Security & GDPR

Facial recognition, done compliantly

Name: TempClock
Price: 150.00 GBP
Author: TempClock

Biometric clocking-in is legal in the UK when it is done right. TempClock is built for the lawful basis, consent and erasure rights UK GDPR expects.

Talk to us Is it legal? Read first

Built for the auditor, not just the buyer

The five things your DPO will check, each handled by design.

UK-hosted data

Timekeeping and account data stay on UK infrastructure; matching is EU-resident.

UK GDPR lawful basis

Set an Article 6 basis plus an Article 9 condition, recorded per site.

Consent, with a PIN route

Nobody is forced to give biometrics to be paid; consent can be withdrawn any time.

Retention & erasure

No photos are stored; signatures are purged within four hours of an erasure request.

Audit-sealed records

Signed agreements carry a SHA-256 seal, verifiable byte for byte at any time.

2FA on every portal

Admin, manager and client portals all enforce time-based two-factor sign-in.

The questions your DPO will ask

Plain answers on lawful basis, consent, retention and erasure.

Is biometric clocking-in legal under UK GDPR?

Yes, when it is done correctly. Facial data used to identify someone is special category data under UK GDPR, so it needs a lawful basis, a clear privacy notice and a less intrusive alternative. TempClock is built to that bar: faces are stored as irreversible signatures, never photographs, and every worker is offered a PIN instead.

What is the lawful basis for processing facial data?

You set an Article 6 basis (usually legitimate interests in preventing time fraud) plus an Article 9 condition for the biometric data, most often explicit consent. You record the basis per site, and a DPIA template is provided so the decision is documented before you switch it on.

What if a worker refuses to give their face?

Consent must be freely given, so nobody is forced to hand over biometrics to be paid. A worker who declines clocks in by PIN instead and is never disadvantaged. Withdraw consent later and the signature is deleted, while the timekeeping records remain under a separate basis.

How long is biometric data kept, and is it deleted?

The face signature is held only while the worker is active. Deactivate a worker, or action an erasure request, and the signature is purged within four hours, with the deletion confirmed in the audit log. No raw photographs are ever retained.

Where is the data hosted?

Application data and timekeeping records sit on UK-hosted infrastructure; biometric matching runs on EU-resident processing and never leaves the EU. A Data Processing Agreement, privacy notice and DPIA template are available for your DPO to review.

Want the detail, with ICO references and a DPIA you can adapt? Read the biometric clocking & UK GDPR guide.

Know who turned up — and pay every hour right.

Face-verified clock-ins, live geofencing and payroll-ready timesheets in one system. Tell us how your shifts run and we will show you how it fits.

Tell us about your sites See every feature

UK-hosted · Set up in under an hour · No app for your staff