ACCESS CONTROL BY FINGERPRINT READER

Imagine laptop pe birou

 

Unique on the Romanian market, CREASOFT solution integrates, in harmony with the legislation in force, the fingerprint reader and the professional electronic timekeeping solution Creasoft Access.

“A working time registration system offers workers a very efficient means of accessing objective and capable data on the actual duration of the work performed, which facilitates both the demonstration by the respective workers of a violation of their rights and the control by the competent national authorities and courts of the effective observance of these rights, the Court of Justice of the European Union establishing by its recent case law that the Member States must oblige employers to use a system that allows to accurately measure the working time of employees "( Case C-55/18 Federacion de Servicios de Comisiones Obreras (CCOO) / Deutsche Bank SAE (May 14, 2019).

How does it work?

  • The device scans the fingerprint image when a person places their finger on the reading surface
  • The reader has its own processor and memory and converts in real time the information obtained from the scan, to encrypted digital data models in the form of alphanumeric strings. According to the manufacturer's declaration, both the algorithm and the fingerprint scanner are patented / approved for use within the EU. Example of an electronic identifier / signature of an employee, which results from the encryption of a fingerprint in real time and which is stored in the database / server:

    cititor

  • In the CREASOFT databases, where all punctual and access control information is transmitted, only the alphanumeric strings transmitted by the fingerprint reader can be found, which cannot be converted into fingerprints, but are only the equivalent of alphanumeric identifiers - NO biometric data is transmitted. More details about the CREASOFT solution of timekeeping and access controls, about the functioning and obtaining of specific reports of timekeeping, you can find by accessing the PRODUCTS page (www.creasoft.ro).

The manufacturer of the fingerprint reader declares and guarantees that the fingerprints cannot be accessed, duplicated or downloaded from the scanner (the fingerprint reader) and the fingerprint picture cannot be obtained by any third party, so that the product does not represent a classic biometric technology that involves capturing a person's data, transforming it into a biometric pattern, storing it in a database and, subsequently, verifying the identity of that person.

Certifications

cititor cititorcititor

Legislative framework

Although the relevant legislation in the field allows, including, the use of classical biometric solutions, by observing certain obligations, respectively:

[Art. 9 of (EU) Regulation 2016/679 titled: Processing of special categories of personal data

(1)The processing of personal data that discloses racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership in trade unions and the processing of genetic data, biometric data for the unique identification of a natural person, data on the health or data on the sexual life or sexual orientation of a natural person, is prohibited.

(2) Paragraph (1) does not apply in the following situations: a) the data subject has given his explicit consent for the processing of this personal data for one or more specific purposes, unless the law of the Union or the national law provides that the forbidden provision paragraph 1 cannot be lifted by the consent of the data subject; b) processing is necessary for the purpose of fulfilling the obligations and exercising specific rights of the operator or of the data subject in the field of employment and social security and social protection, insofar as this is authorized by Union law or by national law or by a collective labor agreement concluded in accordance with national law which provides adequate guarantees for the fundamental rights and interests of the data subject.

Law 190/2018 on measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of these data and Repealing Directive 95/46 / EC (General Data Protection Regulation)

If monitoring systems are used by electronic means of communication and / or by means of video surveillance at the workplace, the processing of the personal data of the employees, in order to achieve the legitimate interests pursued by the employer, is allowed only if:

  • the legitimate interests pursued by the employer are fully justified and prevail over the interests or rights and freedoms of the data subjects;
  • the employer has made the mandatory, complete and explicit prior information of the employees;
  • the employer consulted the union or, as the case may be, the employees' representatives before introducing the monitoring systems
  • other less intrusive forms and ways of achieving the goal pursued by the employer have not previously proved their effectiveness;
  • the duration of storage of personal data is proportional to the purpose of processing, but not more than 30 days, except for the situations expressly regulated by the law or for the justified cases.]

In order to avoid any risk, if using this system for electronic time keeping, we recommend that the employer inform in advance and consult with the union or the employees' representatives about this behavior of the SLK20 fingerprint reader so that they can give their explicit consent for its use and to inform the employees that this system does not store their fingerprint image on any computer or database.

The electronic timekeeping has matured and reached a level that becomes indispensable, especially due to the high security and the protection of personal data.

The personal data surveillance authority imposes three main obligations: (i) justifying the use of the system, taking into account the extent to which less invasive means can be used (which have not proved their efficiency); (ii) demonstration of the fact that the systems are designed to ensure the security and the confidential character of the processing and (iii) the presentation of assurances on how to store the data, obligations that can be fulfilled by any company that wants to implement a timekeeping system that uses as a means of timekeeping the unique configuration resulting from finger-printing.