.svg.svg)
Privacy & Security
EasySecure International is a provider of various services, including:
- EasySecure Software for access control, time registration, attendance and visitor management
- BioStar software for access control and time recording
Security and privacy are very important to us. We therefore choose the best security and work together with the best hosting parties and the latest techniques.
EasySecure has specially trained employees for services in the field of privacy, GDPR and security. We are also a member of NL Digital and the International Association of Privacy Professionals. This membership entitles EasySecure to assistance from legal experts who offer advice and support on issues in the field of privacy.
As a supplier of (cloud) services for access control, time registration and attendance registration, we offer the possibility of recording personal data in our software. Your privacy is very important to us and every function in our software has been developed with this in mind.
As a supplier, we are not responsible for ensuring that our customers comply with GDPR regulations. Of course, you can count on us to deliver your systems with the highest privacy settings by default and our products to provide all the tools required to enable compliance.
We are also happy to advise you on any questions you may have and offer standard agreements to relieve you of any concerns.
We like to inform you personally and when it is relevant for you. Your interests are of paramount importance to us!
We promise:
- To treat your data with care. You can rest assured that your data is safe with us and that as an organisation we comply with the law.
- To inform you and provide you with the right information and tools to comply with the legislation. We advise our customers to limit themselves to recording only the necessary data.
- To take appropriate security measures to protect your personal data.
- Not to keep your data longer than necessary. Your privacy is very important to us and every function is developed with this in mind. In our software, a retention period can be entered and your data will automatically be removed from our system.
- Never to pass on your data to third parties, unless this is necessary to provide the requested service. If we share your data because of a software integration, we will make arrangements to ensure that it is not used for other purposes.
- That you, the customer, always decides what happens to your data. We respect all choices you make regarding your privacy. At all times, you have the right to inspect, correct, block, request data portability and delete your data.
In this document, you can find more information about the gdpr and our (biometric) systems. In the following chapters, we will elaborate on the use of biometrics for access control and time registration and all privacy and security measures within our system.
Do you want to know more or can we help you with your privacy and security issues? We are happy to help!
Phone
+31(0)85 015 0000
Contactpersons D. Kalkman & E. Hazelhoff
Post
EasySecure International B.V.
Corkstraat 46
3047 AC Rotterdam
The General Data Protection Regulation (GDPR) is a regulation that applies throughout the European Union (EU). Because of GDPR, personal data protection is regulated in the same way in all EU countries and the same rules apply in each Member State.
The effective date of the General Data Protection Regulation is 25 May 2018. From that date, the same rules apply throughout the EU.
Under GDPR, ‘biometric data for the purpose of uniquely identifying a natural person’ are considered ‘special personal data’. Processing special personal data is prohibited, unless an exception applies.
In practice, this means the number of available ‘bases’ (exceptions) is more limited, with the most important being explicit consent. ‘Legitimate interest’ can no longer be used as a basis. But explicit consent can.
The European supervisors have written an opinion on consent under GDPR, also looking at consent in the employer/employee relationship.
The article can be viewed on this page.
In this opinion, the data protection authorities write, among other things:
However this does not mean that employers can never rely on consent as a lawful basis for processing. There may be situations when it is possible for the employer to demonstrate that consent actually is freely given. Given the imbalance of power between an employer and its staff members, employees can only give free consent in exceptional circumstances, when it will have no adverse consequences at all whether or not they give consent. 20 [Example 5] A film crew is going to be filming in a certain part of an office. The employer asks all the employees who sit in that area for their consent to be filmed, as they may appear in the background of the video. Those who do not want to be filmed are not penalised in any way but instead are given equivalent desks elsewhere in the building for the duration of the filming.
The example used here is filming in an office where employees are offered the opportunity to temporarily move to another location. This is very similar to offering the possibility of a fingerprint scan, alongside a card or code.
In short, employers can simply request consent to process biometrics, as long as they also offer a reasonable alternative.
You can always offer your employees an alternative. Our biometric systems can be used with explicit consent. All our scanners are also equipped with a card reader and, if necessary, a keypad.
With our systems, your employees can register their finger or face or work with a card or code. Employees who do not want to carry an extra card or remember a code, can use our convenient encrypted biometric templates instead. The employee has a free choice of authentication method.
In addition, our systems are highly secured and we save encrypted templates instead of fingerprints. These templates can never be reverse-engineered to an image of your fingerprint. For more information, see Chapter 4 of this document.
In our experience, employees often consent to using their biometric template. The template cannot be reverse-engineered to a print of their finger or face and it is very convenient. After all, you can easily lose or forget a card or code and do not always have it handy. But this must be a free choice. The advantages of biometrics are discussed in detail in Chapter 2.
Convenience:
You always have the key with you. And you need not carry an extra card or remember the code.
Convenience:
The template is encrypted. You can quickly and easily open the doors or register your presence without it being possible to trace these data back to your actual fingerprint. Easy and secure!
Security:
With biometrics, you always know who is present in the building if there is a theft, fire, evacuation, or other emergency.
Security:
With biometrics, you always know who has access to which area. Once someone no longer has access to your systems or building, you can block their access at the push of a button. You can also be sure that only people with the right certificates will enter sensitive areas.
Security:
Cards or tags that have been lost or passed on to others are a major security risk. After all, you never know who has access and where and when an access card may have been lost. With biometrics, the safety of your employees increases and theft decreases.
Security:
Because access codes are often known to more people than you think, there is no accurate overview of who is in the building and who has access to which area. With biometrics, the safety of your employees increases and theft decreases.
Time savings:
No paperwork. Large organizations spend many hours managing access control, time recording, and attendance registration. With biometrics, there is no need to spend any more time on issuing new cards and codes and the information is always correct and up to date.
Cost savings
Using biometrics saves you time in managing your access control, time, and attendance systems. As no or fewer access cards need to be purchased and fewer cards are in circulation, this is also better for the environment.
Information:
You have real-time information available about all your systems. You can immediately check the status of a project, look at attendance, or see if there is a company emergency response team member in your building.
Combining:
The ideal situation for access control, time recording, and attendance registration consists of various components. Use our biometric scanners for sensitive warehouses and server rooms, for example, and our card readers on other doors. All our scanners can be combined with each other.
In November 2019, the data protection authority published the definitive DPIA list. This list contains all processing of personal data that requires a data protection impact assessment (DPIA). The use of biometrics has also been added to this list.
This means that if you use or are going to use our biometric systems, you must have a DPIA ready.
The data protection impact assessment (DPIA) is a tool to identify the privacy risks of data processing in advance and to subsequently be able to take measures to reduce the risks.
We have had an example DPIA prepared by our lawyers to assist you with the correct format and the required information. Feel free to contact us to receive the document.
Phone
+31(0)85 015 0000
Contactpersons D. Kalkman & E. Hazelhoff
Post
EasySecure International B.V.
Corkstraat 46
3047 AC Rotterdam
As a provider of cloud and other services for access control, time recording, and attendance registration, personal data can be recorded in our software. Your privacy is very important to us and every feature of our software is developed with this in mind.
As a supplier, we are not responsible for our customers’ compliance with GDPR rules. But you can obviously count on us to deliver your systems with the highest privacy default settings and to equip our products with all the tools required to facilitate compliance. We are also happy to advise you on all possible questions and offer standard agreements providing a full-service solution.
Privacy by Design:
When developing our software, we ensure all the features needed to guarantee your privacy.
Privacy by Default:
Our software is delivered with high privacy settings by default. These include strict password management, automatic deletion of log data, and automatic deletion of inactive users, and can of course be adapted to your wishes.
More information about the security and privacy measures can be found in the following chapters.
Security and privacy are very high on our agenda. We therefore choose the best security and work with the top hosting parties and latest techniques within our software for access control, time registration, and attendance.
Each release of our software goes through a fixed process of development, quality control, and internal testing procedures. We also have an external agency test our software security each year to guarantee quality. The EasySecure software is hosted in Cyso’s data centres.
- Dutch company founded in 1997.
- ISO 20000, ISO 27001, NEN 7510, ISO 9001, OHSAS 18001; PCI-DSS; ISO 14001 certified
- All data is stored in the Netherlands
- Only certified and screened employees are employed.
- Continuous security checks
- Continuous infrastructure checks
- No single point of failure
- Various fallback scenarios available
The misuse of your data by malicious parties is a serious threat that must be prevented. We take the right measures so that our software is well protected.
Want to know more about the security and hosting measures we take? Check out the following article:
The communication from our scanners is highly secure. All scanners use 256-bit Advanced Encryption Standard (AES), SHA-256, and MD2 Hash algorithms.
This means that all communication is encrypted and can never be traced back to your personal data from the scanner.
Want to know more about the security measures we take regarding communication and encryption of our scanners? View the following article:
When we refer to privacy and biometrics, we immediately need to consider which system is being referred to. Government systems (such as the police or for your passport) are based on a system in which images are stored. And if these systems fall into the wrong hands or are misused, people’s privacy can be violated.
EasySecure’s commercial systems, such as IdentySoft and BioStar, use an algorithm and cannot be traced back to a real print.
Our systems scan a fingerprint or face and this image is already transformed into a template in the scanner. This template results from an algorithm and consists of a number of 364 positions. Besides being patented, the algorithm is also protected by encryption (AES256).
Even if the code were cracked, the algorithm would still have to be cracked. And even if the algorithm were cracked, it is still impossible to make an original print from the saved result.
It is therefore impossible to use a template stored in our systems to create an image of a fingerprint that can then be compared with another database or an encountered image.
Want to know more about your privacy and our biometric templates? Check out the following article:
EasySecure will never transfer your data to third parties, unless this is necessary to provide the requested service. This could be the case, for example, if you wish to set up software integration between two packages.
Our software can be integrated with various packages for planning, locker management, or reservation systems. If desired, we can establish a link for our customers based on an agreement.
If we provide your data to a third party, we ensure (by agreement) that your data will not be used for other purposes. We also ensure that your data are always processed with the highest level of security. For more information, see the chapter ‘Security & Storing’.
Our software uses cookies. These are small text files stored on your device. Cookies allow us to save your preferences and settings and allow you to log in.
This includes the automatic completion of certain forms in your software environment so you do not have to enter the same data over and over again. By default, your internet browser has a range of options to manage and block cookies.
You always decide what happens to your own personal data. We respect all the choices you make regarding privacy. You may always access, rectify, block, and delete your data and you also have the right to data portability. You can submit a request to us using the contact details below.
As a software supplier, we have incorporated features that enable our customers to retrieve stored data directly from a user. It is also possible to remove all stored personal data directly from the system.
As a user of our software, if you have received a request for access, rectification, blocking, portability, or removal, and have questions about this, we would be happy to assist you!
You can get in touch with us using the contact details below.
Phone
+31(0)85 015 0000
Contactpersons D. Kalkman & E. Hazelhoff
Post
EasySecure International B.V.
Corkstraat 46
3047 AC Rotterdam
To prevent abuse, we will contact you after a request to verify your identity.
We will naturally be happy to assist you if you have complaints about the processing of your personal data. But should we not be able to reach consensus, you are also entitled under privacy legislation to submit a complaint to the privacy supervisor, the Dutch Data Protection Authority.
You can contact the Personal Data Authority for this purpose.
A processing agreement regulates the responsibilities for processing personal data when one company engages another company for processing. A processing agreement is a concept from the General Data Protection Regulation (GDPR).
The GDPR is a privacy regulation that applies throughout the European Union (EU). Because of the GDPR, personal data protection is regulated in the same way in all EU countries and the same rules apply in each Member State
Under GDPR legislation, the personal data controller must make arrangements with the processors of these data. As a supplier, we offer support on our software and can log into/view your software environment, if necessary. We are therefore a processor of your data.
A processing agreement is the agreement between you as the controller and the processor. Among other things, this agreement documents how the processor must deal with the personal data and what kind of security measures are to be applied.
And we wish to come up with a full-service solution for you in this regard too, which is why we have drawn up standard agreements you can use.
If you would like to receive our standard agreement or have further questions, we’ll be happy to assist!
Phone
+31(0)85 015 0000
Contactpersons D. Kalkman & E. Hazelhoff
Post
EasySecure International B.V.
Corkstraat 46
3047 AC Rotterdam
We may amend this statement on security and privacy occasionally. Amendments will be published on our website and included in our software. It is therefore advisable to consult this privacy statement regularly so that you are aware of any amendments.
This renewed statement entered into effect on 25 June 2019.
