Home > privacy-notice---xs-face-entry-door-system

Privacy notice - XS4 Face Entry Door System

Privacy Notice - Face Entry Door System

 

  1. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

We inform you that the personal data that you provide through the face entry door system will be processed as a data controller by Advance Housing and Support Ltd (hereinafter, "We”, “Us” and/or “Our”, indistinctly), with registered office at:

Advance Housing and Support Ltd

2 Witan Way

Witney

Oxfordshire

OX28 6FH

You can contact Our Data Protection Officer (DPO) at the following email address:

data.protection@advanceuk.org

 

  1. WHY AND WHAT FOR WILL WE PROCESS YOUR PERSONAL DATA?

In this section, you can find detailed information about the purposes of the processing that We will carry out on your personal data and the legal basis of said processing activities.

Registration invitation: We will process your personal data to send you an invitation for registering in the face entry system and to grant you access to open certain doors of our premises by using facial recognition technology.

The lawfulness of the processing of your data for this purpose will be Article 6(1)(f) UK GDPR - Legitimate Interests, to ensure secure access to buildings and services, and Article 9(2)(a) UK GDPR - Explicit Consent, where biometric data is used.

Maintain access control: We will process your data for the purpose of allowing you access to the facilities to which you are authorised, as well as maintaining and managing the permits granted to you in this regard.

Once you have registered in the face entry system and provided your explicit consent, you will be entitled to access part of these facilities through biometric facial recognition using your facial identification record (FIR), which is extracted from the image captured during the registration process.

The lawfulness of the processing of your data for this purpose will be Article 6(1)(f) UK GDPR - Legitimate Interests, and Article 9(2)(a) UK GDPR - Explicit Consent.

The use of facial recognition is optional. If you choose not to provide consent, an alternative method of access (such as a key fob, card or staff-assisted entry) will be provided.

Compliance with legal obligations: We may also process your personal data, if required, to comply with our legal obligations, including:

  • maintaining secure access to premises
  • responding to lawful requests from public authorities
  • complying with legal data retention requirements

The lawfulness of this processing is Article 6(1)(c) UK GDPR - Legal Obligation.

 

  1. WHICH PERSONAL DATA WILL WE PROCESS AND WHERE CAN WE GET THE DATA FROM?

Personal data you provide to Us

You will directly provide Us with personal data about yourself which will allow Us to send you the corresponding invitation to the registration process.

These data may include:

  • Name
  • Email address
  • Photograph captured during registration
  • Access permissions linked to your tenancy or service use

You are responsible for ensuring that the data you provide is accurate and kept up to date.

Personal data that We obtain from third parties

Certain personal data belonging to you may be obtained from trusted service providers involved in operating the face entry system.

This includes:

  • Facial image captured during enrolment
  • Facial Identification Record (FIR) generated from the image
  • Access system records showing authorised access

If you withdraw your consent, you will no longer be able to use facial recognition access and will need to use one of the available alternatives.

Withdrawal of consent does not affect processing already carried out.

 

  1. TO WHOM COULD YOUR PERSONAL DATA BE TRANSFERRED?

We may transfer your personal data to:

Public authorities where required by law

  • Regulators or law enforcement bodies
  • Approved service providers supporting the operation of the system

These suppliers will only process your data under Our instructions and will not use it for their own purposes.

We ensure that:

  • appropriate contracts are in place
  • suppliers implement suitable technical and organisational security measures
  • personal data is always protected

 

  1. WILL WE CARRY OUT INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA?

Your personal data may be processed by suppliers whose services involve storage or processing outside the UK or European Economic Area (EEA).

Where this occurs, We ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other legally recognised transfer safeguards

You may request further information about these safeguards by contacting the DPO.

 

  1. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

We keep your personal information for no longer than necessary for the purposes for which it is processed and while you are authorised to use the system

 

  1. YOUR DATA PROTECTION RIGHTS

In accordance with data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact: dataprotection@advanceuk.org

If you are not satisfied with how your data has been handled, you have the right to lodge a complaint with:

Information Commissioner’s Office (ICO) www.ico.org.uk

 

  1. YOUR RESPONSIBILITY

You confirm that:

  • You are over eighteen (18) years of age
  • The data you provide is accurate and up to date
  • You will notify Us of any changes

Providing false or inaccurate information may result in withdrawal of access permissions.

 

  1. SECURITY MEASURES

We process your personal data in strict confidence and apply appropriate technical and organisational measures to protect it.

These measures include:

  • Secure encrypted storage
  • Restricted system access
  • System authentication controls
  • Regular system monitoring
  • Data protection and cybersecurity safeguards

 

  1. ACCEPTANCE AND CONSENT

You declare that you have been informed of the conditions relating to personal data protection and understand the content of this Privacy Policy.

Where biometric facial recognition is used, your explicit consent will be requested before activation.

 

  1. CHANGES TO THIS PRIVACY NOTICE

This privacy notice was published in April 2026 and subsequently will be updated to reflect changes either to the way in which we operate or changes to data protection legislation. We will bring any significant changes to your attention but to make sure that you keep up to date, we suggest that you revisit this notice from time to time.

Version control

Version

Approved By

Date

Changes

1.0

Data Protection Officer

22.04.2026

New Publication