In accordance with the GDPR, biometric data shall be understood as those personal data obtained from a specific technical treatment, related to the physical, physiological or behavioural characteristics of a natural person that allow or confirm the unique identification of said person, such as for example facial images or fingerprint data
The GDPR considers biometric data as a special category of personal data, establishing, as a general rule, that its treatment is prohibited, in particular, when the processing of biometric data has the sole purpose of unambiguously identifying a natural person. However, biometric data may be processed provided there is an exception in accordance with the provisions of article 9.2 of the eIDAS Regulation.
One of the exceptions for the processing of biometric data is obtaining the consent of the owner of said data. In this sense, before collecting biometric data, Signaturit requests the express consent of the signer.