BIOMETRIC DATA NOTICE
Right Stuff Software Corporation (collectively “Right Stuff”, “we”, “us,” and “our”) provides a timekeeping and scheduling software solution to municipal government customers. This Biometric Data Policy (the “Policy”) addresses Right Stuff’s procedures regarding the collection, storage, use, protection and destruction of electronic fingerprint identifiers and other biometric information, referred to herein as “Biometric Data.” The Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (“BIPA”), regulates the collection, storage, use, and retention of “biometric identifiers” and “biometric information,” and this Policy is intended to comply with BIPA.
PURPOSE
This notice is being provided to explain how Right Stuff collects, stores, and uses Biometric Data provided by Right Stuff’s clients and their employees and contractors. At the outset, it is important to note that Right Stuff relies on its customers (who may be your employer) to comply with their own obligations under applicable law, which may include obtaining informed consent and providing notice for the collection, use, and storage of this Biometric Data, and complying with any applicable data retention and destruction requirements. This notice is only applicable to the Biometric Data that Right Stuff possesses as a result of Right Stuff’s customers’ employees’ or contractors’ use of Right Stuff’s products and services.
WHAT IS BIOMETRIC DATA?
Right Stuff’s use of the term “Biometric Data” refers to the alpha-numeric value generated from an image of your biometric feature which is not easily modifiable by you – in this case, your fingerprints.
As used in this Policy, “Biometric Data” includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS § 14/1, et seq. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic information, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.
“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.
HOW IS BIOMETRIC DATA CREATED AND COLLECTED?
Biometric Data is created when you use the biometric feature of one of our timeclocks, such as, for example, when you place your finger on the timeclock’s scanner. Right Stuff uses a mathematical algorithm to convert the unique aspects of your biometric feature into an alpha-numeric value (the “Biometric Data”). Once the Biometric Data has been created, it is stored at a site controlled by our customer (your employer) or transmitted to our data storage environment. Your fingerprint itself or a picture of your fingerprint is never collected or stored. Before collecting Biometric Data from any individual, Right Stuff will obtain the individual’s written consent to the collection.
HOW IS BIOMETRIC DATA USED?
Right Stuff collects, uses, and stores, Biometric Data for identity verification and the recording and tracking of an employee’s time and attendance, as part of the services provided by Right Stuff to its customers. Importantly, Biometric Data cannot be used to recreate your biometric feature.
To the extent that Right Stuff collects, captures, or otherwise obtains Biometric Data, Right Stuff must first:
Inform the individual that Right Stuff is collecting, capturing, or otherwise obtaining the Biometric Data;
Inform the individual in writing of the specific purpose and length of time for which the Biometric Data is being collected, stored, and used; and
Receive a written release executed by the subject of the Biometric Data authorizing Right Stuff to collect, store, and use the Biometric Data for the specific purposes disclosed by Right Stuff.
Right Stuff will not sell, lease, trade, or otherwise profit from Biometric Data. Right Stuff will not disclose, redisclose, or otherwise disseminate an individual’s Biometric Data unless:
the subject of the Biometric Data or the subject’s legally authorized representative consents to the disclosure or redisclosure;
the disclosure or redisclosure completes a financial transaction requested or authorized by the subject of the Biometric Data or the subject’s legally authorized representative;
the disclosure or redisclosure is required by State or federal law or municipal ordinance; or
the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
HOW LONG DO YOU KEEP BIOMETRIC DATA?
Right Stuff will retain Biometric Data only for so long as the first of the following occurs:
The initial purpose for collecting or obtaining such Biometric Data has been satisfied, such as the termination of the employee’s employment, the employee moves to a role for which the Biometric Data is not used, or the employer discontinues use of Right Stuff’s system and/or software for which the Biometric Data was used; or
Within three (3) years of the employee’s last interaction with the employer.
If Right Stuff has been asked to destroy the Biometric Data, Right Stuff will permanently destroy the Biometric Data within a reasonable timeframe of receiving the request. For so long as Biometric Data is stored, Right Stuff will use a reasonable standard of care to store, transmit, and protect from disclosure all Biometric Data in a manner that is the same as or more protective than the manner Right Stuff uses to protect its own information.
BIOMETRIC DATA NOTICE ACKNOWLEDGMENT AND CONSENT FORM
The Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (“BIPA”), regulates the collection, storage, use, and retention of “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
The individual named below has been advised and understands that Right Stuff collects, retains, and uses biometric information for the purposes outlined in the attached “Biometric Data Notice” (the “Notice”). The individual named below has been given a copy of the Notice or the Notice has otherwise been made accessible to the individual, and has had an opportunity to review it and request any additional information regarding Right Stuff’s procedures and safeguards for collecting, maintaining, using, disclosing, sharing, storing and/or destroying this data. The individual understands they are free to decline to provide biometric identifiers and biometric information to Right Stuff without any adverse employment action. The individual may revoke this consent at any time by notifying Right Stuff in writing.
The undersigned acknowledges they have received the attached Biometric Data Notice, and they voluntarily consent to Right Stuff’s collection, storage, and use of biometric information through a fingerprint capture device, including to the extent that it utilizes the individual’s biometric identifiers or biometric information as defined in BIPA, and voluntarily consents to such collection, storage and use.
Individual’s Signature: _________________________ Date:______________
Individual’s Name (Print): _______________________________