GDPR - General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European privacy law. The GDPR regulates how individuals and organisations may collect, use, and retain personal data. The regulation affects organisations based in the EU and organisations involved in processing EU citizens' personal data.
The ESA site is hosted by PhotoShelter, a US-based company. Since people in the EU can visit sites hosted by PhotoShelter, PhotoShelter and its customers are subject to the GDPR.
PhotoShelter has been working to ensure compliance with the GDPR. This work includes reviewing how PhotoShelter stores and uses data about and on behalf of its customers. PhotoShelter is also doing the following:
Updating its Terms of Service and Privacy Policy to be more transparent about PhotoShelter's use and treatment of data. These updates will include the addition of a data processing agreement.
Implementing internal processes to help PhotoShelter's customers comply with EU data subject rights.
Implementing any product changes that need to take place subject to the GDPR.
The GDPR requires that certain safeguards be put in place when transferring personal data outside the EU. PhotoShelter is already self-certified to the EU-US Privacy Shield, which allows the company to lawfully transfer EU personal data to our US-based datacentres.
Data Collection and Licensing
ESA Photos do not collect or store any customer financial data. Rights managed licence and personal use transactions are facilitated by PhotoShelter in conjunction with PayPal. No details are passed to ESA other than address and e-mail information where required to complete a transaction.
ESA do not operate its own online server hosting customer data. Any such data is hosted securely via PhotoShelter's servers or, if held locally, offline. ESA only collects the following information:
Contributor contact/payment details. These details are held so that we can process payments promptly and to communicate with our contributors.
Our images contain industry standard IPTC metadata. The caption/description field of the metadata includes details of events and, in some cases, those participating in the events.
The IPTC data is stored on the secure PhotoShelter servers to allow for editorial usage of our images and complies with the standard requirements of regional, national and global media companies.
Please note that our images are NOT available for commercial use, i.e. they are not used in any advertising context without written consent.
A limited amount of customer data may be stored locally (offline); specifically e-mail addresses where you have asked for notifications to be sent and address details if you have placed an order that requires a postal address.
ESA, in conjunction with PhotoShelter and partner sites, will comply with any request to delete data that it holds on its system.
CHILD PROTECTION
Although there are no laws regarding the photography of children or persons under 18, Some organisations such as the FA and NSPCC offer guidelines
ESA not only adheres to the FA Guidelines but have added more of our own policies.
To wear appropriate identification always. We wear a branded bib or sweatshirt, thus clearly identifying who we are.
ESA will not photograph an U18 event without first having permission from the organisers. Normally permission will be gained well in advance of the event taking place. If a sports event we will also double check on the day with both managers and referee prior to game start.
Publishing
Children should not have a name clearly attached to their photograph. this includes player profiles.
Care is taken not to publish photographs with a pose that can be obviously changed to something more sinister
No images will be published on social media without our watermark, this tends to discourage sinister doctoring of photos
ESA will not publish photographs of children in Distress, Injury or visibly Upset.
ESA will immediately remove any photograph from the galleries on receipt of notification by a parent or similar.