This Timekeeping/Facility Access Policy (“Policy”) addresses the collection, use, storage, retention, safeguarding and destruction of hand data provided by employees or other individuals authorized to access our facility using the timekeeping devices provided. Cheese Merchants of America (“the Company”) reserves the right to revise this Policy at any time and will provide notice to affected employees, and other individuals, if and when it does so.

 

If, in the future, hand data is obtained or used for any additional purposes than those stated in this Policy, or if such information is retained for periods other than those identified in this Policy, the Company will revise and re-distribute this Policy to affected individuals. A copy of this Policy will be made available to all affected individuals, is maintained in Human Resources and is included in our Employee Handbook which is also posted on the Company’s employee self-service portal which may be accessed at any time by employees.

 

The Company’s policy is to ensure that the hand data is collected, used, maintained and handled in accordance with the Illinois Biometric Information Privacy Act (“BIPA”) (to the extent that the hand data is covered by BIPA) or any other applicable laws. An individual’s hand data will not be collected or otherwise obtained without prior written consent of the individual.

 

The Company uses Paylocity Client software and a timeclock provided by its payroll service provider. The payroll service provider reports that its timeclock scans the individual’s handprint and stores and uses an encrypted mathematical representation of the same. There is no storage of an actual image of the hand and the data received cannot be used or converted into actual images or geometrical representations of the hand. Simply, this mathematical representation of an individual’s handprint is used to confirm the person’s identity when the individual “clocks in” and “clocks out” each day via the scanner. The Company’s payroll service provider reports that the Paylocity Client software and timeclock does not store any handprint images in this process, either at initial enrollment or thereafter. Rather, the payroll service provider reports that the Paylocity Client software and timeclock only retains an encrypted mathematical representation of same for identification purposes. The purpose of this hand scan process is to verify the person’s identity for security, record employee hours, prevent fraud and promote accurate timekeeping.

 

The Company will not sell, lease, trade or otherwise profit from an individual’s hand data and will not use any hand data for any purposes other than as set forth in this Policy. Company vendors of the hand data devices have represented that they do not sell, lease, trade or profit from such hand data, and that they use reasonable standards of care within their industry for any storage, transmittal, or protection from disclosure of such data.

 

The Company will not disclose hand data unless: (a) written consent is obtained from the employee prior to the disclosure; (b) disclosure is necessary to make a financial transaction requested or authorized by the employee; or (c) disclosure is required by law, including by a lawful warrant or subpoena. To the extent that the Company ever possesses hand data information (or any data derived from such information, including encrypted mathematical formulas), it will store such information using a reasonable standard of care for the industry and in a manner that is the same or exceeds the standards used to protect other confidential and sensitive information of employees that is obtained by the Company.

 

To the extent that the Company ever possesses hand data information (or any data derived from such information, including encrypted mathematical formulas), the Company will permanently destroy such information upon the occurrence of any of the following, whichever comes first: (a) within a reasonable period of time following termination of the employee’s employment (typically not more than twenty four (24) hours following the termination of  employment in Paylocity); (b) the purpose for which the biometric information was collected ceases to apply; or (c) within three years after an employee’s last interaction with the Company. In the case of contracted vendors or assignees from temporary agencies, the biometric information will be destroyed within the same guidelines as above upon completion of the contracted assignment.

 

The Company’s payroll service provider further confirms that the Paylocity Client software and timeclock will promptly and permanently destroy any individual’s hand data information (or any data derived from such information, including encrypted mathematical formulas) once the employee, assignee or vendor is no longer enrolled in its time-keeping system. The Company requires employees or individuals authorized to enter the facility to sign a written release authorizing the collection and use of the hand data for purposes of this Policy and will provide reasonable accommodations to those individuals who present valid written objections to the collection and use of this hand data due to disability, sincerely held religious beliefs or any other valid and lawful basis presented.