Biometric Information Privacy Policy

Sitka Salmon Shares (the “Company”) has instituted the following biometric information privacy policy:

Biometric Data Defined

As used in this policy, biometric data includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1, et seq. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.

“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

Purpose for Collection of Biometric Data

The Company, its vendors, and/or the licensor of the Company’s temperature and face scanning software may capture, convert, store, and/or share biometric data solely for employee identification, temperature scanning, and contract tracing purposes. The Company has implemented this software for the purpose of complying with local, state, and federal guidance for controlling the spread of COVID-19 and may be in place until applicable government guidelines no longer require or encourage employee temperature screenings and contract tracing for COVID-19.

Disclosure and Authorization

To the extent that the Company, its vendors, and/or the licensor of the Company’s temperature and face scanning software collect, capture, or otherwise obtain biometric data relating to an employee, the employee (or his or her legally authorized representative) has the following rights:

  1. To be informed in writing that the Company, its vendors, and/or the licensor of the Company’s temperature scanning software are collecting, capturing, or otherwise obtaining the employee’s biometric data, and, if applicable, that such biometric data is being provided to vendors and/or the licensor of the Company’s temperature and face scanning software;
  2. To be informed in writing of the specific purpose and length of time for which the employee’s biometric data is being collected, stored, and potentially used; and
  3. To receive, review, and sign a written release authorizing the Company, its vendors, and/or the licensor of the Company’s temperature and face scanning software to capture, convert, store, and/or share the employee’s biometric data for the specific purposes disclosed, and, if applicable, authorizing the Company to provide such biometric data to its vendors and the licensor of the Company’s temperature and face scanning software.

The Company, its vendors, and/or the licensor of the Company’s temperature and face scanning software will not sell, lease, trade, or otherwise profit from employees’ biometric data; provided, however, that the Company’s vendors and the licensor of the Company’s temperature and face scanning software may be paid for products or services used by the Company that utilize such biometric data.

Disclosure

To the extent the Company collects, retains, and/or stores biometric data, the Company will not disclose or disseminate any biometric data to anyone other than its vendors and the licensor of the Company’s temperature and face scanning software providing products and services using biometric data without/unless:

  1. First obtaining written employee consent to such disclosure or dissemination;
  2. The disclosed data completes a financial transaction requested or authorized by the employee;
  3. Disclosure is required by state or federal law or municipal ordinance; or
  4. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention Schedule

To the extent the Company possesses or retains employee biometric data, the Company will permanently destroy employee biometric data as soon as the first of the following occurs:

  • The initial purpose for collecting or obtaining such biometric data has been satisfied, such as the termination of the employee’s employment with the Company, or if the employee moves to a role within the Company for which the biometric data is not captured, converted, stored, or shared; or
  • Three years pass from the date the employee's last interaction with the Company.

To the extent the Company’s vendors and/or the licensor of the Company’s temperature and face scanning software possess or retain employee biometric data, the Company will request that its vendors and/or the licensor of the Company’s temperature and face scanning software permanently destroy such data when the first of the following occurs:

  • The initial purpose for collecting or obtaining such biometric data has been satisfied, such as the termination of the employee’s employment with the Company, or if the employee moves to a role within the Company for which the biometric data is not captured, converted, stored, or shared; or
  • Three years pass from the date of the employee’s last interaction with the Company.

Data Storage

To the extent the Company captures, collects, stores, and/or shares any biometric data, the Company will use a reasonable standard of care to store and protect from disclosure any paper or electronic biometric data that is captured, collected, converted, and/or stored. Such storage and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company collects, stores, shares, and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.