How this system handles your information

This system, the Contributor Submissions System, was built and is run independently by Jacky Lee (“the operator”), on infrastructure the operator owns and pays for. It was not created, commissioned, or hosted by the Royal Photographic Society (RPS), and it is not an official RPS website.

The operator runs the system as Content Manager of the RPS International Members eMagazine, which is the publication that currently uses it. When you submit work, it arrives here and is reviewed by the eMagazine's named editorial team, who decide what to include in an issue.

For the purposes of this submission system, Jacky Lee is the person responsible for deciding how the submitted information is collected, stored, and used within the system.

• Who you are: your name, your RPS member number, and an email address you give when you register. These are used to credit your work to you and to publish your byline.
• What you submit: your photographs, articles, and any text or details you choose to include. These are used only to consider your work for the eMagazine and to keep a record of what you sent.
• Photograph declaration (if applicable): a short note you may add when submitting a photograph that involves AI generation, substantial composite work, or other non-photographic content. Used by the editorial team to make an informed selection decision. Stored alongside the submission and visible to you on your submission record.
• How you stay signed in: instead of a password, you receive a personal sign-in link. The system stores a scrambled version of that link, never the link itself, along with a small file in your browser (a cookie) that keeps you signed in for 90 days. Because there is no password, there is no reusable password stored in the system or for you to remember. The technical details are in the section at the end.
• Technical records: the system logs the internet address (IP address) your request came from, along with the date and time, when you register, when you give consent, and when an administrator takes an action. These are used to spot abuse and fraud, and to keep evidence that consent was actually given.
• Reach Out contact email: only if you submit a piece in the Reach Out category and choose to opt in. That email is then published in the eMagazine for the purpose you agreed to, and nothing else.

The system does not use cookies for advertising, analytics, or third-party tracking. No decision about you is made automatically: every editorial decision about your submissions is made by the editorial team.

If you do not provide the required registration or submission information, the system may not be able to accept or consider your contribution for the eMagazine.

UK data protection law (the UK GDPR) requires a lawful reason, called a “lawful basis”, for using your information. Two apply here.

• Your consent. When you submit work, accept the contributor disclaimer, and, separately, agree to publish your contact email under Reach Out, you are giving consent. You can withdraw it at any time. In the law, this is Article 6(1)(a).
• Legitimate interests. The operator relies on legitimate interests to keep security and audit records, prevent abuse, limit repeated requests from the same address, and keep evidence that consent was given. These uses are considered necessary to protect the system, contributors, and the editorial process, and are balanced against your privacy rights. You have the right to object to processing based on legitimate interests. In the law, this is Article 6(1)(f).

A small number of outside services help run the system. They are:

• Hetzner Online GmbH (Falkenstein, Germany), which hosts the application and the database on its servers in the EU. Your data stays within their datacentre.
• Cloudflare, Inc., which provides the “are you human” check on the registration form. For that one check, your IP address and a verification token pass through Cloudflare. None of your submitted work passes through them. Cloudflare is a US company, so this involves a transfer outside the UK, which relies on the standard safeguards for UK-to-US transfers (the UK extension to the EU-US Data Privacy Framework, or equivalent contractual safeguards).

Your personal data is not sold. It is not shared with advertisers, data brokers, analytics companies, or outside AI services. Editorial discussion happens inside the system, between named members of staff.

• Your submitted files: removed 12 months after the issue is published, or 12 months after your last activity if your work is not selected. Basic details (title, category, dates, and the status history) are kept indefinitely, so you can always see what you submitted.
• IP addresses in the audit log: erased after 12 months. The log entries themselves stay, as a record of administrator actions that cannot be quietly altered.
• Consent records: kept for as long as reasonably necessary to evidence the consent given for a submission, publication, or Reach Out contact email, including the IP address consent was given from. This may be longer than other technical records because the purpose of a consent record is to show what was agreed, when, and from where; erasing the IP would weaken it as evidence. The audit-log IPs are only operational records for spotting abuse and are nullified at 12 months.
• Deleted submissions: if a submission is deleted, your uploaded files (your photographs and text) are permanently removed from the server within 24 hours. A short record that the submission existed, such as its title, category, and dates, is kept so there is a history of what was submitted.
• Lost-link recovery requests: once resolved and older than 12 months, deleted entirely. If a request is still unresolved but inactive, the IP address is erased at 12 months.

Under the UK GDPR you can ask for:

• a copy of your data (the right of access)
• correction of anything that is wrong (rectification)
• deletion, where consent is the lawful basis (erasure)
• a pause on its use (restriction)
• an objection to its use under legitimate interest

You can also withdraw consent at any time. Withdrawing it does not undo processing that already happened while the consent was in place.

To use any of these rights, see “How to contact the operator about your data” below.

If you have a question or concern about your information, please contact internationalsubmissions@rps.org first so the operator can review it directly. UK data protection law also gives individuals the right to contact the Information Commissioner's Office (ICO) where appropriate.

For any question about your information, to ask for a copy of it, to correct it, or to withdraw a submission, email internationalsubmissions@rps.org. This inbox reaches the operator directly for the purpose of handling submission-system data requests.

Under UK data protection law, the operator has up to one month to respond to a request about your information. In practice, the operator aims to reply as soon as possible.

All traffic to the site is encrypted (HTTPS). Your personal sign-in link is a single, long, random URL, and only a scrambled version of it is stored, never the link itself. The session cookie set when you visit the link lasts 90 days and is protected against common browser-based attacks. Backups are taken daily and retained for 14 days. Editorial discussion is staff-only and is never visible to contributors.

The exact technical measures are listed below for anyone who wants them.

This Privacy Notice has a version number, an effective date, and a last updated date. Minor corrections, such as spelling, formatting, or wording improvements that do not change how personal data is collected, used, shared, or retained, may be made by updating the last updated date only.

When a change affects how personal data is collected, used, shared, or retained, the version number and effective date will be updated. Contributors will be asked to review the current Privacy Notice before submitting new work or giving a new consent through the system. Where a change requires fresh consent, the system will ask for that consent before the new processing takes place.

Consent records are linked to the version of the Privacy Notice accepted at the time. Changes to this notice do not alter the basis on which past consent was given, unless fresh consent is requested.

This section is for technically minded readers. It is not needed to understand how your data is handled.

• Login tokens: your sign-in link contains a single long random token. Only an HMAC hash of that token is stored, not the URL and not the token itself.
• Sessions: a 90-day rolling session cookie, set HttpOnly, Secure, and SameSite=Lax. No passwords are stored, because none exist.
• Transport and headers: HTTPS with HTTP Strict Transport Security (HSTS), plus X-Frame-Options set to DENY, X-Content-Type-Options set to nosniff, a Referrer-Policy, and a Permissions-Policy.
• Bot check: Cloudflare Turnstile on the registration form. Only the IP address and a challenge token transit Cloudflare; no submission content does.
• Backups: daily, retained for 14 days.
• Audit log: administrator actions are recorded in a tamper-evident log. IP addresses in it are nullified after 12 months, while the rows themselves are retained.