

Document Ref: RTA-POL-2026-001

Entity: Rising Talent Academy (the "Academy")

Compliance Standard: EU/UK GDPR, CCPA, FIA Media Accreditation Standards

1. PREAMBLE AND REGULATORY FRAMEWORK

This Privacy Policy constitutes a legally binding agreement between Rising Talent Academy and any individual or entity providing data for the purposes of media coverage, academic enrollment, or professional accreditation. This document is drafted to satisfy the stringent transparency requirements of the General Data Protection Regulation (GDPR) and the specific security protocols required by international sporting federations for the issuance of media credentials.

2. SCOPE OF PROFESSIONAL DATA COLLECTION

In the context of media operations and accreditation applications, the Academy processes high-integrity data including:

  • Professional Credentials: Press card identification numbers, employer verification, and professional portfolios (samples of work).

  • Technical Identifiers: Unique device identifiers (MAC addresses) for equipment used on-site at sanctioned events.

  • Biometric and Visual Data: High-resolution photographs for credential badges and video assets captured during event coverage.

  • Travel and Logistical Data: Passport details and travel itineraries processed for the purpose of securing trackside or venue access.

3. CROSS-BORDER DATA TRANSFERS (INTERNATIONAL SOVEREIGNTY)

Given the international nature of the Academy's operations and its interactions with global bodies like the FIA, data may be transferred to and processed in jurisdictions outside the European Economic Area (EEA).

  • Standard Contractual Clauses (SCCs): All international transfers are governed by SCCs approved by the European Commission to ensure a level of protection equivalent to that of the Data Subject's home jurisdiction.

  • Third-Country Adequacy: Data is only transferred to entities in "Third Countries" that have been deemed to provide adequate protection by relevant supervisory authorities.

4. MEDIA ACCREDITATION & THIRD-PARTY SHARING

The Academy maintains a strict "Need-to-Know" protocol. Data Subjects’ information will only be shared with:

  1. Sanctioning Bodies: Specifically, the Fédération Internationale de l'Automobile (FIA) or local National Sporting Authorities (ASNs) for the express purpose of vetting and approving media accreditation.

  2. On-Site Security: Event organizers and circuit security personnel for the purpose of access control and safety.

  3. Liability Insurers: In the event of trackside incidents where professional indemnity or personal injury data is required.

5. DATA MINIMIZATION AND INTEGRITY

The Academy adheres to the principle of Data Minimization. We do not collect "Sensitive Personal Data" (as defined under Article 9 of the GDPR) unless strictly required for medical safety at high-risk sporting venues or as mandated by the FIA’s safety regulations.

6. TELEMETRY AND ANALYTICS

Our digital infrastructure utilizes advanced telemetry to monitor for unauthorized access. This includes:

  • Log Files: Systematic recording of access timestamps and IP geolocation to prevent credential fraud.

  • Encrypted Tunnels: Use of VPN and TLS 1.3 protocols for any transmission of accreditation materials to prevent Man-in-the-Middle (MITM) attacks.

7. RETENTION SCHEDULE FOR MEDIA ASSETS

  • Application Data: Retained for the duration of the sporting season plus one (1) calendar year for audit purposes by the sanctioning body.

  • Published Media: Journalistic content is archived in accordance with "freedom of expression and information" exemptions under GDPR Article 85, allowing for the preservation of historical records of event coverage.

8. INDEMNIFICATION AND LIABILITY LIMITATION

While the Academy employs industry-standard cybersecurity measures, the Data Subject acknowledges that no electronic transmission is 100% secure. The Academy shall not be held liable for data breaches resulting from the negligence of third-party sanctioning bodies or event organizers once the data has been legally transferred for accreditation purposes.

9. FORMAL EXERCISE OF RIGHTS

Requests for data access, deletion, or portability must be submitted in writing. To ensure the security of our media database, the Academy will require Double-Identity Verification before fulfilling any such request.

Authorized Signatory: Compliance Team, Rising Talent Academy: AjDysonF1@gmail.com