Verano Holdings LLC, VZL Staffing Services, LLC, and their respective subsidiaries, affiliates, parents and owners (the “Company”) has instituted the following policy related to any biometric data that the Company possesses as a result of the Company’s use of payroll, time and attendance software or other operations.
“Biometric Data” includes “biometric identifiers” and “biometric information” as defined in the Illinois “Biometric Information Privacy Act, 740 ILCS § 14/1, et seq.
“Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act, or information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.
“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.
Purpose for Collection:
The Company and its vendor(s) of payroll, time and attendance software collect, store, and use biometric data solely for employee identification and fraud prevention purposes.
Disclosure and Authorization
To the extent that the Company and the vendor(s) of the Company’s payroll, time and attendance software collect, capture, or otherwise obtain biometric data relating to an employee, the Company must first:
- Inform the employee in writing that the Company and/or its vendor(s) of the Company’s time and attendance software are collecting, capturing, or otherwise obtaining the employee’s biometric data, and that the Company may provide such biometric data to its vendor(s) of the Company’s payroll, time and attendance software.
- Inform the employee in writing of the specific purpose and length of time for which the employee’s biometric data is being collected, stored, and used.
- Receive a written release signed by the employee (or his or her legally authorized representative) authorizing the Company and its vendor(s) of the Company’s time and attendance software to collect, store, and use the employee’s biometric data for the specific purposes disclosed by the Company, and for the Company to provide such biometric data to its vendor(s).
- The Company will not disclose, re-disclose or disseminate any biometric data to anyone other than its authorized vendors unless:
- the individual (or his/her legally authorized representative) provides consent to do so.
- required by State or Federal law or municipal ordinance.
- required pursuant to a valid warrant or subpoena.
The Company and the vendor of the Company’s time and attendance software will not sell, lease, trade, or otherwise profit from employees from the employees’ biometric data.
The Company shall retain any employee’s biometric data in the Company’s possession only until the first of the following occurs:
- The initial purpose for collecting or obtaining such biometric data has been satisfied, such as the employee moves to a role within the Company for which the biometric data is not used, or the Company discontinues using the payroll, time and attendance software for which the biometric data was used; or
- Within 3 years of the employee’s separation from the Company or the employee’s last interaction with the Company.
The Company shall use a reasonable standard of care to store, transmit, and protect from disclosure any paper or electronic biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits, and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.