Privacy Statements
PhotoEntry Public Website
- This Privacy Statement covers the PhotoEntry public website.
- The website logs the IP address and browser "User-Agent" for each page accessed. This information will never be shared or disclosed unless required by law.
- Other than above, the website does not collect personal data from visitors.
- The website uses neither session nor persistent cookies, and does not use any third-party sites at all.
- The website does not use any software or third-party services to attempt to track a visitor's activity, nor to provide information about usage patterns.
- The website does not serve any trackers.
- The website does not contain any third-party advertising.
- The website serves only static content. A very small amount of Javascript is used for expanding and collapsing FAQ items. It does not serve any other form of active content.
- The website is only available using "https" (encrypted) network transfers.
PhotoEntry Application
- This Privacy Statement covers the PhotoEntry application itself, which is only available to registered users.
- PhotoEntry logs the IP address for each page accessed, the name and UserID of the logged-in user, and the activity that they perform.
- PhotoEntry uses session cookies to track user sessions. The session cookie is merely a random number, and is discarded when you log out or the session times out. Session cookies are never stored on your browser disk.
- PhotoEntry offers to remember your UserID. If you select this, PhotoEntry stores your UserID as a persistent cookie. It is used only for pre-populating the UserID field in the login screen. PhotoEntry does not use any other persistent cookies.
- PhotoEntry does not use any third-party sites at all.
- PhotoEntry does not serve any trackers.
- PhotoEntry does not contain any third-party advertising.
- PhotoEntry serves HTML5 and CSS. A small amount of Javascript is used to help manage screen content. The Viewing function uses Javascript to fetch data from and upload to PhotoEntry. PhotoEntry does not serve any other form of active content.
- PhotoEntry is only available using "https" (encrypted) network transfers.
- All PhotoEntry data and image storage is encrypted, including snapshots and backups.
- Uploading an image into PhotoEntry does not affect the copyright of that image. Specifically, no copyright is granted to PhotoEntry.
- PhotoEntry data and images held inside PhotoEntry are only available to the organisation that created the data. If you use PhotoEntry functions that export data or images outside of PhotoEntry then any subsequent use of those exported data or images is beyond our control. If any of your users, or anyone else you explicitly grant access to, saves data or images that PhotoEntry allows them access to, then any subsequent use of those saved data or images is beyond our control.
- If any of your users shares their PhotoEntry login credentials, or uses the same password as they use for another site that is compromised, or extracts and shares any access tokens from their browser session, then PhotoEntry is not responsible for any unauthorised use of those credentials or tokens.
- The PhotoEntry SuperUser (Chris Palmer, or his delegate) is able to access your data and images, and may need to do so during a support call or during spot-checks to ensure the system is functioning correctly. Other than that, your data and images will never be shared or disclosed outside of your organisation without your permission unless required by law.
- If a PhotoEntry Superuser does encounter any material (data or images) that an organisation has uploaded to PhotoEntry that we suspect may be illegal, we will immediately contact you via the contact email address you maintain. We reserve the rights to suspend your access, and/or to preserve a copy of any such material and relevant logs to pass to an appropriate law enforcement agency for their advice.
- If you terminate your subscription, PhotoEntry will delete your data and images from the operational system as soon as possible (usually within a few hours). There may be a time lag before data is purged from all backup copies.
- For the purposes of the Data Protection Act, PhotoEntry is a Data Processor. As it does not utilise CCTV, and does not decide how personal data are processed, PhotoEntry is not required to register with the Information Commissioners Office. Any personal information is entered and maintained by the subscribing clubs who are the Data Controllers of that data. It is therefore the Clubs' responsibility to ensure that entering personal data into PhotoEntry is covered under their membership agreements with their members.
GDPR Regulations
New General Data Protection Regulations (GDPR) come into force on 25 May 2018. As the Data Processor, PhotoEntry will comply with the relevant obligations, including timely notification to your club in the event of a suspected or actual data breach. PhotoEntry does not make use of your data, and will never share or disclose your information outside of your organisation without your permission unless required by law.
As the Data Controller, your club is responsible for its GDPR obligations, including appropriate management of personal data both within PhotoEntry and elsewhere. One of these obligations is responding to requests for data erasure (also known as the "right to be forgotten"). It is up to your club to determine the most appropriate actions to take. However PhotoEntry provides a "Forget User" operation that can help you do this. The Forget User operation is documented in the PhotoEntry Admin FAQ.