The data is treated as the customer’s personal data, processed after the customer gives explicit consent and, whenever possible, stores it on‑device (local to the terminal or smartphone) rather than in a central cloud. This aligns with GDPR requirements that the data subject retains ownership and control. The authentication decision is performed locally on the POS terminal or the customer’s device (e.g., the palm‑vein sensor or fingerprint module). The terminal validates the biometric sample against the locally stored template and only then authorises the payment. No external party decides the outcome. Merchants get a masked receipt for audit purposes, but they never receive the raw biometric data or the authentication result. The data stays with the customer (or the device) and is deleted if the customer revokes consent.