Biometric Information Release

The following information is provided about Tracy, Inc.’s (the “Company”) policy on collecting and storing biometric information and includes a Release for you to accept evidencing your informed consent to this Policy.

1. 1. As used in this Release, biometric data includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1 to 14/99, and elsewhere. A “biometric identifier” is defined to include a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Other laws may provide for additional modes of identification. However, biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening (inclusive of donated organs, tissues, or parts as defined in the Illinois Anatomical Gift Act (755 ILCS 50/1-10), blood or serum stored on behalf of recipients or potential recipients of living or cadaveric transplants and obtained or stored by a federally designated organ procurement agency, and biological materials regulated under the Illinois Genetic Information Privacy Act), demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. States other than Illinois, including Texas and Washington, currently have enacted similar statutes and additional states have pending legislation. This policy and Release form is designed to be as broad as possible to cover the allowable uses and restrictions in each of the individual jurisdictions.
   2. “Biometric Information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.
   3. Purpose for Collection of Biometric Data
      The Company, its vendors, and/or the licensor of the Company’s Time & Attendance software collect, store, and use biometric data primarily for time & attendance and access control applications.
   4. Disclosure and Authorization
      To the extent that the Company, its vendors, and/or the licensor of the Company’s Time & Attendance software collect, capture, or otherwise obtain biometric data relating to an employee, the Company must first:
      1. Inform the employee that the Company, its vendors, and/or the licensor of the Company’s Time & Attendance software are collecting and storing the employee’s biometric data, and that the Company is providing such biometric data to its vendors and the licensor of the Company’s Time & Attendance software (by provision of this policy and the end user license agreement to you, you acknowledge receipt of such written/electronic notice and agree to execute this Release form with informed consent);
      2. Inform the employee of the specific purpose and length of time for which the employee’s biometric data is being collected, stored, and used (by provision of the end user license agreement, you acknowledge receipt of the purpose and length of such collection and storage); and
      3. Receive a written release signed by the employee (or his or her legally authorized representative) authorizing the Company, its vendors, and/or the licensor of the Company’s Time & Attendance software to collect, store, and use the employee’s biometric data for the specific purposes disclosed by the Company, and for the Company to provide such biometric data to its vendors and the licensor of the Company’s Time & Attendance software (by clicking Agree, you agree that you are electronically agreeing to the terms in writing).

Disclosure

1. 1. The Company stores and processes your biometric identifiers and biometric information and by signing the Release Form, you agree to this storage, transmission, processing and release.
   2. The Company will not disclose or disseminate any biometric data to anyone other than the licensor of the Company’s Time & Attendance software providing products and services using biometric data without/unless:
      1. 1. First obtaining written employee consent to such disclosure or disensemination
         2. The disclosed data completes a financial transaction requested or authorized by the employee
         3. Disclosure is required by state or federal law or municipal ordinance; or
         4. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
      Note: The sale, merger or other transaction involving the ownership of the Company or the Time & Attendance product/service line, and therefore its data/information, which transfers data/information to the new Company shall also be permitted. In addition, vendors who assist the Company with its processes, including but not limited to the maintenance of servers, disposal or recycling of equipment, shall also be encompassed within the Company’s authorized recipients and holders of such data/information. You also further understand that the Company may be required to turn over data and information if compelled, requested or directed subject to a subpoena, litigation or government inquiry and you consent to same.

Data Retention Schedule

1. 1. The Company shall retain biometric data only until, and shall request that the licensor of the Company’s Time & Attendance software permanently destroy such data when, the first of the following occurs:
      1. The initial purpose for collecting or obtaining such biometric data has been satisfied, such as the termination of the employee’s employment with the Company, or the employee moves to a role within the Company for which the biometric data is not used; or
      2. One (1) year following the employee’s last interaction with the Company unless a longer period is permitted under applicable law or regulation.

Data Storage

1. The Company shall use a reasonable standard of care to store, transmit and protect any biometric data collected from disclosure. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, including personal information, that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.

Biometric Information Electronic Release Form

By signing the following RELEASE FORM (or Clicking “Agree”, which electronically will act as your written consent) you agree to the terms of this Biometric Information Written Release policy, disclosure and informed consent acknowledgement.

1. The individual named below has been advised and understands that the Company, will collect, retain, and use biometric data for the purpose of identifying individuals and recording time entries when utilizing the Company’s biometric timeclocks or timeclock applications. Biometric timeclocks are computer-based systems that capture an individual’s biometric information for purposes of identification.
2. The Illinois Biometric Information Privacy Act, 740 ILCS 14/1 – 14/99 (“BIPA”) and other state statutes regulate the collection, storage, use, and retention of “biometric identifiers” and “biometric information” as defined above.
3. The individual agreeing to the terms of this policy understands that he or she is free to decline to provide biometric identifiers and biometric information to the Company, and/or the licensor of the Company’s Time & Attendance software without any adverse employment action. The employee may revoke this consent at any time by notifying the Company in writing.

The individual signing this RELEASE form (or Clicking “Agree” which electronically will act as your written consent) acknowledges that he/she has received and reviewed (and had the opportunity for legal counsel to review) the Biometric Information Release, and that he/she voluntarily consents to the Company’s, and/or the licensor of the Company’s Time & Attendance software’s collection, storage, and use of biometric data through a biometric timeclock, including to the extent that it utilizes the employee’s biometric identifiers or biometric information as defined in BIPA or other state statutes, and voluntarily consent to the Company providing such biometric data to the licensor of the Company’s Time & Attendance software.