What is VAULT·A?

VAULT·A is a Biometric Id As A Service Platform device-less, card-less, Id-less relying on a highly secured patented protocol through data segregation system. By the way we have designed it, it provides a Strong Customer Authentication through biometrics.

How do I register?

The registration process is simple and fast: ID document and fingerprint/ finger vein scanning lead you to have an account linked with your e-wallet. Once enrolled you could use the system wherever you find it installed; one registration will suit all purposes.

Why would I enrol? What are my benefits?

VAULT·A offers you fast and secure checkout and instant access to your transactions. It is modern, safe and saves you queueing time.

What data of me do you store and what do you do with it?

The customer data collected is related to name, ID documents, account number and biometric fingerprints. We use the data to identify the client and to perform the payments he/ she requests. The data is used completely anonymously.

Does the biometric sensor store my data? What does it do?

The biometric sensor does not store any data. The biometric sensor captures your fingerprint & finger vein before sending them to a dedicated biometric database.The biometric device sensor and the biometric database are provided by best-in-class biometric worldwide leaders M2SYS (http://www.m2sys.com) which is accredited by different government including the USA and already used in more than 100 countries. The biometric devices provided by M2SYS have the following certifications:  MIC, CE, FCC, RoHs, FBI, FIPS 201.

What do I do in case I want to delete my data or modify information?

If you want to delete your data you have to send an e-mail to dpo@a3bc.org. Our back-office team will proceed to some controls and you will be informed by e-mail when the complete deletion will be done. If you want to modify information the process is the same. In few months you will be able to perform these operation through the apps and/or the VAULT·A website.

Who has access to my data?

Our  database administrator is the only one who can access to A3 BIOMETRIC CONNECTIONS S.R.L. (LLC) Biometric Id As A Service Platform.

Will you use my data for profiling and further use for commercial purposes?

A3 BIOMETRIC CONNECTIONS S.R.L. (LLC) has a legal contract with each user; the data are collected only with their authorized explicit consent. We do not collect any data through a systematic and extensive use of automated processing. We are not performing any profiling or predicting of buying behaviour.

Will you film me or similar while I enrol or use the system?

No, not at all.

VAULT·A  is only used to identify, authenticate and check authorization. The camera installed in the enrolment kiosk is used exclusively for capturing your photo, needed for registration process. It does not deploy a systematic observation, monitoring or control of individuals.

Will you use the public information available about me or make any of my information public?

No. The system does not use public information or make any of your information public.

Who owns the equipment on which the data will be stored?

The equipment is owned by A3 BIOMETRIC CONNECTIONS S.R.L. (LLC).

How do you document and/ or record my complaint, if I have one?

You could lodge directly a complaint with  the Romanian Data Protection Authority for misuse of personal data. In that case, A3 BIOMETRIC CONNECTIONS S.R.L. (LLC) will be informed by the Romanian Data Protection Authority.

For how long will the collected data be retained in the application?

A3 BIOMETRIC CONNECTIONS S.R.L. (LLC) will retain the data collected as long as the contract with the user is active. Once the contract with the user in no longer active we will make the personal data anonymous and, after the period required by the regulator, the data will be deleted. We will keep the personal data in order to comply with the requirements of the law, such archiving or complying with fiscal obligations.  For example, we will archive the fiscal documentation for 10 years, in accordance with the requirements of the law.

Are there any data retention/destruction policies in place, taking into consideration the applicable GDPR rules regarding the storage period?

A3 BIOMETRIC CONNECTIONS S.R.L. (LLC) will retain the data collected for which destruction has been required as long as required by the authority in compliance with GDPR. At this stage, we have an internal policy of two years retention after the agreement termination.

How is the data removed from the application?

A3 BIOMETRIC CONNECTIONS S.R.L. (LLC) is removing the data from the application by deleting from the databases using a standard deletion procedure and/or by shredding with the log files that contain it.

How accurate is it?

We are using M2-FuseID™ which is a revolutionary “smart” fingerprint reader that delivers higher levels of security, reliability, and accuracy than other fingerprint readers. In addition to capturing a high-quality, 500 dpi fingerprint image, the M2-FuseID™ fingerprint reader simultaneously and safely captures the unique finger vein pattern inside your finger. By collecting the complete biometric characteristics of a single finger, this affordable, next-generation fingerprint reader ensures 100% enrolment rates through “smart” scanning technology.

How do I use VAULT·A?

Once you have all your articles scanned and want to pay, press the pay button on the tablet, place the required finger into the scanner, confirm the amount to be paid and then payment will be processed.

What is the Id scanner?

The Gemalto  Document Reader QS1000​ is an entry-level full-page document reader. Compact and fast data capture make it ideal for commercial applications. The QS1000 offers visible and infrared imaging, and carries an IP50 rating for dust protection. The  ID scanner provided by Gemalto is not storing the information scanned and collected from data subjects. Such information is directly and in real time transmitted to the databases.

Is my data safe?

The biometric and personal data you give is stored on a secure database using the patented protocol in a way that can be never used by anyone else. All the data are encrypted and pseudo-anonymized.

How my payment method is stored?

We rely on a payment processor which is PCI DSS 3.2 compliant. The functional and technical scheme used to perform the payment transaction is leveraging on the existing ones such as card transactions without any change. We do not store any paiement method. When you pay with VAULT·A no payment data are transferred.

Can someone use fake biometric information?

The device features sophisticated liveness detection by simultaneously looking at and below the skin’s surface in a single scan. This offers protection against fake and spoofed fingerprints to ensure confidence in the reader’s ability to accurately identify individuals, especially in places where the highest level of security is paramount, such as the financial services industry.

What if one my fingers gets damaged?

We are capturing 2 out of 10 fingers when you enroll. We are using a random sequence so you can use another finger.

Where do I see my payment done with Vault·A?

After each transaction, we send you an SMS and an e-mail. You can also see these transactions in your apps. In the future you will see your transactions in Vault·A apps and website.