Biometric Policy Gen
Draft compliance language for BIPA, GDPR, and CCPA.
The purpose of this policy is to define [Company Name]'s standards and procedures for the collection, use, safeguarding, storage, retention, and destruction of Biometric Data. This policy applies to all employees, contractors, and customers from whom biometric data is collected.
"Biometric Data" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Specifically, [Company Name] collects the following types of data:
- (No types selected)
We collect Biometric Data solely for the purpose of [Purpose]. The data will not be used for any other purpose without your express written consent.
Prior to the collection of any Biometric Data, [Company Name] will obtain a written release from the individual. We will not sell, lease, trade, or otherwise profit from your Biometric Data.
We will not disclose, redisclose, or disseminate your Biometric Data unless:
- You or your legally authorized representative consent to the disclosure in writing;
- The disclosure is required by state or federal law or municipal ordinance;
- The disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
[Company Name] will permanently destroy your Biometric Data when the initial purpose for collecting or obtaining such data has been satisfied, or within 3 years after employment ends, whichever occurs first.
We shall use a reasonable standard of care to store, transmit, and protect from disclosure any Biometric Data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which we store, transmit, and protect other confidential and sensitive information.
By signing below, I acknowledge that I have received, read, and understood this Biometric Information Privacy Policy.