.webp)
1. OVERVIEW
This Biometric Information Policy (“Policy”) addresses the collection, use, storage, retention, safeguarding and destruction of biometric information. Caputo’s Fresh Markets (“the Company”) reserves the right to revise this Policy at any time and will provide notice to affected employees if and when it does so.
“Biometric information” means personal information associated with an individual’s physical characteristics that can be used to identify that person. Biometric information or “identifiers” include, but are not limited to, fingerprints, voiceprints, facial shapes, retina or iris scans, or scans of hand or face geometry as defined by Illinois law.
If, in the future, employees’ biometric information is obtained or used for any additional purposes than those stated in this Policy, or if such information is retained longer than the time periods identified in this Policy, the Company will revise and re-distribute this Policy to affected employees.
A copy of this Policy will be made available to all affected individuals and, in addition, will be distributed uponrequest.
2. POLICY
The Company’s policy is for employee biometric information to be protected and maintained in accordance with the Illinois Biometric Information Privacy Act. An individual’s biometric information will not be collected or otherwise obtained without prior written consent of the individual.
The Company will not sell, lease, trade or otherwise profit from an individual’s biometric information, and will not use any biometric identifiers or biometric information for any purposes other than as discussed in this Policy.
The Company will not disclose biometric information unless: (a) written consent is obtained from the employee prior to the disclosure; (b) disclosure is necessary to make a financial transaction requested or authorized by the employee;(c) disclosure is required by law or (d) disclosure is required by a lawful subpoena.
3. COLLECTION, STORAGE AND DESTRUCTION OF BIOMETRIC INFORMATION
The Company uses a timeclock provided by its payroll service provider. The payroll service provider reports that its timeclock scans a portion of the employee’s fingertip and stores and uses an encrypted mathematical representation of that portion of the fingertip. This encrypted mathematical representation of an employee’s fingerprint is used to confirm the employee’s identity when the employee “clocks in” and “clocks out” each day via the fingerprint scanner.
The Company’s payroll service provider reports that it does not collect any fingerprint images in this process, either at initial enrollment or thereafter. Rather, the payroll service reports that it only retains an encrypted mathematical representation of same for employee identification purposes.
The purpose of this finger-print scan process is to verify employee identity, record employee hours, prevent fraud and promote accurate timekeeping. The Company itself does not collect or retain any employee finger-print information or any information derived from the finger-print scan, including any encrypted mathematical representations of employees’ fingerprints.
To the extent that it ever comes into possession of biometric information (or any data derived from such information, including encrypted mathematical formulas), the Company will store such information using a reasonable standard of care for the industry and in a manner that is the same or exceeds the standards used to protect other confidential and sensitive information of employees that is obtained by the Company. The Company’s payroll service provider reports that it will follow the same storage protocol if it comes into possession of biometric information (or any data derived from such information, including encrypted mathematical formulas).
To the extent that it ever comes into possession of biometric information (and any data derived from such information, including encrypted mathematical formulas), the Company will permanently destroy such information upon the occurrence of any of the following: (a) within a reasonable period of time following termination of the employee’s employment (typically not more than one month following the termination of employment); (b) the purpose for which the biometric information was collected ceases to apply; or (c) within three years after an employee’s last interaction with the Company.
The Company’s payroll service provider reports that it will promptly and permanently destroy any employee biometric information (or any data derived from such information, including encrypted mathematical formulas) once the employee is no longer enrolled in its time-keeping system.
If you have any questions about this policy, please contact Human Resources.