This Biometric Information Security Policy (the “Policy”) defines the Company's policy and procedures for collection, use, safeguarding, storage, retention, and destruction of biometric data collected by the Company.
The Company uses HandPunch Technology for employee timekeeping purposes, including for the purpose of giving employees secure access to the Company's timekeeping systems and to document employees' clock in and clock out times. HandPunch Technology uses employees’ unique hand geometry to create a mathematical value, or “template,” which is used to identify employees when they punch in and out. The template is stored on the timeclock device and on the server which runs the “hardware client” program.
Biometric data means personal information stored by the Company about an individuals’ physical characteristics that can be used to identify that person.
The Company's policy is to protect and store biometric data in accordance with the applicable standards and laws, including the Illinois Biometric Information Privacy Act. An individual's biometric data will not be collected or otherwise obtained by the Company without prior written consent of the individual. The Company will inform the employee of the reason his or her biometric information is being collected and the length of time the data will be stored. A consent form is attached to this Policy.
The Company will not sell, lease, trade, or otherwise profit from an individual's biometric data. Biometric data will not be disclosed by the Company unless (i) consent is obtained, (ii) required by law; or (iii) required by valid subpoena or warrant.
Biometric data will be stored during the term of an employee's employment with the Company. The biometric data will be stored using a reasonable standard of care and in a manner that is the same or exceeds the standards used to protect other confidential and sensitive information held by the Company.
The Company will permanently destroy employee biometric data when the first of the following occurs: