Legal
Biometric Policy
Legal
Biometric Policy
Effective November 22, 2021
Updated March 22, 2024
In addition to the information provided in the Privacy Statement, Woolly Labs, Inc., doing business as Vouched (“Vouched“, “we“, “us“, “our“) has instituted the following policy related to any biometric data that the Vouched possesses as a result of our customers’ and their end users’ use of Vouched products and services. Our customers are responsible for developing and complying with their own biometric data retention and destruction policies as may be required under applicable law. As pertaining to biometric data processed by us, they have committed to us that they will do so in a manner consistent with this policy.
Definition of Biometric Data
When we refer to “biometric data,” we mean information about your physical or biological characteristics that identify you. Information like eye, hand, or face scans; fingerprints; and voiceprints may be considered biometric data if they are being used to identify you by technical means. The definitions of biometric data vary under different countries’ and states’ regulations.
For example, under the Illinois Biometric Information Privacy Act (“BIPA”), biometric data includes “biometric identifiers” and “biometric information.” “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.
For another example, under the General Data Protection Regulation (“GDPR”), the term “biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or fingerprint data.
Please note that in the United States, some states’ biometric laws don’t apply to driver’s license photos. Photos of you are not biometric data, but biometric data can be made from processing the photo using certain technology.
Vouched Collection and Use of Biometric Information
Vouched provides ID verification services to our customers. In order to provide these services, Vouched collects images of your identification documents, on behalf of our customers, using Vouched systems and technologies.
Vouched software tools detect, verify and analyze biometric information included on a government-issued identity documents (such as a person’s face) to provide ID verification and fraud detection. Vouched software uses biometric data solely to provide ID verification and fraud prevention services to the Vouched customer.
Vouched will not sell, lease, trade, or otherwise profit from biometric data; provided, however, that Vouched may be paid for products or services provided by Vouched that utilize such biometric data. For example, the Vouched customer may pay Vouched to conduct ID verification services using biometric information.
Vouched Disclosure of Biometric Data and Customer Obligations
Vouched may use third-party vendors to provide its services. Vouched will not share biometric information collected pursuant to this policy with vendors except for the purpose of facilitating Vouched services. Vouched has agreements with any vendor that will receive such biometric data to keep the data confidential and secure. Except for such vendors, Vouched will not disclose or disseminate any such biometric data to anyone other than the Vouched customer to whom Vouched is providing products and services using biometric data, unless (i) disclosure is required by law or municipal ordinance, or (ii) disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
Vouched customers will have access to the biometric information collected on their behalf. Vouched customers are responsible for compliance with applicable law governing any collection, storage, use, and/or transmission of biometric data they conduct or facilitate, including biometric data captured by Vouched in the course of providing our services to the customer. Vouched customers may have their own policies that apply to their collection and use of your biometric data. Vouched has agreements with its customers that (i) they will follow the retention schedule below with respect to information captured by Vouched, (ii) they will only use this information, or permit it to be used by their customers, for ID verification purposes consistent with this policy, and (iii) they will keep this information confidential and secure.
Data Retention
Vouched shall retain biometric data only until the first of the following occurs (i) the initial purpose for collecting or obtaining such biometric data has been satisfied, such as the identification verification is complete; or (ii) within 3 years of your last interaction with Vouched.
Data Storage
Vouched shall use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which Vouched transmits and protects from disclosure other confidential and sensitive information of Vouched and its employees.
Your Release and Consent
As part of our identity verification process, you will be asked to check a box agreeing that you are providing your electronic signature acknowledging that you have read this policy, and that you voluntarily consent to our collection, storage, and use of biometric data, including to the extent that it utilizes your biometric identifiers or biometric information as defined in policy, and you voluntarily consent to providing the biometric data to Vouched.
You understand that you are free to decline to provide biometric identifiers and biometric information to Vouched, however, we are not able to provide certain identification verification services unless you do consent and make information available to Vouched in accordance with this Policy. You may revoke this consent at any time by emailing us at [email protected] or by mail at:
Woolly Labs, Inc. DBA Vouched
Attn: Legal
506 2nd Avenue, Suite 1400
Seattle, Washington 98104 U.S.A.