Any attendance clocking system will invariably contain certain kinds of personal data about your workforce. In the context of a ClockRite Time & Attendance System this will include employee data stored in the ClockRite Software, employee names stored in the Clocking Terminal, and – in the case of our biometric clocking systems – the biometric data of employees. Read on for an overview of how ClockRite T&A Systems use and store personal data, or see our GDPR Portal for detailed compliance information and advice.
Personal data and the ClockRite Software
All data is entered into the ClockRite Software by you, and should be factored into your internal data security policies. During normal operation the ClockRite Software may hold some, but not necessarily all, of the following information about your staff members:
- First and last name
- Group/Department within your organisation
- Shift and overtime information
- Basic rate of pay
- Contracted hours
- Holiday entitlement
- Payroll number
- Start / finish date
- Actual and amended hours worked
- Total pay
- Holidays, sickness, and lateness
It is up to you to determine who within your organisation will have access to the ClockRite Software. The software can be password protected, and can also be configured with tiered user profiles in order to restrict certain users from accessing unnecessary information. Back-end databases containing employee information are also password protected. The ClockRite Software is local to your organisation, and we do not have access to it or the information therein under normal circumstances.
Personal data and the ClockRite clocking terminal
All data is entered into the clocking terminal by you, and should be factored into your internal data security policies. During normal operation the clocking terminal may hold some, but not necessarily all, of the following information about your staff members:
- First and last name
- ‘ClockRite ID’ number
- Unprocessed clocking records, with each employee’s specific clocking records identifiable by their associated ‘ClockRite ID’
- Biometric templates for each employee (if you are using a fingerprint or facial recognition system)
It is up to you to determine who will have access to the data stored in the Clocking Terminal. Access can be restricted through use of an Admin Card and password. It is possible to download clocking records from the Clocking Terminal via USB, but this action requires use of the Admin Card and password. Clocking files downloaded onto USB are not password protected, but only contain employee’s ‘ClockRite ID’ and associated clocking records.
The Clocking Terminal is local to your organisation, and and we do not have access to it or the information therein under normal circumstances.
Biometric data, be it fingerprint or facial, is captured by the clocking terminal as a digital image known as a ‘live scan.’ The live scan is then processed to create a biometric template based on points of interest. For a fingerprint, these could be the points at which certain fingerprint ridges end, converge, or split. For a face, they might be the distance between the eyes or the shape of the mouth. The biometric template is stored within the clocking terminal as a mathematical algorithm which the terminal can reference in order to determine whether the biometric templates derived from future ‘live scans’ are from the same finger or face.
The live scans themselves are only used to create these biometric templates, and are not stored by the terminal or ClockRite Software. In this way we can be sure that the clocking terminal only collects characteristic points of user’s biometric data, and not images of the face or fingerprint themselves.
It’s helpful to think of the fingerprint or face like a map, with the characteristic points as co-ordinates. In the same way that co-ordinates alone will not give you an image of the map itself, characteristic points of a specific fingerprint or face do not give you the full image.
Fingerprint and facial algorithms can be downloaded from the clocking terminal onto USB to allow for backups and transfers between terminals, but there is no way to process, manipulate, or reverse engineer these algorithms from the file on the USB Stick. Access is protected through the use of an ‘Admin Card’ and password.
This article is for informational purposes only, and does not constitute legal advice. It is important to conduct your own assessment of the employee data you intend to hold within the ClockRite System, how this pertains to the rights of individual employees, and your lawful basis for holding such information under applicable legislation.