How can we help you?

View Categories

GDPR: what photographers need to know

Table des matières

By using Sportpxl, you collect and process participants’ personal data — name, email address, race number — and potentially biometric data via facial recognition. As such, you are a data controller within the meaning of the GDPR. Here is the essential information you need to know.

You are the data controller. #

As a photographer using Sportpxl, you decide on the purposes and means of processing — you are therefore the data controller. Sportpxl acts as a data processor: it processes data on your behalf and is contractually bound to comply with the legal framework.

This means that you are responsible for:

  • Inform participants about the collection and processing of their data
  • Obtain the necessary consent depending on the context
  • Responding to participants' requests to exercise their rights
  • Ensure the security of data you collect outside of Sportpxl (CSV files, participant lists, etc.)

Standard personal data #

Standard personal data collected via Sportpxl — surname, first name, email address, telephone number, race number — is subject to the general rules of the GDPR:

  • Only collect data that is necessary for your business
  • Inform participants about the use of their data
  • Keep them only for as long as necessary.
  • Delete them upon request within 30 days.

Biometric data — enhanced regime #

Facial recognition generates biometric data — this data is subject to maximum protection under the GDPR. If you use the Face + Number, No Number or Staff algorithms:

  • Consent must be explicit and informed — a general statement on the photograph is not sufficient.
  • For mass events, facial recognition must be explicitly mentioned in the event rules or registration conditions — see the article "Managing image rights for mass events".
  • For sports clubs, a signed consent form is mandatory for each member, and for minors, it must be signed by their legal representative — see the article "Managing your members' image rights as a sports club".

Participants’ rights #

Any participant may exercise the following rights at any time:

  • Right of access — obtain the data you hold about him
  • Right to erasure — request the deletion of your photos and data. To be processed within 30 days — see the article "Hide or delete an athlete's photos".
  • Right to portability — retrieve your data in a reusable format. To be processed within one month — see the article "Managing the right to portability".
  • Right to rectification — correcting inaccurate data
  • Right to object — object to the processing of one's data

Shelf life #

Do not retain data longer than necessary:

  • Delete participant data at the end of the event marketing period.
  • At the end of the season, update your membership list and remove any members who have left the club.
  • Delete the CSV files of participants from your computer once they have been imported into Sportpxl.

What Sportpxl manages for you #

As a subcontractor, Sportpxl ensures:

  • Secure data hosting on GDPR-compliant servers
  • The provision of deletion and erasure tools in the interface
  • Payment compliance via Stripe

⚠️ In the event of a data breach (leak, unauthorised access, etc.), you are required to notify the CNIL within 72 hours. Contact contact@sportpxl.com immediately if you suspect a security incident on the platform.

To go further:

Scroll to Top