GDPR Policies

GDPR Policies 2018-04-17T19:40:46+00:00

General Data Protection Regulations (GDPR) Resources

To help you fulfil your GDPR obligations and ensure our systems support you to do this, we have produced the following documentation for you to use in your school. Click the buttons below to download the relevant documents. If you have any questions or queries, check out the FAQ section below, or get in touch via our contact us page.

Download the GDPR Factsheet
DOWNLOAD DATA PROTECTION POLICY
DOWNLOAD GDPR PRIVACY NOTICE

GDPR FAQ’s

If you only use the InVentry onsite system, we don’t do anything with the data. The system sits on a computer that you have purchased and sits on your network. We have no access to this without your consent and would always ask for this before doing so. If you don’t use any of our other services such as the support desk, ID badge making or InVentry Anywhere we do not process the data. You always remain the controller of the data and we would only ever do what is agreed in our maintenance contract.

When we process data on your behalf we will only ever do what has been agreed in the contract. For example, we will never share your data with a third party organisation or handle it in a way that has not be explained in the contract. Where data is processed in the cloud or by our staff, it is done so in a way that complies with the GDPR. More details of this can be found in our data sharing agreement which can be requested by customers, and our privacy policy statement which can be downloaded above.

First let’s clarify the difference between capturing a picture and biometric data. A good comparison for this is getting a speeding a ticket…when the camera flashes, the picture is processed through an electronic system to identify the car and matches this against information held in database to identify the owner. This is the same for biometric use, the system has a database of images which it will compare the new image against to see if they are the same person by matching features such as eyes, nose etc. Unless the image is run through a system like this it is not defined as biometric data. Taking a photograph for a person to use as part of a badge making process or in an evacuation list to assist identification would not constitute biometric data. Before collecting data for biometric use, the system will seek consent of the individual using the system to use it for this purpose.  Only by giving this can the image be used for this purpose.

Any data that we process using a cloud based service is a secure service hosted by a Tier 1 service provider and is stored inline with the requirements laid out in GDPR. Data stored at InVentry offices is done so on our secure network. More details of this can be found in our data sharing agreement which can be requested by customers, and our privacy policy statement can be downloaded above.

The short answer is no you don’t with certain exceptions. The longer answer is that there are legal obligation placed on schools to keep registers of those who attend site for various reasons including The Education Act and The Health & Safety Act. This legislation requires schools to keep records and the choice of how you do this is down to you. Additional consent is required for using biometric identification, but this is obtained from visitors as they arrive. Should you wish to use this with staff (under GDPR) and students (under GDPR and guidance from the DfE (https://goo.gl/PWDaeX)) you will be required to obtain consent before implementing.

InVentry Ltd only process your data that is required as part of the contract we have with your organisation. This varies depending on the service purchased. Details for each service can be found in our data sharing agreement which can be requested by customers, and our privacy policy statement which can be downloaded above.

All transfer is done via https to ensure that it remains secure in transit. This is also the same when the support team need to access the school system via the internet to conduct work on a school system.

The InVentry system installed on the computer purchased from your reseller is encrypted at the 256bit AES industry standard. The InVentry system and its supporting network infrastructure is subject to the policies of the school to enable it to be maintained without any reliance on input from InVentry Ltd.

The only cases where personal data could be displayed on the InVentry screen system are:

  • When the system is set up to allow ‘quick pick’ which retains data for a period of time agreed with the school to allow quick signing in for visitors returning within the agreed timescale.
  • The school pre-registers visitors for events or regular visitors to make signing in quicker.
  • In the case of visitor entering their own details, the system will be/is set up to ensure that they are asked for their consent for this to be displayed. In the case of pre-registered visitors, it is the responsibility of the school to gain consent for this when arranging the pre-booking.

Any data entered by the school into the InVentry system situated within the school will be stored as agreed by the school in line with its data protection policy. Where InVentry processes data, the retention policy for this can be found in our data sharing agreement which can be requested by customers, and our privacy policy statement which can be downloaded above. These policies also include details about storage and deletion of data processed by InVentry Ltd.

Not from education?

Visit our commercial site below!