Data used for enrollment

20face access service using facial recognition

20face provides a service using facial recognition for different purposes, one of them being access control. The service has been designed with respect for the privacy of the users. Plain information about the processing and only collect the necessary information is the base. Needless to say: the users will be given insight.

General Data Protection Regulation (GDPR) requirements must be met as personal data are processed.


The service details

Conditions to be met before use of the 20face service:

User registration

Employees will receive an e-mail with the invitation to register. This message has a link included to this document. 

The second link in the message is to the registration form to choose account name (an email address) and password. The registration continues with taking the facial picture and transforming this picture to a facial vector. The picture is removed from the memory. It has not been stored to disk.

The user must give his explicit consent for the processing of his personal data for the service because the organization has not made the use of the service mandatory.

In his account the user can, at any time, withdraw his consent, remove his facial vector, or even cancel his registration. 


The registered user approaches the camera equipped entrance. The camera sends images to the 20face application after a local quality check. The application transforms the image to a facial vector to be compared with the facial vectors of registered users. In case of a match the id of the matching entry is send to the access management system. If the id is authorized the barrier will open.

Images and the facial vector based on the images are used and not stored to disk.

The processed personal data

Our customer, an organisation, will provide 20face with first and last name, business email address and access management system id.

20face processes account information (e-mail and password), facial images and facial vectors. 

20face has conducted the mandatory data privacy impact analysis for their processing.

Maintenance and improvement

The facial recognition model will be updated on a regular basis to improve the recognition and security based on experience, new views and results of the recurrent risk analyses.

Users can be asked to renew the facial vector after a service update.

Contact and additional information

In the 20face privacy statement additional information can be found on: