Guidelines on the Use of Biometric Data

Biometric Data User refers to any individual or entity that collects or utilizes biometric data through the devices, hardware, or software provided by CYVANTECH.

1. Purpose of Biometric Data Collection

Biometric data refers to any computer-generated data produced during a biometric process. The collected data must be disclosed to the user and is strictly used for purposes related to time attendance and access control.

• Lawful and fair processing

Biometric templates collected from users must be done in a lawful and fair manner, ensuring compliance with applicable regulations.

• Adequacy and Proportionality

CYVANTECH’s devices, along with all biometric templates stored within its management software, are designed with advanced algorithms and may employ encryption methods to the highest standard. This approach is aimed at preventing data leakage and ensuring the protection of user information to the greatest extent possible.

2. Accuracy and Duration of Retention

CYVANTECH ensures the accurate storage of all biometric and personal data to provide customers with the best possible user experience.

• Personal data is not retained longer than necessary.

CYVANTECH’s hardware utilizes various biometric templates during operation. However, these templates are not stored in the hardware’s CPU. After the biometric templates are deleted from CYVANTECH’s hardware and software (based on the specific circumstances), they are permanently erased and cannot be retained in any format.

3. Use of Personal Data

Biometric data will not be used for any new purpose without obtaining prior consent.

If the data user intends to use the collected biometric templates for purposes other than those originally authorized, they are responsible for re-engaging with the users and obtaining their explicit consent before proceeding.

4. Safeguards Against Unauthorized Access

CYVANTECH’s biometric algorithms do not collect complete biometric features of individuals. Instead, only 10 to 50 feature points are gathered for analysis. Even if biometric templates are unlawfully obtained, it is impossible to reconstruct full biometric features. To ensure the highest level of data security, CYVANTECH employs advanced electronic encryption techniques in both software and hardware.

5. Openness – Transparency of Information

• Data users should make policies and practices related to personal data publicly available.
• Data users should disclose the types of biometric data they collect.
• Data users should inform individuals about the primary purposes for which biometric data is being used.

6. Access to Personal Data

Data users should be aware that all individuals have the right to access and correct their personal data.

Frequently ask question of biometric data:

I. What is Biometric Data?

Physiological Data (inherent to the individual):

• DNA samples, fingerprints, palm veins, iris, retina scans
• Facial images, hand geometries

Behavioral Data (developed by the individual):

• Handwriting patterns, typing rhythms, gait, voice

II. Is Biometric Data Personal Data?

Biometric data on its own is not necessarily considered personal data, as it may not identify individuals. However, when biometric data is stored in a database that associates it with customers or staff members, it becomes personal data.

III. What computation speeds are required by a biometric authentication system?

Typically, biometric authentication systems require computation speeds sufficient for pattern recognition, which equates to around 100 million operations per second. This processing speed has been achievable with affordable hardware since approximately 1998.