1. Purpose

Incode Technologies, Inc. (“Company“) has adopted this Biometric Data Policy and Notice (this “Policy”) to govern the treatment of your Biometric Data, and is applicable to users residing in the United States of America. Protecting the confidentiality and integrity of Biometric Data is a critical responsibility that must be taken seriously at all times. Compliance with this Policy is mandatory. This Policy exists to help you better understand how we collect and treat Biometric Data, in addition to the information provided to you in our Privacy Policy.

2. Scope

This Policy applies to all Company employees, agents, and representatives, including any contractor or third-party service provider to the Company (“Third-Party Service Provider“) who have access to Biometric Data on behalf of the Company. This Policy applies to all Biometric Data collected, maintained, transmitted, stored, retained, or otherwise used by the Company regardless of the media on which that information is stored and whether relating to customers/users of Incode Omni or IncodeID.

3. Definition

Biometric Data” means collectively all Biometric Identifiers and Biometric Information.

Biometric Identifiers” means:

  • Retina or iris scans.
  • Fingerprints.
  • Voiceprints.
  • Scans of hand or face geometry.

Biometric Identifiers do not include:

  • Writing samples and written signatures.
  • Photographs.
  • Human biological samples used for valid scientific testing or screening.
  • Demographic data.
  • Tattoo descriptions.
  • Physical descriptions, such as:
    • height
    • weight
    • hair color; or
    • eye color.
  • Information captured from a patient in a healthcare setting.
  • Information collected, used, or stored for healthcare treatment, payment, or operations under the Health Insurance Portability and Accountability Act (HIPAA).
  • Donated organs, tissues, or parts as defined by the Illinois Anatomical Gift Act or blood or serum stored in connection with organ transplants.
  • Biological materials regulated under the federal Genetic Information Privacy Act.

Biometric Information” means information, regardless of how it is captured, converted, stored, or shared, that is based on a Biometric Identifier. Biometric Data does not include information derived from items or procedures excluded under the definition of Biometric Identifiers.

4. Retention Schedule

Unless otherwise required by an order from a court of competent jurisdiction or applicable law, we will only retain biometric data until: (i) the initial purpose for collecting the Biometric Data has been satisfied; or (ii) three years following your last interaction with the Company, whichever occurs first, unless we are legally required to keep such data for a different period.

5. Biometric Data Collection

Company and its partners and providers collect, store, and use Biometric Data for purposes of identity verification and related services (as well as related training of models). Before collecting Biometric Data from any individual, the Company will obtain the individual’s written consent to the collection, as required by applicable law.

6. Biometric Data Security

Company shall use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic Biometric Data collected.

7. Biometric Data Disclosures

Subject to individual consent, the Company may disclose an individual’s Biometric Data to its third-party vendors and/or licensors in order to facilitate the provision of its services.

The Company prohibits any further disclosure or re-disclosure of Biometric Data unless:

  • The individual or the individual’s legally authorized representative consents to the disclosure;
  • The disclosure is required by applicable law or regulation; or
  • The disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Company does not sell, lease, trade, or otherwise profit from Biometric Data.

For any questions regarding our use of biometric data or other privacy inquiries, please submit a request to our privacy team at dataprotection@incode.com.

Version 1. Last updated: May 14, 2024