Biometric recognition – St. Anselm's College Virtual Open Event

Our catering provider is moving to a cashless system, which requires setting up an alternative method for taking payments. The new system works via ParentPay, and allocates payment using fingerprint recognition, or alternatively, a PIN at the point of sale.

Frequently Asked Questions

Why are you using biometric recognition?

Biometric recognition converts physical characteristics into a unique digital signature that can be used to quickly and securely locate your child’s cashless catering account. This helps speed up service and eliminates the requirement to carry cash or an alternative method of access, such as a card that can be lost or stolen.

How does it work?

When the child places their finger on the scanner the software reads key features (unique patterns on a fingerprint) and compares this against the College database of registered users. When it finds a match, it automatically opens their cashless catering account allowing the operator to complete the sale of their school meals.

Can these biometrics registrations be used by any other agency?

No, the software turns your child’s physical characteristics into an encrypted (using AES 256) string of characters known as a template (no fingerprint image is ever stored). Even if someone were to be able to gain access to the data and break the encryption, this template does not contain information to reverse engineer into a usable fingerprint.

What happens when my child leaves the College?

When a student leaves the College, all biometric data will be deleted.

I don’t wish to give permission for my child to participate with biometric recognition, can my child still purchase school meals?

Yes, an alternative method of authentication will be available. The option available is a PIN pad at the point of sale.

What if I change my mind?

If you initially opt-in for your child to use biometric recognition but later change your mind, contact the College and we will remove the permission from the system which will automatically remove any biometric data associated with your child and provide your child with a PIN as an alternative method of authentication.

Consent Form

Biometrics Policy

What is biometric data?

Biometric data means personal information about an individual’s physical or behavioural characteristics that can be used to identify that person; this can include their fingerprints, facial shape, retina and iris patterns, and hand measurements.

All biometric data is considered to be special category data under the UK General Data Protection Regulation (UK GDPR). This means the data is more sensitive and requires more protection as this type of data could create more significant risks to a person’s fundamental rights and freedoms.

This policy complies with The Protection of Freedoms Act 2012 (sections 26 to 28), the Data Protection Act 2018 and the UK GDPR.

The College has carried out a Data Protection Impact Assessment with a view to evaluating whether the use of biometric data is a necessary and proportionate means of achieving the legitimate objectives set out below.

The result of the Data Protection Impact Assessment has informed the College’s use of biometrics and the contents of this policy.

What is an automated biometric recognition system?

An automated biometric recognition system uses technology which measures an individual’s physical or behavioural characteristics by using equipment that operates ‘automatically’ (i.e. electronically). Information from the individual is automatically compared with biometric information stored in the system to see if there is a match in order to recognise or identify the individual.

The Legal Requirements Under UK GDPR

‘Processing’ of biometric information includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data including (but not limited to) disclosing it, deleting it, organising it or altering it.

As biometric data is special category data, in order to lawfully process this data, the College must have a legal basis for processing personal data and a separate condition for processing special category data. When processing biometric data, the College rely on explicit consent (which satisfies the fair processing conditions for personal data and special category data). Consent is obtained using the consent form, attached.

The College process biometric data as an aim to make significant improvements to our canteen and lunch facilities. This is to ensure efficiency and to remove the need for cash to be used on site.

Consent and Withdrawal of Consent

The College will not process biometric information without the relevant consent.

Consent for students

When obtaining consent for students, parents/carers will be notified that the College intend to use and process their child’s biometric information. The College only require written consent from one parent (in accordance with the Protection of Freedoms Act 2012), provided no parent objects to the processing.

If a parent objects to the processing, then the College will not be permitted to use that child’s biometric data and alternatives will be provided, such as a PIN code.

The child may also object to the processing of their biometric data. If a child objects, the College will not process or continue to process their biometric data, irrespective of whether consent has been provided by the parent(s).

Where there is an objection, the College will provide reasonable alternatives which will allow the child to access the same facilities that they would have had access to, had their biometrics been used.

Students and parents can also object at a later stage to the use of their child’s/their biometric data. Should a parent wish to withdraw their consent, they can do so by writing to the College at gdpr@st-anselms.com requesting that the College no longer use their child’s biometric data.

Students who wish for the College to stop using their biometric data do not have to put this in writing but should let Mr C. Hawksworth know.

The consent will last for the time period that your child attends the College (unless it is withdrawn).

Retention of Biometric Data

Biometric data will be stored by the College for as long as consent is provided (and not withdrawn). Once a student leaves, the biometric data will be deleted from the College’s system no later than 72 hours.

Storage of Biometric Data

At the point that consent is withdrawn, the College will take steps to delete their biometric data from the system and no later than 72 hours.

Biometric data will be kept securely, and systems will be put in place to prevent any unauthorised or unlawful access/use. The biometric data is only used for the purposes for which it was obtained and such data will not be unlawfully disclosed to third parties.

Biometric Consent Form (parent/carer)

Please sign below if you consent to the College taking and using information from your child’s fingerprint as part of an automated biometric recognition system. This biometric information will be used by the College, for the purpose of charging for break and lunchtime catering.

In signing this form, you are authorising the College to use your child’s biometric information for this purpose until he either leaves the College or ceases to use the system.

If you wish to withdraw your consent at any time, this must be done so in writing and sent to gdpr@st-anselms.com Once your son ceases to use the biometric recognition system, his biometric information will be securely deleted by the College no later than 72 hours .

Parental Consent:

Having read the above guidance information, I give consent to information from the fingerprint of my child being taken and used by the College for use as part of an automated biometric recognition system.

I understand that I can withdraw this consent at any time.

Parent's Name

Signature

Child's Name

Child's Form