Biometric Data Policy
This Biometric Data Policydefines the Company’s policy and procedures for collection, use, safeguarding, retention, disclosure, and destruction of biometric data captured or obtained by the Company and/or its partners from personnel.For these purposes, the term “biometric data” means “fingerprints and/or scans of hand or finger geometry” and “employee” means “personnel” as defined above.
The Company may collect, use, protect, store, and delete biometric data in accordance with applicable law and standards, and as follows:
- Collection: An employee’s biometric data will not be collected or obtained by the Company without written consent of the employee. In this Policy,the Company provides written disclosure of the reason(s) for collecting employees’ biometric data and the length of time such biometric data will be collected, used, and stored.
- Use: The Company, and/or its partner(s) providing the Company’s timekeeping systems, collects, stores, and uses biometric data in connection with the use of the Company’s timekeeping systems. Biometric data may be used to provide employees access to the Company’s timekeeping systems, verify the identity of employees using the timekeeping systems, allow employees to record working time and breaks, investigate and prevent time theft or manipulation, create and maintain accurate records of employee work time, and ensure accurate payroll calculations.This timekeeping system benefits employees by making it easier to record working time, preventing fraud, and increasing accuracy in tracking employee hours and identification. In the event the Company, and/or its partner(s) providing the Company’s timekeeping systems, begins collecting biometric data for any additional purpose, the Company will update this Policy accordingly.
- Restrictions on Disclosure and Sale: The Company will not sell, lease, trade, or otherwise profit from an employee’s biometric data. The Company will not disclose an employee’s biometric data other than to its partner(s) providing the Company’s timekeeping systems unless (a) prior written consent is obtained from the employee, (b) disclosure is required by law, or (c) disclosure is required by a valid warrant or subpoena.
- Retention and Deletion: The Company will store, transmit, and protect biometric data utilizing the same degree of care the Company utilizes in maintaining its other confidential and sensitive data, and in any event, the Company will utilize no less than a reasonable degree of care in storing, transmitting, and protecting biometric data. The Company will stop collecting and using an employee’s biometric data as outlined in this Policy when the employee ceases to hold a position at the Company that requires the employee’s use of or access to the Company’s timekeeping systems. Unless the Company has a legal requirement to hold an employee’s biometric data for a longer period of time, the Company will, and will request that its partner(s) providing the Company’s time keeping system, permanently destroy and delete an employee’s biometric data from the Company’s systems when the purpose for collecting such data has been satisfied or within three years of the employee’s last interaction with the Company, whichever is earlier to occur.