PhotoEntry Public Website
- This Privacy Statement covers the PhotoEntry public website.
- The website logs the IP address and browser "User-Agent" for each page accessed. This information will never be shared or disclosed unless required by law.
- Other than above, the website does not collect personal data from visitors.
- The website uses neither session nor persistent cookies, and does not use any third-party sites at all.
- The website does not use any software or third-party services to attempt to track a visitor's activity, nor to provide information about usage patterns.
- The website does not contain any third-party advertising.
- The website is only available using "https" (encrypted) network transfers.
- This Privacy Statement covers the PhotoEntry application itself, which is only available to registered users.
- PhotoEntry logs the IP address for each page accessed, the name and UserID of the logged-in user, and the activity that they perform.
- PhotoEntry uses session cookies to track user sessions. The session cookie is merely a random number, and is discarded when you log out or the session times out. Session cookies are never stored on your browser disk.
- PhotoEntry offers to remember your UserID. If you select this, PhotoEntry stores your UserID as a persistent cookie. It is used only for pre-populating the UserID field in the login screen. PhotoEntry does not use any other persistent cookies.
- PhotoEntry does not use any third-party sites at all.
- PhotoEntry does not contain any third-party advertising.
- PhotoEntry is only available using "https" (encrypted) network transfers.
- All PhotoEntry data storage is encrypted, including snapshots and backups.
- PhotoEntry data is only available to the organisation that created the data.
- The PhotoEntry SuperUser (Chris Palmer, or his delegate) is able to access your data, and may need to do so during a support call or during spot-checks to ensure the system is functioning correctly. Other than that, your data will never be shared or disclosed outside of your organisation without your permission unless required by law.
- If you terminate your subscription, PhotoEntry will delete your data from the operational system as soon as possible (usually within a few hours). There may be a time lag before data is purged from all backup copies.
- For the purposes of the Data Protection Act, PhotoEntry is a Data Processor. As it does not utilise CCTV, and does not decide how personal data are processed, PhotoEntry is not required to register with the Information Commissioners Office. Any personal information is entered and maintained by the subscribing clubs who are the Data Controllers of that data. It is therefore the Clubs' responsibility to ensure that entering personal data into PhotoEntry is covered under their membership agreements with their members.
New General Data Protection Regulations (GDPR) come into force on 25 May 2018. As the Data Processor, PhotoEntry will comply with the relevant obligations, including timely notification to your club in the event of a suspected or actual data breach. PhotoEntry does not make use of your data, and will never share or disclose your information outside of your organisation without your permission unless required by law.
As the Data Controller, your club is responsible for its GDPR obligations, including appropriate management of personal data both within PhotoEntry and elsewhere. One of these obligations is responding to requests for data erasure (also known as the "right to be forgotten"). It is up to your club to determine the most appropriate actions to take. However PhotoEntry provides a "Forget User" operation that can help you do this. The Forget User operation is documented in the PhotoEntry Admin FAQ.