Biometric Data Security Policy
The purpose of this policy is to define the policy and procedures for ABC Fitness Solutions, LLC’s (“ABC”) storage, use, safeguarding, retention, and destruction of biometric data.
It is ABC’s policy to protect, use, and store biometric data in accordance with applicable laws.
ABC reserves the right to amend this Biometric Data Security Policy at any time without notice.
Biometric Data Defined
As used in this policy, biometric data means any information, based on an individual’s physical or biological characteristics that can be used to identify that person. Biometric data includes, but is not limited to, a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry, regardless of how it is captured, converted, stored, or shared.
ABC stores biometric data transmitted to it as a result of providing software services to ABC’s health club clients (“Clients”), who collect and use biometric data in connection with providing health club services to its members. ABC does not collect any biometric data directly from any individuals, and such information is provided to ABC by its Clients.
Clients are responsible for maintaining their own data collection, disclosure, retention, and storage policies as may apply to them under applicable law. To the extent required by law, Clients are responsible for obtaining authorization for the Clients, ABC, the vendors and/or licensors of ABC’s services to collect, retain, and use biometric data from any member, employee, or other person from whom the Clients collects biometric data.
ABC will not sell, lease, or trade any biometric data that it receives from Clients.
ABC will not disclose or disseminate any biometric data to any person or entity other than (1) its Clients who provided the biometric data or (2) vendors and/or licensors of ABC’s services who might possess, store, or use the data in a manner consistent with the purposes for which the data is collected, stored, and used, unless:
It obtains consent to such disclosure or dissemination from the individual from whom the data was collected;
The disclosed information completes a financial transaction authorized by the individual from whom the data was collected;
Disclosure is required by state or federal law; or
Disclosure is required pursuant to a valid warrant, subpoena, or court order.
ABC will use a reasonable standard of care to store, transmit, and protect from disclosure any biometric data in its possession. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the ABC stores, transmits and protects from disclosure other confidential and sensitive information.
Retention and Destruction
ABC will retain biometric data until the initial purpose for which that data was collected or obtained has been satisfied, or within three (3) years of the individual’s last interaction with Client, whichever occurs first, subject to applicable law. Clients will inform ABC when the initial purpose has been satisfied or when the last interaction occurred. ABC will thereafter destroy the biometric data subject to applicable law.
The initial purpose may be satisfied, for example, when the individual terminates its relationship with the Client, when the Client terminates its relationship with ABC, or when the Client terminates use of biometric data.