Design note 4 - what do we mean?

In addition to the similarities between our new icon and the real Northern Lights, we particularly liked some of the themes the Northern Lights icon represented, namely:

  • Uniqueness
  • Reaching for high standards
  • Our Trust on a journey to Remarkable
  • Whether you are a student, a teacher or a trusted partner, everyone is on a unique journey, one that will take them to new places and opportunities.

Design note 3 - a bold look

To complement our dynamic new Northern Lights icon, we needed a strong colour pallette and confident, contemporary font.
The contrasting yet complimentary colours in our logo symbolises our value of diversity and unity. We often talk about 'the same but different' at Beckfoot Trust to acknowledge that whilst we have a very clear One Trust identity and clarity on what remarkable means, we also know that one size does not always fit all. 

Design note 2 - our Northern Lights

Perhaps the most important part of our new Beckfoot Trust logo is the icon, shown to the right here.

We call it our Northern Lights.

In nature, the Northern Lights are seen as something unique and truly Remarkable that are associated with the North.

Our Northern Lights icon represents The Beckfoot Trust which is also on a constant journey to Remarkable and is strongly associated with the North of England.

As part of our ongoing Journey to Remarkable we felt it was important to give The Beckfoot Trust a strong, confident and contemporary logo and brand that was worthy of an organisation with such high standards and aspirations.

The new Trust logo was a departure from the previous logo style and was definitely designed with the future in mind.

Biometric Information Policy

1.0 Policy Statement

Beckfoot Trust takes its’ duty to protect the personal data of all students and staff seriously, and this includes any biometric data we collect and process.

We collect and process biometric data in accordance with relevant legislation and guidance to ensure the data and the rights of individuals are protected. This policy outlines the procedure the school follows when collecting and processing biometric data.

2.0 Scope and Purpose

The purpose of this policy is to set out clearly how we meet our statutory obligation with regards to the storing of biometric data. The policy applies to the storage of all biometric data for staff, students, and visitors. All staff who are involved in storing data are trained.

The policy should be read in conjunction with the following Beckfoot Trust policies:

  • GDPR Data Protection and FOI Policy

This policy has due regard to relevant legislation and guidance including, but not limited to, the following: 

  • Protection of Freedoms Act 2012
  • Data Protection Act 2018
  • General Data Protection Regulation (UK GDPR)
  • The Data (Use and Access) Act (DUAA) 
  • DfE (2018) ‘Protection of biometric information of children in schools and colleges’

Biometric data: Personal information about an individual’s physical or behavioural characteristics that can be used to identify that person, including their eight-point identification pattern (fingerprint), facial shape, retina and iris patterns, and hand measurements. 

Automated biometric recognition system: a system which measures an individual’s physical or behavioural characteristics by using equipment that operates ‘automatically’ (i.e. electronically). Information from the individual is automatically compared with biometric information stored in the system to see if there is a match to recognise or identify the individual. 

Processing biometric data: processing biometric data includes obtaining, recording, or holding the data or carrying out any operation on the data including disclosing it, deleting it, organising it or altering it. An automated biometric recognition system processes data when:

  • recording an individual’s biometric data, e.g. taking measurements from an eight point identification pattern (fingerprint) via a fingerprint scanner
  • storing an individual’s biometric information on a database
  • using an individual’s biometric data as part of an electronic process, e.g. by comparing it with biometric information stored on a database to identify or recognise individuals.

Special category data: personal data which is more sensitive and therefore needs more protection where biometric data is used for identification purposes, it is considered special category data.

3.0 Overarching Principles

The school processes all personal data, including biometric data, in accordance with the key principles set out in the UK GDPR. The school ensures biometric data is:

  • processed lawfully, fairly and in a transparent manner
  • only collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with those purposes
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • accurate and, where necessary, kept up-to-date, and that reasonable steps are taken to ensure inaccurate information is rectified or erased
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • processed in a manner that ensures appropriate security of the information, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

As the Data Controller, the school is responsible for being able to demonstrate compliance with the provisions outlined in Section 2 (Automated biometric recognition system).

3.1 Roles and Responsibilities

The Headteacher is responsible for:

  • ensuring the provisions in this policy are implemented consistently.

The Data Protection Officer (DPO) is responsible for:

  • reviewing this policy on an annual basis
  • monitoring the school’s compliance with data protection legislation in relation to the use of biometric data
  • advising on when it is necessary to undertake a data protection impact assessment (DPIA) in relation to the school’s biometric system(s)
  • being the first point of contact for the ICO and for individuals whose data is processed by the school and connected third parties.

4.0 Data Protection Impact Assessments (DPIA)

Prior to processing biometric data or implementing a system that involves processing biometric data, a DPIA will be carried out. The DPO will oversee and monitor the process of carrying out the DPIA.

The DPIA will:

  • describe the nature, scope, context and purposes of the processing
  • assess necessity, proportionality and compliance measures
  • identify and assess risks to individuals
  • identify any additional measures to mitigate those risks.

When assessing levels of risk, the likelihood, and the severity of any impact on individuals will be considered. If a high risk is identified that cannot be mitigated, the DPO will consult the ICO before the processing of the biometric data begins. 

The ICO will provide the school with a written response (within 8 weeks or 14 weeks in complex cases) advising whether the risks are acceptable, or whether the school needs to take further action. In some cases, the ICO may advise the school to not carry out the processing. 

The Trust will adhere to any advice from the ICO. 

5.0 Notification and Consent

The obligation to obtain consent for the processing of biometric information of children under the age of 18 is not imposed by the Data Protection Act 2018 or the UK GDPR. Instead, the consent requirements for biometric information are imposed by section 26 of the Protection of Freedoms Act 2012.

  1. Where the school uses students’ biometric data as part of an automated biometric recognition system (e.g. using students’ eight-point identification pattern (fingerprint) to receive school dinners instead of paying with cash), the school will comply with the requirements of the Protection of Freedoms Act 2012.
  2. Prior to any biometric recognition system being put in place or processing a student’s biometric data, the school will send the students’ parents a Parental Notification and Consent Form for the use of Biometric Data (DfE exemplar at Appendix 1).
  3. Written consent will be sought from at least one parent of the student before the school collects or uses a student’s biometric data.
  4. The name and contact details of the student’s parents will be taken from the school’s admission register.
  5. Where the name of only one parent is included on the admissions register, the headteacher will consider whether any reasonable steps can or should be taken to ascertain the details of the other parent.
  6. The school does not need to notify a particular parent or seek their consent if it is satisfied that:
  • the parent cannot be found, e.g. their whereabouts or identity is not known
  • the parent lacks the mental capacity to object or consent
  • the welfare of the student requires that a particular parent is not contacted, e.g. where a student has been separated from an abusive parent who must not be informed of the student’s whereabouts
  • it is otherwise not reasonably practicable for a particular parent to be notified or for their consent to be obtained
  1. Where neither parent of a student can be notified for any of the reasons set out above, consent will be sought from the following individuals or agencies as appropriate:
  • if a student is being ‘looked after’ by the LA or is accommodated or maintained by a voluntary organisation, the LA or voluntary organisation will be notified, and their written consent obtained
  • if the above does not apply, then notification will be sent to all those caring for the student and written consent will be obtained from at least one carer before the student’s biometric data can be processed.
  1. Notification sent to parents and other appropriate individuals, or agencies will include information regarding the following:
  • details about the type of biometric information to be taken
  • how the data will be used
  • the parent’s and the student’s right to refuse or withdraw their consent
  • the school’s duty to provide reasonable alternative arrangements for those students whose information cannot be processed
  1. The school will not process the biometric data of a student under the age of 18 in the following circumstances:
  • the student (verbally or non-verbally) objects or refuses to participate in the processing of their biometric data
  • no parent or carer has consented in writing to the processing
  • a parent has objected in writing to such processing, even if another parent has given written consent
  1. Parents and students can object to participation in the school’s biometric system(s) or withdraw their consent at any time. Where this happens, any biometric data relating to the student that has already been captured will be deleted.
  2. If a student objects or refuses to participate, or refuses to continue to participate, in activities that involve the processing of their biometric data, the school will ensure that the student’s biometric data is not taken or used as part of a biometric recognition system, irrespective of any consent given by the student’s parent(s).
  3. Students will be informed that they can object or refuse to allow their biometric data to be collected and used via a letter.
  4. Where staff members or other adults use the school’s biometric system(s), consent will be obtained from them before they use the system.
  5. Staff and other adults can object to taking part in the school’s biometric system(s) and can withdraw their consent at any time. Where this happens, any biometric data relating to the individual that has already been captured will be deleted.
  6. Alternative arrangements will be provided to any individual that does not consent to take part in the school’s biometric system(s), in line with section 6 of this policy.

6.0 Alternative Arrangements

Parents, students, staff members and other relevant adults have the right to not take part in the school’s biometric system(s). 

Where an individual objects to taking part in the school’s biometric system(s), reasonable alternative arrangements will be provided that allow the individual to access the relevant service, e.g. where a biometric system uses school’s eight-point identification pattern (fingerprint) to pay for school meals, the student will be able to use cash for the transaction instead. 

Alternative arrangements will not put the individual at any disadvantage or create difficulty in accessing the relevant service, or result in any additional burden being placed on the individual (and the student’s parents, where relevant). 

7.0 Data Retention

Biometric data will be managed and retained in line with the Trust’s Records Management procedures. 

If an individual (or a student’s parent, where relevant) withdraws their consent for their/ their child’s biometric data to be processed, it will be erased from the school’s system. 

8.0 Breaches

There are appropriate and robust security measures in place to protect the biometric data held by the school. These measures are detailed in the Trust’s GDPR Policy. 

Any breach to the school’s biometric system(s) will be dealt with in accordance with the GDPR Policy.

Please download the PDF above to access the appendices.