This Privacy Notice explains the types of personal data we may process about you when you interact with us or an event we are involved with.
“Processing” of data can refer to its collection, recording, organisation, storage, adaptation, retrieval, consultation or making available.
Please note that this Privacy Notice takes into account numerous types of interactions and so we may not process all types of personal data listed below for you as an individual.
It is likely that we will need to update this Privacy Notice from time to time. We encourage you to check back here as regularly as you wish.
What is Pic2Go UK?
Pic2Go UK Limited (company number 09226110) is the UK exclusive licensee and reseller of the globally used Pic2Go technology. We work with event organisers to include 2D barcodes on race bibs. This allows participants to be identified quickly and efficiently in event photos so that they can easily access their photos. If contracted to we can, with participant permission, arrange for the branded photos to be sent to the individual’s personal social media photo album, enabling them to share their experience before they have finished the event or quickly afterwards
Throughout this notice, “we”, “us” and “our” refer to Pic2Go UK.
What personal data do we process and where does it come from?
- Photographs of race participants, race volunteers, race marshals and event organisers regardless of whether the individual has registered with us. This occurs when photographers using the Pic2Go software upload their photos.
- Details of the event you participated in, including the location and date of the event, along with your race number. This occurs when photographers using the Pic2Go software upload their photos to a particular event within the system.
- Names and email addresses if you register with us or contact us.
- Social media user names and comments on our social media pages if you engage with us.
- Social media photo albums if you choose to use the Pic2Go service or app and link it to your social media account.
- Other details from your social media account such as your name, public profile picture and email address if you choose to use the Pic2Go service or app and link it to your social media account.
What are the lawful bases we rely on for processing your data?
In certain situations we process your personal data with your consent.
For example: if you have opted to have your photos posted to your social media profile, we rely on your consent for us to access your photo album in order to do so.
You can withdraw your consent at any time.
In certain situations we process your personal data to fulfil a contractual obligation.
For example: if the event organiser has entered into a contract with the photographer or us to use Pic2Go technology, we are required to process your personal data to fulfil the contract.
In certain situations we process your personal data to pursue our legitimate interests in a way that you may reasonably expect us to as part of running our business, provided it does not impact your rights, freedom or interests.
For example: we maintain records of email interactions that we have with you in order to easily refer back to past conversations to provide you with a high standard of service.
How and why do we process your personal data?
- To provide you with photographs of your participation in events that have been tagged with your race number so that you can easily search for and locate them in galleries, or have them sent to your social media page.
- To provide photographers/photography agencies with photographs of the events they attended that have been accurately tagged with race numbers to enable them to make them available on their galleries in an easily searchable manner.
- To provide event organisers with evidence and examples of our work during consultation stages and post-event reporting.
- To respond to your queries, requests and complaints. Records of these interactions may be kept for reference purposes during future interactions. This is done as part of our legitimate interest to provide you with the best possible service.
- To send you emails once your photos are available if you registered with us.
- To assist with authorities when criminal activity or alleged criminal activity occurs at an event that may have been captured by photographers. On rare occasions we may need to do this to comply with a legal obligation if a court order is submitted or for our legitimate interests as a business to be a cooperative organisation.
How do we protect your personal data?
We understand and appreciate how important personal data security is and so take appropriate steps to protect it.
Data external to the Pic2Go system, such as emails, is stored securely on our own servers. All our devices are password protected and equipped with appropriate anti-virus software.
Staff are trained to process photographic data in accordance with our procedures, and access to any other data is restricted by access controls.
How long do we store your personal data for?
Data external to the Pic2Go system is kept for as long as required to fulfil our contracts or legitimate interests in order to provide the best level of service. In some cases, your personal data is archived for reference in the future.
For example: Emails you have sent to us may be archived on a secure server and stored indefinitely. We do not routinely need to access this data but it may help us provide you with a better and faster service if we can view our past interactions with you.
Who do we share your personal data with?
Pic2Go UK services are most commonly used by photographers, photography agencies, event owners and businesses organising their own events. We receive copies of photographs that are uploaded to the Pic2Go system from the photographers attending events in order for us to tag and, if contracted to, share them. If contracted to, we provide event organisers with access to these photographs. Depending upon the details of the service they are using, they may also have access to other types of personal data if you have registered with us via social media, such as your name and social media profile photo.
We may also provide copies of photographs to event organisers in accordance with our contract with them for PR purpose and post-event reports. These third parties are data controllers in their own right and do not operate under our direction or control. For information about how they use the photographs we provide, please see their privacy notice.
Where is your personal data processed?
What are your rights regarding your personal data?
As an individual, you have the right to:
- Be informed regarding the personal data we are processing.
- Request access to the personal data we hold about you for free in most cases.
- Request your personal data be corrected where it is incorrect, incomplete or out of date.
- Request your personal data be erased in certain circumstances if there is no compelling reason for its continued processing.
- Request your personal data be restricted in certain circumstances, i.e. stored but not used.
- Data portability in order to move, copy or transfer personal data easily and securely.
- Object to data being processed in certain circumstances.
- Object to automated decision making and profiling.
- Request that we stop consent-based processing after you withdraw your consent.
You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please email us at, email@example.com and include “GDPR” in the subject line.
Where you have provided consent for your personal data to be used, you have the right to change your mind and withdraw your consent. This can be done for free at any time. This does not make any processing of your personal data under the lawful basis of consent, before this point, illegitimate.
Where we are processing your personal data on the lawful basis of legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must do so unless we believe we have a legitimate overriding reason to continue.
To protect your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How can you contact the regulator?
If you feel that your personal data is not being handled correctly or you are unhappy with our response to any requests you have made regarding how we process your personal data, you have the right to make a complaint to the Information Commissioner’s Office.
Call: 0303 123 1113
Go online: www.ico.org.uk/concerns (please note we are not responsible for content on external websites)
Do you have any other questions?
If you have any questions that we have not covered above, please:
- Email us at firstname.lastname@example.org and include “GDPR” in the subject line.