Privacy Notice
This notice explains how Face-Int Ltd collects, uses, stores, and protects personal data. We respect and value the privacy of our clients and users, and we process personal data in line with UK GDPR and the Data Protection Act 2018.
1. Information About Us
2. What Does This Notice Cover?
This notice explains how we use personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
3. What Is Personal Data?
Personal data is defined by UK GDPR and the Data Protection Act 2018 as information relating to an identifiable person who can be directly or indirectly identified. This includes obvious information like name and contact details, and also identifiers such as employee IDs, device identifiers, and other online identifiers.
4. What Are My Rights?
- The right to be informed about collection and use.
- The right of access to data held about you.
- The right to rectification where data is inaccurate or incomplete.
- The right to erasure (“right to be forgotten”).
- The right to restrict processing.
- The right to object to processing for a particular purpose.
- The right to withdraw consent (where consent is the lawful basis).
If you have concerns, you may complain to the Information Commissioner’s Office (ICO). We welcome the opportunity to resolve concerns directly first.
5. What Personal Data Do You Collect and How?
We process biometric data for identity verification. This is converted into irreversible biometric templates and is not stored as raw facial imagery.
Name, facial recognition data, hashed biometric data
Email address, telephone number (if required)
Job title, department, employee ID
Billing address, payment method, transaction records (if applicable)
Preferences, permissions, access levels
From HR/CRM/access tools
Date/time/location, success/failure
Device ID, IP address, location data, versions
Frequency, peak times, anomalies
6. How Do You Use My Personal Data?
We must always have a lawful basis for processing. Typical bases include legitimate interests, contractual necessity, and legal obligation (depending on the activity).
We may also send marketing communications where permitted by law, and you can opt out at any time.
7. How Long Will You Keep My Personal Data?
8. How and Where Do You Store or Transfer My Personal Data?
We store personal data primarily in the UK. In some cases we may store or transfer data within the EEA, and in limited circumstances to third countries. Where transfers occur, we use appropriate safeguards such as adequacy decisions and approved contractual terms.
- Access is limited to authorised personnel and bound by confidentiality.
- Technical and organisational controls are used to prevent unauthorised access, loss, or misuse.
- We maintain procedures for data breach handling and notifications where required.
9. Do You Share My Personal Data?
We do not share personal data except where necessary to deliver services, comply with legal obligations, or where business ownership changes. We may use carefully selected service providers (e.g., hosting, security, payment processors, monitoring) under strict contractual controls.
10. How Can I Access My Personal Data?
You can request access to personal data we hold about you (a “subject access request”). Requests must be made in writing using the contact details below. We usually respond within one month, and may extend up to three months for complex requests (we will inform you if so).
11. How Do I Contact You?
12. Changes to this Privacy Notice
We may update this notice from time to time due to legal changes or changes in our practices. We will update the “last updated” date accordingly.