Biometrica Compliance with the UK Data Protection Act 2018

March 2025

Overview

Biometrica Systems, Inc. is committed to ensuring that all our solutions, including RTIS, RVIS, UMbRA, QAPLA, and eMotive, comply with the UK Data Protection Act 2018 (UK DPA), as amended post-Brexit to incorporate UK-specific data protection principles.

Although Biometrica is a U.S.-based company, we apply the principles of data minimization, transparency, accountability, and privacy by design to all of our products and services — aligning closely with the requirements of the UK DPA and ICO guidance.

Core Compliance Commitments

  1. Law Enforcement Exemptions
  • UMbRA consists solely of 100% public law enforcement records (e.g., booking, charge, conviction, warrant, and parole/probation data).
  • Access to UMbRA is restricted to credentialed and trained law enforcement officers or quasi-law enforcement partners only.
  • These uses align with the “law enforcement purposes” exemptions in Part 3 of the UK DPA.
  1. No Biometric Data Access or Retention
  • Biometrica does not access, retain, transmit, or store biometric identifiers or faceprints.
  • All facial recognition comparisons are performed by an independent, third-party, NIST-evaluated provider operating within a black box environment.
  • We therefore have no biometric gallery.
  1. Relevance-Based Alerts Only
  • RTIS and RVIS systems are built around relevance filters, ensuring alerts are only generated when a detected person matches criteria directly related to an organization’s lawful mission or safety mandate.
  1. Privacy by Design
  • All Biometrica systems are designed from the ground up to minimize unnecessary data exposure.
  • Images are not stored unless a relevant and verified match occurs.
  • Unmatched facial images are deleted immediately and never retained.
  1. Human-in-the-Loop Oversight
  • All RTIS and RVIS alerts are verified by a trained human analyst at Biometrica’s Rapid Action Center (RAC).
  • No automated decision-making is permitted without human review.

Additional UK-Specific Commitments

  • Transparency: We provide clear public documentation on our website about what we collect, process, and how our systems function.
  • Security: We implement strong physical, technical, and administrative controls aligned with NCSC and ICO best practices.
  • Data Subject Rights:
    • UMbRA is not accessible to the public. Any individual requesting access to, correction of, or deletion of records in UMbRA will be referred to the originating law enforcement agency.
    • For other systems, such as eMotive, Biometrica provides mechanisms for users to exercise their rights under applicable law, including access, rectification, objection, and restriction — where such rights apply.

Applicable Exemptions Under the UK DPA

Biometrica’s systems fall under lawful bases including:

  • Public task — When used in partnership with UK law enforcement or quasi-law enforcement agencies.
  • Legitimate interests — For specific non-law enforcement uses (e.g., continuous criminal background checks via eMotive, with user consent).

Additionally:

  • Schedule 1 Conditions under the DPA permit processing for safeguarding individuals at risk, protecting the public, and detecting/preventing unlawful acts.
  • Law enforcement processing exemptions apply to UMbRA, QAPLA, RTIS, and RVIS data usage.

Summary

Biometrica complies with the UK Data Protection Act 2018 through:

  • Strict data minimization and black-box biometric processing
  • Relevance-based, non-retentive real-time alerting
  • Immutable audit trails
  • No access to biometric data
  • Restricted system access for credentialed users only
  • Full human oversight
  • Privacy-first engineering

For more information or access to our full Security and Compliance FAQ, contact:
privacy@biometrica.com