Guidance

Biometrics self-enrolment feasibility trials: privacy information notice

Updated 10 February 2022

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/biometrics-self-enrolment-feasibility-trials-privacy-information-notice/biometrics-self-enrolment-feasibility-trials-privacy-information-notice

Why we collect your data

The Home Office collects face and fingerprint biometrics from foreign nationals applying for a visa. The fingerprints collected as part of this process are put through forensic checks to uphold security. Following the UK’s departure from the European Union, we plan to expand this biometric requirement to additional immigration cohorts.

The long-term aim is that all visitors and migrants to the UK will provide their biometric facial images and fingerprints under a single global immigration system. To maximise customer convenience and security, we will increasingly look to provide capabilities for biometric self-enrolment, integrated within digital application processes for immigration products.

The Home Office will be testing biometric self-enrolment technology through these trials to evaluate how effectively these novel solutions can capture biometrics and help the Home Office to improve the biometric processes we use for immigration applications. Biometrics also form an important part of forensic science, helping forensic science practitioners identify, investigate and eliminate individuals. The Forensic Science Regulator, working with the Home Office, ensures that practitioners work to an appropriate standard. Test biometric data is collected and used to validate that the procedures are robust and meet the standard. You can read more about what the Forensic Science Regulator does.

Your data captured during these trials is collected by the Home Office (data controller) on behalf of the UK government.

The data we collect from you during these trials will be used for the purpose of:

  1. Testing solutions for the self-enrolment of face and fingerprint biometrics.
  2. Assessing the suitability of biometric self-enrolment technology in meeting the responsibilities and priorities of the Home Office.
  3. Enhancing self-enrolment technology (participating suppliers can request access to the data collected during these trials. If the Home Office permits their use case, they can use the data for up to 12 months for the purposes of developing the technology in the trials only).
  4. Validating that the biometric processes used in forensic science applications are robust and meet the standards set by the Forensic Science Regulator.

This Privacy Information Notice (PIN) explains how:

  • the Home Office may use your data, and disclose it to other organisations
  • these organisations may use this personal data to carry out their functions.

Personal data that will be processed

  • Name
  • Contact details
  • Face and fingerprint biometrics
  • Passport details (to be scanned as part of the enrolment process so the data is temporarily processed, this data is not retained after the trial)
  • Age
  • Sex (as recorded in the passport)
  • Ethnicity
  • Accessibility (e.g. missing fingers, damaged skin, which could make using the technology challenging)
  • Any disabilities, health conditions or impairments (which could make using the technology challenging)

Your personal data will not be linked to your contact details unless there is a need to do so. For example, to notify you in the event of a data breach or if you wish to withdraw or amend your consent.

How we protect your personal information

Your personal data will be processed securely. We do that by having systems and policies in place that limit access to your information and prevent unauthorised disclosure. In addition, we limit access to your personal data to staff, contractors or third parties who have appropriate security clearance and a genuine business need, and their activity is subject to audit and review.

Your personal data will be protected by the Home Office Biometrics Security Control Framework for the purpose of the trials. In the event your data is shared with suppliers to test their technology, new Security Control Frameworks will be developed to strictly govern its use.

How long we will keep your data

The Home Office will retain your data for testing solutions for the self-enrolment of face and fingerprint biometrics.

The need to retain this data will be subject to annual review. The data will be retained for as long as necessary, up to 6 years and data will be deleted in line with whichever occurs sooner.

There will be biometric technology suppliers taking part in these trials and they will be able to request access to the face and fingerprint biometrics, age, ethnicity, sex and accessibility details, but not your contact details. However, to access the trial data following the trials, suppliers must request permission from the HO and clearly define their use cases. The use-cases have been restricted to troubleshooting or improving their technology. If successful in their application to access the data, the technology suppliers will have access to the data for up to 12 immediate months following the feasibility trials, at which point the data must be deleted.

How your data will be stored

The Home Office will have access to and store your personal data to test solutions for the self-enrolment of face and fingerprint biometrics.

The Home Office will store your data in a secure stand-alone environment with strict security procedures in place.

All participating suppliers have signed a legally enforceable non-disclosure agreement with the Home Office and completed checks to make sure that your personal data will be processed securely on their systems.

Suppliers who we will be sharing your data with:

1. Blue Biometrics Pty Ltd

2. FaceTec, Inc.

3. Gambit ID

4. GBG Plc.

5. Idemia

6. NEC Software Solutions UK

7. Regula Forensics UK Ltd

8. Spidx LLC

9. T Stamp Inc dba Trust Stamp

10. Teleperformance Contact Ltd

11. Thales UK Ltd

12. Unisys Ltd

13. Veridium IP Ltd

14. VF Worldwide Holdings Private Limited

15. iProov

Sub-suppliers:

16. IDR&D

17. InnoValor

18. NEC National Security Systems (NSS)

19. Speed Identity

20. Aware

21. DXC

22. TECH5

23. Griaule

Trials support services:

24. Deloitte LLP

25. Ingenium Biometric Laboratories

26. Metro Production Group

27. Forensic science services

We are only allowed to use, gather and share personal information where we have an appropriate legal basis to do so under the UK General Data Protection Regulation (UK GDPR) or the Data Protection Act 2018.

We will process your data based on consent under Article 6(1)(a) of the UK GDPR, or Article 9(2)(a) of the UK GDPR where the data is special category personal data. You can withdraw your consent at any time. Further details on how to withdraw your consent and details of other rights you will be entitled to exercise will be shared with you in a consent form.

Transfers of personal data to other countries

The UK GDPR applies to all personal data within the European Union, but rights may be enforced, where applicable, in other parts of the world.

We or our partnering biometric technology suppliers may process your personal data in countries outside the European Economic Area.

When we do this, we will take appropriate steps to safeguard your information. For these feasibility trials we have agreements in place with each of the participating suppliers, which are legally enforceable and restrict the use of your data to the purposes set out in this PIN.

Contacting you using your information

We will only contact you using your personal data if it is absolutely necessary to do so. For example, in the event of a data breach.

More information on privacy

Read our personal information charter for more about how the Home Office uses and shares personal data, including your data protection rights.

Contact us

If you took part in the trials and would like to contact the Home Office regarding your personal data, please email JSaRC@homeoffice.gov.uk.

How to make a complaint

In the first instance please direct queries or complaints to the JSaRC mailbox: JSaRC@homeoffice.gov.uk.

If you have contacted the JSaRC mailbox, but are unhappy with the response, you can contact the Home Office’s Data Protection Officer at:

Email: dpo@homeoffice.gov.uk

Telephone: 020 7035 6999

Or write to:

Office of the DPO
Home Office
Peel Building
2 Marsham Street
London
SW1P 4DF

You also have the right to complain to the Information Commissioner’s Office about the way we handle your information or the exercise of your other rights under the GDPR or the Data Protection Act 2018.

Postal applications are not being processed because of coronavirus until further notice.

You can contact the Information Commissioner’s Office by telephone on 0303 123 1113.

Back to top