02


Amaturas Acess Conto Svsiem sofware is meiculousi desianed to incomorate data protecion by desion and by detaut in line wit Aricle 25 of the GDPR.By ensurng that only necessary data s colected, processed, and stored,the software minimizes the isk of unauthorized access or breaches. State-of-the-art data encrypton measures are empioved at bo the storade and transmisson eves, utlznd ndusty-standard aorthms and encvpion proocs. Addionaly. the sorware includes robust access controls and user authentication mechanisms, such as two-actor authentication (2FA), to prevent unauthorized access to personal data.

The Armatura Access Control System leverages a cloud platform for storing and processing personal data, making GDPR compliance of the utmost importance. The cloud platform is designed to adhere to GDPR requirements by implementing strict access controls, data encryption, and secure data storage techniques. Furthermore, Armatura ensures that its cloud platform provider complies with GDPR through contractual agreements, ensuring that personal data is processed and stored in a secure and compliant manner.


05

As a critical component of the Access Control System, Armatura's biometric technology must adhere to GDPR requirements, particularly since biometric data is categorized as a special category of personal data under Article 9 of the GDPR. Armatura's biometric algorithms employ data minimization techniques, ensuring that only necessary data is collected, processed, and stored. The biometric data is encrypted and securely stored on the hardware devices and within the cloud platform to prevent unauthorised access.


Armatura implements a comprehensive data protection impact assessment (DPIA) to identify and address potential risks associated with the processing of biometric data, as required by Article 35 of the GDPR. Additionally, the biometric technology incorporates privacy-enhancing technologies (PETs) to reduce the risk of unauthorised access or misuse of biometric data. For instance, Armatura employs template protection techniques, such as biometric encryption and secure multi-party computation, to ensure that biometric data cannot be reverse-engineered or linked to a specific individual.


Moreover, Armatura's biometric technology includes mechanisms for obtaining user consent before collecting and processing biometric data, in accordance with Article 6 of the GDPR. Users are provided with clear information about the purpose and nature of biometric data processing, as well as their rights under the GDPR. The biometric technology also supports data portability, allowing users to transfer their biometric data between different devices and systems, as mandated by Article 20 of the GDPR.