Biometric Policy
Biometric Policy for essentry Kiosks
This Biometric Policy (“Policy”) describes how essentry and its subcontractors use, store, and destroy biometric data—including scans of facial geometry—generated in connection with essentry’s identify verification kiosks (“Biometric Data”).
essentry and its subcontractors do all of the things described in this Policy on behalf of essentry’s customer. essentry’s customer never has access to the Biometric Data.
essentry’s service verifies identities by analyzing Biometric Data generated from images taken of the kiosk user and images taken from the photo appearing on the user’s identity document (e.g., passport or driver’s license photos). This Biometric Data is used for two purposes: (1) to confirm that the kiosk cameras are looking at a live person and not something else, such as a photo of a person (the “Liveness Check”) and (2) to compare the images taken of the user at the kiosk to the photograph on the user’s identity document (the “Identity Verification”). The identity document photo could be one that the user presents at the time of verification, or it could be one that was stored during the user’s previous interaction with that particular customer’s essentry kiosks. (Not all essentry customers configure the essentry service to store the photographs from identity documents. essentry does not retain the government identification numbers from identity documents.)
Liveness Checks and Identify Verifications are performed only for users who provide their written consent to the collection, storage, and use of Biometric Data. Although the Liveness Checks and Identity Verification involve momentary storage of Biometric Data, the Biometric Data generated in each process is immediately and permanently destroyed as soon as the process is complete, as described below.
The Liveness Check happens in the temporary memory of the essentry Kiosk by analyzing Biometric Data it generates from live images taken of the essentry Kiosk user. Any Biometric Data generated during this process is immediately and permanently destroyed following the Liveness Check. essentry does not transmit any Biometric Data to the customer.
The Identity Verification happens on servers operated by an essentry subcontractor (such as Amazon Web Services) by comparing Biometric Data that the subcontractor generates from live images of the user and from the photo on the user’s identity document. Once this comparison of Biometric Data is complete, the subcontractor immediately and permanently destroys the Biometric Data. The subcontractor confirms to essentry whether the user’s live images and identity document image depict the same individual. The subcontractor does not transmit any Biometric Data to essentry or to the customer.
To select a destruction method for the Biometric Data, essentry and its subcontractors take into consideration (i) available technology, (ii) the nature of the data, and (iii) the means by which the data has been momentarily stored.