Biometric Data Policy
Last Updated: 6/26/2024
This Policy, which forms part of SimpleVMS’s Privacy Policy, applies to the Biometric Data (as defined below) that is in the possession of SimpleVMS (“we,” “us,” “our,” “the Company” or “SimpleVMS”). This policy does not apply to Biometric Data in the possession of other individuals and entities, including Service Users (as defined below). Such Service Users are responsible for developing their own policies related to Biometric Data and for complying with those policies.
Definitions
The following terms apply to this Policy:
“Biometric Data” means a repeatable measurement of a person’s physical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or identifiable person’s body and the data derived therefrom where such measurements and data are used to identify an individual.
“Biometric Services” means services that use an individual’s Biometric Data to track the time and attendance, hours worked, or other work-related data of that individual, or for such other purposes as are authorized by such individual.
“Biometric User” means any person who provides their Biometric Data as part of the Biometric Services.
SimpleVMS Biometric Services
SimpleVMS provides access to Biometric Services to staffing organizations (“Staffing Vendors”) and other customers (“Customers,” and collectively with the Staffing Vendors, the “Service Users”) to help Service Users track time and attendance, hours worked, or other work-related data of Biometric Users.
Obligations of SimpleVMS Customers
Service Users who use Biometric Services are obligated to comply with applicable law governing the collection, capture, purchase, receipt, possession, disclosure, dissemination, use, storage, sale, lease, trade, transmission, retention, protection, and processing of Biometric Data, including obtaining all necessary consents and developing and complying with their policies applicable to the storage and destruction of Biometric Data.
SimpleVMS’s contracts require Service Users using Biometric Services to collect, capture or otherwise obtain Biometric Data to:
· Notify each Biometric User in writing that their Biometric Data is being collected, captured, or otherwise obtained;
· Notify each Biometric User in writing of the purposes for which their Biometric Data is being collected and the length of time for which their Biometric Data is stored; and
· Via a document signed by each Biometric User or the Biometric User’s authorized representative, authorize Authorized Persons to (i) collect, store, and use the Biometric User’s Biometric Data, and (ii) share, disclose, or redisclose such Biometric Data amongst and between Authorized Persons, in each case for Authorized Purposes. “Authorized Persons” means the applicable Service User, SimpleVMS, Avionté, and in the case of a Staffing Vendor Service User the applicable Customer(s), in each case along with each of their agents/contractors/vendors that may need to access the data to assist the applicable Customer(s), SimpleVMS, Avionté, and Staffing Vendor(s) with Authorized Purposes. “Authorized Uses” means (A) the recording of time and attendance, hours worked, and/or other work-related data; (B) the performance of such Authorized Person’s respective duties under the applicable agreement between the Authorized Persons; and/or (C) such other purposes as are authorized by the applicable Biometric User.
SimpleVMS Use of Biometric Data
To the extent that SimpleVMS is deemed to possess Biometric Data under applicable law, it is SimpleVMS’s policy to collect, use, retain, or share Biometric Data only for the
specific purpose(s) disclosed at the time of collection, as may later be authorized by the Biometric User, or as permitted by law.
SimpleVMS will not sell, lease, or trade Biometric Data in its possession.
As set forth above, SimpleVMS will share Biometric Data with such parties (which specifically includes, but is not limited to, Avionté) as may need to access the Biometric Data to assist with the recording of time and attendance, hours worked, and/or other work-related data; with the performance of contractual duties; or for such other purposes as are authorized by each Biometric User.
Retention and Destruction of Biometric Data
For Biometric Data collected, captured, or otherwise obtained by Service Users, SimpleVMS retains the Biometric Data until the earliest of the following: the Service User instructs SimpleVMS to delete it, informs SimpleVMS that the Biometric User is no longer working for the Service User, or discontinues use of Biometric Services.
For Biometric Data collected, captured, or otherwise obtained by SimpleVMS through direct interaction with Biometric Users where SimpleVMS obtains the consent, SimpleVMS will retain the Biometric Data until the earlier of the following: when the initial purpose for obtaining or collecting such data (i.e., the reason disclosed when it was obtained or collected) has been fulfilled, or when applicable law requires deletion.
Biometric Data Security
SimpleVMS is dedicated to implementing robust, industry-standard security measures to protect Biometric Data in its possession from unauthorized access, disclosure, alteration, and destruction. SimpleVMS’s security protocols for Biometric Data are the same as or more protective than those in place for the storage, transmission, and protection of other confidential and sensitive information. These protocols include, among other things: encryption both in transit and at rest, access controls, audits, and training.