Privacy Policy

The Biometrics Institute is committed to upholding your privacy as a valued member, prospective member, stakeholder or user of the Biometrics Institute services. As a member-based association, its business operations include collecting, storing, processing and transacting data relating to its members and prospective members.

The Biometrics Institute operates globally and has in place general rules and protocols which apply to data protection in multijurisdictional environments. The Biometrics Institute privacy policy document includes measures the Biometrics Institute will take as soon as practicable as well as compliance and notification steps as soon as it is aware that there are reasonable grounds to believe there is an eligible data breach.

In dealing with external parties, the Biometrics Institute adopts the following principles:

1. The Biometrics Institute is governed by local privacy regulation e.g. EU’s General Data Protection Regulation (GDPR), British Privacy law which mirrors the GDPR and the Australian Privacy Act.
   
   
2. We will collect only the minimum amount of personal data required to provide a service to your organisation
   
   
3. We will do our utmost to collect, process, store and transfer personal data in an effective and responsible manner. This will include IT equipment being secured, audits being conducted, appropriate logs kept, checks on the system security being conducted from time to time and privacy impact assessments being conducted when significant privacy impacting new business is being planned.
   
   
4. We will not sell any personal details to third parties for promotional or other commercial purposes.
   
   
5. Personal details will not be sent to, nor processed in, countries where a less stringent privacy jurisdiction is applied.
   
   
6. In keeping with the key privacy protection principle “the right to be forgotten”, the Biometrics Institute will maintain personal data only as long as necessary. Should we receive a request that the organisation’s active participant/s should be deleted from our record, we will do so.
   
   
7. Individuals in their own right or as individuals who have authority to sign for their organisation should give informed consent when they provide their personal data; that includes the right to know how their own data will be used by the Institute.
   
   
8. We have in place a Board-approved Data Breach Notification process so that in the urgent situation that follows a data breach, everyone knows what to do.
   
   
9. We have a Data Protection Officer who is responsible for dealing with your queries and ensuring good privacy practice. This is Anne Ferraris, COO (anne@biometricsinstitute.org).  The Biometrics Institute Data Protection Policy April 2022 may be downloaded. The Privacy Policy includes measures the Biometrics Institute will take as soon as practicable as well as compliance and notification steps as soon as it is aware that there are reasonable grounds to believe there is an eligible data breach.