====== Photos and Data Protection ======

===== I. Purpose =====
The policy describe how Nested Knowledge uses photo and how Nested Knowledge ensures compliance with GDPR's Data Protection requirements. 

===== II. Scope =====
This policy affects all employees, contractors, and consultants of Nested Knowledge.

===== II. Policy =====

==== Legitimate interest ====

Nested Knowledge shares photos of employees and contractors, a form of personal information, on our website. We use photos of employees for marketing materials, instructional materials, and online, interactive scientific publications. 

We do not require personnel to provide consent to photo processing, as Nested Knowledge has legitimate interest for which the data is necessary.

==== Biometric data ====

Biometric data is used to identify individuals via facial recognition, fingerprinting, or other technologies. Under GDPR, biometric data is "special personal information" and is subject to additional protections. Some U.S. States, such as Illinois, have laws protection biometric data

Photos are classified as biometric data if they meet the following requirements:

  * White, off-weight, or light gray background
  * Facing the camera
  * Neutral expression on face
  * No glasses or hats

Nested Knowledge does not knowingly share employee or contractor biometric photos. Employees and contractors should avoid uploading biometric photos to any Nested Knowledge system. 

===== Revision History =====

^Author^Date of Revision/Review^Comments|
|K. Cowie|01/24/2022|Created|
|J. Johnson| | |