Journyx Biometric Information Privacy Policy

Journyx, Inc. (“Company”) has instituted the following biometric information privacy policy:

As used in this policy, biometric data includes “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers also do not include information captured from a patient in a healthcare setting or information collected, used, or stored for healthcare treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

The Company provides time and attendance software to its customers. The software collects, stores, and uses biometric data solely for the Company’s customers’ use in employee identification, fraud prevention, pre-employment hiring purposes, and other purposes that may be required under applicable law or governmental order.

To the extent that the Company’s software collects, captures, or otherwise obtains biometric data relating to a customer’s employee, the Company will first: a) Inform the employee in writing that the Company’s time and attendance software is collecting, capturing, or otherwise obtaining the employee’s biometric data; b) Inform the employee in writing of the specific purpose and length of time for which the employee’s biometric data is being collected, stored, and/or used; and c) Receive a written release signed by the employee (or his or her legally authorized representative) authorizing the Company to collect, store, and use the employee’s biometric data for the specific purpose of providing the time and attendance software.

The Company will not disclose or disseminate any biometric data to another party without/unless: a) First obtaining written employee consent to such disclosure or dissemination; b) The disclosed data completes a financial transaction requested or authorized by the employee; c) Disclosure is required by state or federal law or municipal ordinance; or d) Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

The Company shall retain employee biometric data only until, and shall permanently destroy such data within no more than two weeks when, the first of the following occurs: a) The initial purpose for collecting or obtaining such biometric data has been satisfied, such as the termination of the employee’s employment with the Company’s customer, or the employee moves to a role for which the biometric data is not used; or b) Within 3 years of the employee’s de-enrollment by the employer, which is the last date on which the employee can interact with the Company’s time and attendance software.

The Company shall use a reasonable standard of care to store, transmit and protect from disclosure any biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.