Thanks to the recent advances in deep learning and the availability of big datasets, biometric systems boast of having high performance. However, these systems suffer from two main shortcomings, non-revocability, and vulnerability to biometric spoofing. Due to the GDPR, it has become increasingly important to have tools and methods to protect the privacy of the users. The H2020 SpeechXRays project aims to achieve this privacy requirement by implementing a cancelable biometric system. Using a shuffling transformation on the binary embeddings extracted from face images combined with a shuffling key, the users templates are made cancelable and unlinkable to the users in the same time. We explain how the system follows the ISO/IEC 24745:2011 compliance recommendation, and we report its performance and evaluate its properties following the ISO standardized metrics, notably the system irreversibility and its unlinkability. When working under ideal circumstances (the second factor is not stolen), the system gives 100% accuracy on the MOBIO dataset. Moreover, it is fully unlinkable and it is computationally infeasible to recover the original template without the second factor.