Biometric Data Policy

Purpose

FrankCrum has created this policy to manage any biometric data it has due to its operations or its clients' and their employees' use of FrankCrum's products and services.

FrankCrum's clients are responsible for creating and following their own biometric data policies as required by law.

Definitions

• • Biometric Data: Includes all "biometric identifiers" as defined by the Illinois Biometric Information Privacy Act or other similar laws.
  • Biometric Identifier: Measurements used to identify a person, such as retina/iris scans, voice, fingerprints, hand scans, or face geometry.
  • Biometric Information: Biometric identifier measurements in a usable form, regardless of the method of capturing, converting, storing, or sharing used to identify an individual.

Client Responsibility

FrankCrum clients must comply with all applicable laws and create their own biometric data privacy policies since the biometric information collected through a timekeeping device purchased by a client through FrankCrum or elsewhere may be subject to the legal requirements found in biometric laws in the United States. As a result, Clients must:

• • Inform their employees in writing that biometric data is being collected, stored, and used.
  • Identify the specific purpose for the collection of the biometric data and the retention schedule; and
  • Obtain a written release from employees before collecting their biometric data (consent-at-the-clock) which provides authorization to the client, FrankCrum, and/or FrankCrum’s licensors/vendors to collect, store, use, and/or transmit biometric data prior to its collection and to transmit such data to FrankCrum and/or FrankCrum’s licensors/vendors.

Disclosure

FrankCrum will not disclose, sell, lease, or trade biometric data from its clients or clients’ employees other than to the client or FrankCrum’s licensors/vendors. FrankCrum will only share biometric data with the clients’ employees’ written consent, to complete authorized transactions as consented to by the clients’ employees’, if required by law, or if required by a valid warrant or subpoena.

Biometric Information Retention Schedule

FrankCrum will keep biometric data in FrankCrum’s possession that may have been generated by a biometric timeclock or device until notified by the client that an employee is terminated in the client’s timeclock or HRIS system, or the client stops using the biometric time clock or device that utilizes biometric data. Upon notice, FrankCrum will destroy the biometric data.

Biometric Data Use & Storage

FrankCrum and/or its vendors may collect, store, use and/or transmit biometric data to perform under its contracted purposes and in providing its products or services to FrankCrum’s clients and clients’ employees. FrankCrum and/or its vendors may collect, store, use, and/or transmit any biometric data solely for identify verification, workplace security, timekeeping, and fraud prevention. Neither FrankCrum nor its vendors will sell, lease, or trade any biometric data that it receives from clients or clients’ employees as a result of their use of FrankCrum’s services.

FrankCrum and its vendors will use a reasonable standard of care to store, transmit, and protect biometric data, ensuring it is as secure as other personal information FrankCrum maintains that uniquely identify an individual or their account such as account numbers, driver’s license numbers, or social security numbers.