Privacy Policy

At SportShots, we respect your privacy. We collect event photos and minimal personal data to help you find and purchase your pictures. We secure your information with strong safeguards and remove unused data after a period of time. We never sell your personal information to third parties.

Here's what you need to know

We collect only what's necessary to deliver our service.

You can delete your data at any time.

Facial recognition is only used for identification with your consent.

Strong encryption and EU-based secure hosting protect your data.

1. Controller Information

SportShots BV is the organization responsible for processing your personal data in connection with our services.

SportShots BV
Hoogeind 94A, 2940 Stabroek, Belgium
<email>

2. Types of Personal Data Collected

We collect different types of information to provide and improve our services, explained here.

Order and Account Data

Email address: Collected when you purchase photos to send download links and receipts.
Name: Used for billing and order identification if provided during checkout.
Payment information: Handled directly by Stripe, our payment processor. We do not have access to or store your complete card or bank details. We receive only payment confirmation, billing information, and Stripe customer and session identifiers for order processing and record keeping.

Photo Notification Subscriptions

Email address: If you subscribe to notifications for when photos of a specific bib number become available.
Participant number: The bib number you are tracking to receive notifications about.
Language preference: For sending notification emails in your preferred language.

Analytics and Technical Data

Usage information: IP address, browser and device type, operating system, pages you visit, and how you interact with the site. Collected to improve the service.
Cookies and local storage: Used to remember preferences, maintain sessions, and understand site usage.
Technical data: Error logs and performance metrics to help us fix issues and maintain service quality. We may record anonymized sessions for debugging. These do not capture passwords or payment information.

Photographic and Biometric Data

Event photos: High resolution photographs taken at sporting events by our photographers. These may include your image.
Facial recognition data: Mathematical representations of faces derived from event photos. Created automatically from all event photos for machine learning training and improving our matching technology, not for identifying you personally. Personal identification through facial recognition only occurs when you provide a selfie with your explicit consent. Stored separately from identifying information and protected with encryption.
Bib numbers: Detected from photos to help you find your images.
Photo metadata: Technical information like timestamp and event details to help organize photos.
Selfie for search: When you choose to search with a selfie, the image is processed temporarily for matching and then immediately discarded. We do not store selfies.

3. Purposes of Processing

We use your data only to make SportShots work and improve over time.

Deliver your photos: Store, organize and match event images. Detect bib numbers. If you choose, use facial matching to help find your pictures.
Improve our technology: Use photo data and facial vectors to improve our matching technology so it gets better over time.
Communicate with you: Send order confirmations, download links and photo notifications. No marketing without your consent.
Analyze usage: Understand how people use the website to improve the service and fix technical issues.

We never sell your personal data or use it for advertising.

4. Legal Basis for Processing

Order and Account Data

Necessary for the performance of a contract between you and SportShots.

Analytics Data

Based on our legitimate interest in improving the website and services in a privacy friendly way.

Photographic and Biometric Data

Event photo storage and bib number detection: Necessary for contract performance (delivering photos you purchase) and based on our legitimate interest in organizing photos.
Facial vector creation from event photos: Based on our legitimate interest in providing photo discovery features and improving our matching technology. You can opt out by contacting us.
Facial matching via selfie search is optional and requires your explicit consent at the time of use. The selfie is processed only to perform the search and is not stored.

5. Retention Periods

Order and Account Data

Kept while you maintain an account. Basic order records may be kept for up to 7 years to meet legal and tax requirements.

Analytics Data

Kept for up to 12 months, then deleted or fully anonymized.

Photographic and Biometric Data

Facial vectors and related recognition data are kept for up to 12 months, then permanently deleted.
Unpurchased event images may be deleted after 12 months.
Purchased images are retained so you can re download them, until you ask us to delete them.

6. Data Sharing with Third Parties

We work with carefully selected service providers:

Payment processing: Stripe processes payments securely. We do not have access to your complete card details.
Email delivery: Postmark sends order confirmations, download links, and photo notifications.
Cloud infrastructure: We use AWS to host data and process images in the EU (Frankfurt). All providers are bound by strict data processing agreements.
Website hosting: Vercel hosts our website and collects server logs for operation. They are GDPR compliant.
Analytics: PostHog (EU hosted) helps us understand usage patterns to improve the product.
Error monitoring: Sentry monitors errors and performance. Data is processed in the EU (Germany).
Event organizers: We may share limited aggregated, anonymized statistics. We do not share facial vectors or personal information.
International transfers: While our primary infrastructure is in the EU, some service providers may transfer data to other countries under appropriate safeguards.
Legal requirements: We may disclose data if required by law or valid legal request.

We do not sell or rent your personal data to third parties.

7. Use of Tracking Technologies

We use cookies and similar technologies for essential functions, analytics, and performance monitoring. You can manage cookies through your browser settings, but disabling certain cookies may affect website functionality.

We currently do not have a cookie consent banner. By continuing to use the website, you consent to our use of cookies as described in this policy. We are working to implement a consent management tool to give you more granular control.

8. Security Measures

We apply industry best practices to protect your data:

Encryption in transit and at rest
Granular access control and least privilege
Regular security audits and vulnerability management
Infrastructure monitoring and intrusion detection
Multi factor authentication where applicable
Encrypted backups
Staff training and internal privacy policies
Data minimization and purpose limitation

9. Your Rights

Under applicable data protection laws, you have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion of your data
Restrict or object to certain processing
Receive your data in a portable format
Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at <email>. We may need to verify your identity before fulfilling requests. You can also lodge a complaint with your local supervisory authority.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this Policy periodically.

11. AI and Facial Recognition Technologies

We use AI based facial and number recognition to help you find and purchase your event photos. This section explains how we use these technologies and the important distinction between improving our technology and identifying you personally.

How it works: Our systems automatically detect bib numbers and create facial vectors from all event photos. These facial vectors are used for machine learning training and improving our matching technology. They are not used to identify you as a specific person. This automated processing helps us continuously improve our service but does not determine who you are.
Personal identification with consent: Facial recognition is only used to identify you personally when you voluntarily provide a selfie with your explicit consent through our selfie search feature. The selfie is processed temporarily to match you with your photos and is immediately discarded. We never use facial vectors from event photos to identify you without your consent.
Protection: Facial vectors are stored separately from personal identifiers and are encrypted. Access is limited to authorized personnel. There is no routine human review of photos. Limited access may occur to resolve a support or technical issue.
Fairness and quality: We test for accuracy and potential bias and improve the models where needed.
Retention: Facial vectors used for matching or model improvement are kept for up to 12 months and then deleted. See Section 5 for details.
Opt out: You can opt out of facial recognition by contacting us at <email>. You can still browse galleries and find photos without face search.

12. Automated Decision Making and Profiling

We do not make automated decisions that produce legal effects or similarly significantly affect you. Our facial recognition and AI systems are used solely to help you find your photos more easily and do not make decisions about you as a person. The matching technology:

Does not determine your eligibility for any service, benefit, or opportunity
Does not make judgments about your character, behavior, or personal attributes
Simply matches visual patterns to help organize and surface relevant photos

You can always browse galleries manually without using facial recognition or AI features. If you have concerns about how our technology affects you, please contact us.

13. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities as required by GDPR. We will provide clear information about the breach and measures taken to address it. We maintain security procedures to minimize the risk of data breaches.

14. Children's Privacy

Our website is not directed to children under 16. Event photographs may include children as participants. We rely on event organizers to ensure the right consents are in place. If you are a parent or guardian and want us to remove a child's image or data, contact us and we will act promptly.

15. Contact

Questions or requests about this policy or your data can be sent to <email>.

Privacy Policy

Here's what you need to know

We collect only what's necessary to deliver our service.

You can delete your data at any time.

Facial recognition is only used for identification with your consent.

Strong encryption and EU-based secure hosting protect your data.

1. Controller Information

SportShots BV is the organization responsible for processing your personal data in connection with our services.

SportShots BV
Hoogeind 94A, 2940 Stabroek, Belgium
<email>

2. Types of Personal Data Collected

We collect different types of information to provide and improve our services, explained here.

Order and Account Data

Email address: Collected when you purchase photos to send download links and receipts.
Name: Used for billing and order identification if provided during checkout.
Payment information: Handled directly by Stripe, our payment processor. We do not have access to or store your complete card or bank details. We receive only payment confirmation, billing information, and Stripe customer and session identifiers for order processing and record keeping.

Photo Notification Subscriptions

Email address: If you subscribe to notifications for when photos of a specific bib number become available.
Participant number: The bib number you are tracking to receive notifications about.
Language preference: For sending notification emails in your preferred language.

Analytics and Technical Data

Usage information: IP address, browser and device type, operating system, pages you visit, and how you interact with the site. Collected to improve the service.
Cookies and local storage: Used to remember preferences, maintain sessions, and understand site usage.
Technical data: Error logs and performance metrics to help us fix issues and maintain service quality. We may record anonymized sessions for debugging. These do not capture passwords or payment information.

Photographic and Biometric Data

Event photos: High resolution photographs taken at sporting events by our photographers. These may include your image.
Facial recognition data: Mathematical representations of faces derived from event photos. Created automatically from all event photos for machine learning training and improving our matching technology, not for identifying you personally. Personal identification through facial recognition only occurs when you provide a selfie with your explicit consent. Stored separately from identifying information and protected with encryption.
Bib numbers: Detected from photos to help you find your images.
Photo metadata: Technical information like timestamp and event details to help organize photos.
Selfie for search: When you choose to search with a selfie, the image is processed temporarily for matching and then immediately discarded. We do not store selfies.

3. Purposes of Processing

We use your data only to make SportShots work and improve over time.

Deliver your photos: Store, organize and match event images. Detect bib numbers. If you choose, use facial matching to help find your pictures.
Improve our technology: Use photo data and facial vectors to improve our matching technology so it gets better over time.
Communicate with you: Send order confirmations, download links and photo notifications. No marketing without your consent.
Analyze usage: Understand how people use the website to improve the service and fix technical issues.

We never sell your personal data or use it for advertising.

4. Legal Basis for Processing

Order and Account Data

Necessary for the performance of a contract between you and SportShots.

Analytics Data

Based on our legitimate interest in improving the website and services in a privacy friendly way.

Photographic and Biometric Data

Event photo storage and bib number detection: Necessary for contract performance (delivering photos you purchase) and based on our legitimate interest in organizing photos.
Facial vector creation from event photos: Based on our legitimate interest in providing photo discovery features and improving our matching technology. You can opt out by contacting us.
Facial matching via selfie search is optional and requires your explicit consent at the time of use. The selfie is processed only to perform the search and is not stored.

5. Retention Periods

Order and Account Data

Kept while you maintain an account. Basic order records may be kept for up to 7 years to meet legal and tax requirements.

Analytics Data

Kept for up to 12 months, then deleted or fully anonymized.

Photographic and Biometric Data

Facial vectors and related recognition data are kept for up to 12 months, then permanently deleted.
Unpurchased event images may be deleted after 12 months.
Purchased images are retained so you can re download them, until you ask us to delete them.

6. Data Sharing with Third Parties

We work with carefully selected service providers:

Payment processing: Stripe processes payments securely. We do not have access to your complete card details.
Email delivery: Postmark sends order confirmations, download links, and photo notifications.
Cloud infrastructure: We use AWS to host data and process images in the EU (Frankfurt). All providers are bound by strict data processing agreements.
Website hosting: Vercel hosts our website and collects server logs for operation. They are GDPR compliant.
Analytics: PostHog (EU hosted) helps us understand usage patterns to improve the product.
Error monitoring: Sentry monitors errors and performance. Data is processed in the EU (Germany).
Event organizers: We may share limited aggregated, anonymized statistics. We do not share facial vectors or personal information.
International transfers: While our primary infrastructure is in the EU, some service providers may transfer data to other countries under appropriate safeguards.
Legal requirements: We may disclose data if required by law or valid legal request.

We do not sell or rent your personal data to third parties.

7. Use of Tracking Technologies

8. Security Measures

We apply industry best practices to protect your data:

Encryption in transit and at rest
Granular access control and least privilege
Regular security audits and vulnerability management
Infrastructure monitoring and intrusion detection
Multi factor authentication where applicable
Encrypted backups
Staff training and internal privacy policies
Data minimization and purpose limitation

9. Your Rights

Under applicable data protection laws, you have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion of your data
Restrict or object to certain processing
Receive your data in a portable format
Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at <email>. We may need to verify your identity before fulfilling requests. You can also lodge a complaint with your local supervisory authority.

10. Changes to This Privacy Policy

11. AI and Facial Recognition Technologies

How it works: Our systems automatically detect bib numbers and create facial vectors from all event photos. These facial vectors are used for machine learning training and improving our matching technology. They are not used to identify you as a specific person. This automated processing helps us continuously improve our service but does not determine who you are.
Personal identification with consent: Facial recognition is only used to identify you personally when you voluntarily provide a selfie with your explicit consent through our selfie search feature. The selfie is processed temporarily to match you with your photos and is immediately discarded. We never use facial vectors from event photos to identify you without your consent.
Protection: Facial vectors are stored separately from personal identifiers and are encrypted. Access is limited to authorized personnel. There is no routine human review of photos. Limited access may occur to resolve a support or technical issue.
Fairness and quality: We test for accuracy and potential bias and improve the models where needed.
Retention: Facial vectors used for matching or model improvement are kept for up to 12 months and then deleted. See Section 5 for details.
Opt out: You can opt out of facial recognition by contacting us at <email>. You can still browse galleries and find photos without face search.

12. Automated Decision Making and Profiling

Does not determine your eligibility for any service, benefit, or opportunity
Does not make judgments about your character, behavior, or personal attributes
Simply matches visual patterns to help organize and surface relevant photos

You can always browse galleries manually without using facial recognition or AI features. If you have concerns about how our technology affects you, please contact us.

13. Data Breach Notification

14. Children's Privacy

15. Contact

Questions or requests about this policy or your data can be sent to <email>.