Anviz Biometric Data Retention Policy

Last Updated on March 15, 2021

Definitions

As used in this policy, biometric data includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1, et seq. or such other statutes or regulations that apply in your state. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.

“Biometric information” refers to any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

“Biometric data” refers to personal information stored by Anviz Technologies and/or its vendor(s) about an individual’s physical characteristics that can be used to identify that person. Biometric data can include fingerprints, voiceprints, a retina scan, scans of hand or face geometry, or other data.

Biometric Data Disclosure and Authorization

To the extent that you, your vendors, and/or the licensor of your time and attendance software collect, capture, or otherwise obtain biometric data relating to an employee, you must first:

Disclosure

You will not disclose or disseminate any biometric data to anyone other than your vendors and the licensor including Anviz and Anviz Technologies and/or its vendor(s) of your time and attendance software providing products and services using biometric data without/unless:

Retention Schedule

Anviz will permanently destroy an employee’s biometric data from Anviz’s systems, or in Anviz’s control within one (1) year, when, the first of the following occurs:

Data Storage

Anviz shall use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which Anviz stores, transmit and protect from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.