TOMRA Connect Technical and Data Security Principles

Version 2.0, 05.04.2017

 

About TOMRA Connect

TOMRA Connect is a real-time data service receiving data from TOMRA reverse vending machines and making that data available for reverse vending machine owners through various software services. Data is also made available for TOMRA technical personnel for service and maintenance purposes, as part of service agreements and for ad-hoc service tasks.

TOMRA strives to operate well-within the boundaries of all relevant legal requirements pertaining to data privacy and security in the jurisdictions that we operate, and is currently (1H 2017) revising all aspects of its corporate practices and policies to document and achieve such compliance in preparation of the EU General Data Protection Regulation (GDPR) which will come into force from May 2018.

TOMRA Connect “Installation”

An “installation” in TOMRA Connect includes a specific reverse vending machine identified by its serial number, a specific geographical location where the reverse vending machine is located, and the time when the installation was established. All three aspects are required for the installation to communicate data to TOMRA Connect, and for that data to be associated with a “license account”, and hence available for processing and use.

The concept of the “installation” forms the basis of TOMRA Connect data separation and isolation, ensuring that data is only available to authorized users.

TOMRA Connect hence offers full data isolation and -separation across customer accounts.

Data storage locations

TOMRA Connect data is transported to and stored at TOMRA’s physical data center in Asker, Norway for all reverse vending machines located in Europe and rest of the world apart from North America. For reverse vending machines located in North America, data is transported to and stored at TOMRA’s data center located with Amazon Web Services in Virginia.

Supplementary use of managed processing services for certain specific software services takes place through Amazon Web Services facilities in Virginia, USA for North America-based reverse vending machines, and in Frankfurt, Germany for European and rest of world reverse vending machines.

TOMRA Systems ASA has established a Data Processing Agreement with Amazon Web Services which ensure that Amazon Web Services has no right to utilize data stored with Amazon Web Services for any purpose other than delivering agreed technical infrastructure services to TOMRA.

It is TOMRA’s position that utilizing cloud services with a reputable and market-leading provider allows TOMRA to offer both cost-effective, technically and financially secure and stable, reliable, long-term and future-oriented software services and products compared to more traditional on-premise hosting alternatives. TOMRA have broad experience and competence with both on-premise and cloud hosted environments, and a long successful track record of securing and processing transactional money- and material-flow data.

Data security and protection

TOMRA Connect data is protected using industry standard encryption protocols during transport from reverse vending machines to the TOMRA Connect servers. TOMRA Connect web portal is only accessible through https with SSL encryption.

In situations with loss of connectivity or electricity at the reverse vending machine location, all reverse vending machine data will remain stored in the reverse vending machine and transmitted once operational state is restored, with no loss of data.

Frequency of communication from reverse vending machines to TOMRA Connect

TOMRA reverse vending machines sends a “heartbeat” to TOMRA Connect every 180 seconds (as the main rule). The heartbeat is a signal to TOMRA Connect that the reverse vending machine is online and operational. Should a reverse vending machine fail to send two consecutive heartbeats, the machine will be set to status “offline” until a heartbeat has been received. Reverse vending machines additionally transmit data associated with each consumer session immediately after the session is completed to ensure that the session data is stored and preserved in TOMRA Connect for accounting and clearing purposes. Additional messages of technical nature are communicated at various intervals to enable service and operational monitoring of reverse vending machine components and configurations.

Types of data being communicated to TOMRA Connect

TOMRA Connect receives data on a wide range of machine performance metrics as well as consumer sessions from each connected reverse vending machine. Such information is required for TOMRA to improve machine stability and reliability, as well as to generate clearing reports and services to deposit administration organizations / customers where applicable.

Customers that wish to utilize more advanced TOMRA Connect services such as In-store Marketing, Analytics or Consumer Engagement are required to authorize TOMRA to process and transport data required to deliver agreed services.

For customers utilizing TOMRA’s consumer engagement services, special data privacy agreements are required between TOMRA and the end-user (opt-in), and between TOMRA and the reverse vending machine owner.

TOMRA will not use, sell or in any other way offer to a third-party data that identifies consumers, store personnel or reverse vending machine owners without prior authorization.

TOMRA may aggregate recycling data on country or international level to visualize the benefit of recycling and to generate usage statistics.

TOMRA will utilize sensor data, test points, machine behavior data, etc. internally within TOMRA to analyze and improve its service towards customers and end users, and to offer improved response time and fault correction.

TOMRA will maintain data communicated to TOMRA Connect indefinitely to utilize such data for product analysis and improvement in relation to product development and improvement. Should a reverse vending machine owner so request, TOMRA will delete or anonymize data, with resulting inability for TOMRA to deliver statistics or historical data to the customer.

Reverse vending machine connectivity

Internet access on http and https ports (tcp 80 and 443) is required from the reverse vending machine to TOMRA Connect servers for basic functionality. For advanced remote service access by TOMRA, ports udp 2194 (for older models) and 1194 (for current models) also needs to be open.

The principle underlying all connectivity for TOMRA Connect is that communication is always initiated from the reverse vending machine and to the TOMRA Connect server. If return communication is required, a secure VPN tunnel is initiated. Reverse vending machines communicate only to fixed and secure IP addresses within the TOMRA domain network. No communication initiated from the outside to reverse vending machines inside customer networks is required.

Connection paths: reverse vending machine to TOMRA Connect

TOMRA recommends that all new installations communicate with TOMRA Connect over secure encrypted internet, protected by the measures outlined in this document.

Historically, several reverse vending machine fleets has been connected through a “front-end” server within the customer network connected to TOMRA Connect through VPN. This method requires more administration and follow-up and creates a more vulnerable network setup where all machines will be offline should network issues be experienced. In TOMRA’s view this method does not create a more protected connection than the alternative.

Bandwidth requirements

Bandwidth requirements for reverse vending machine operation and monitoring services are moderate (<20 Kbit/s based on 2.500 empty objects returned per reverse vending machine per day).

For full utilization of TOMRA Connect’s capabilities for multimedia content and consumer engagement services, an adequate broadband connection is recommended. Actual bandwidth requirements for multimedia services will increase as a function of media size, upload frequency, the number of reverse vending machines sharing available connection capacity, etc.

For large reverse vending machine fleets in a retail environment with front-end server the following bandwidth requirements are recommended:

Minimum bandwidth recommendations without In-store Marketing and multimedia services:

100 reverse vending machines : 512Kb/s

500 reverse vending machines : 512 Kb/s

1000 reverse vending machines : 512 Kb/s - 1 Mb/s

3000 reverse vending machines : 1 Mb/s - 2 Mb/s

5000 reverse vending machines : 2Mb/s - 3-4 Mb/s

With In-store Marketing and multimedia services enabled the above recommendation should as a minimum be doubled. Modern high-capacity broadband connections are recommended.

Please contact TOMRA for assistance with analyzing your needs based on anticipated use patterns, available bandwidth and the size of the reverse vending machine fleet.

Reverse vending machine compatibility

The below compatibility table is indicative and normally correct. Variations in reverse vending machine software versions, printer types, additional hardware accessories etc. will impact compatibility.

Functionality Touch Screen Colour Screen Other
Insight & Analysis Yes Yes Yes
Promotion Yes Yes No
Couponing Yes Yes Yes
Donation Yes No No
Consumer Engagement
- Identification QR
- Identification touch log-in
- Identification card systems
Yes
Yes
Yes (optional card reader)
Yes
No
No
Yes
No
No

 


Contact point for additional information:

TOMRA Systems ASA

ATT: TOMRA Collection Solutions Digital

PO Box 278, 1372 Asker, Norway

Telephone: +47 66799100

Email: connect@tomra.com