ZKTeco-Biometric Privacy Policy

ZKTeco Privacy Policy for the Processing of Biometric Data from U.S. Residents

ZKTeco has instituted the following policy related to any U.S. resident biometric data that is collected, processed and/or stored by ZKTeco and that is subject to the requirements of any law expressly governing the collection, storage, use and/or disclosure of biometric data.

Not all ZKTeco products and services utilize biometric technologies, and not all of ZKTeco’s biometric technology products and services involve ZKTeco’s participation in the collection, storage or use of biometric data (for example, products sold by third-party partners). However, in some cases, ZKTeco may provide hosting services for certain biometric data collected by Customer on such Customer’s behalf.

Biometric Information

The biometric data covered by this policy includes “Biometric Identifiers” as defined by BIPA (i.e., a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry) and “Biometric Information” as defined by BIPA (i.e., any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s Biometric Identifier used to identify an individual).

At the direction and on behalf of its Customers, ZKTeco may collect, store and/or use biometric data. Customers may utilize ZKTeco’s products and services to collect, store and/or use biometric data solely for employment-related purposes, including tracking of time and attendance, in accordance with this policy and applicable law.

Customer’s Responsibilities

It is the sole responsibility of the Customer that collects, captures, stores, or otherwise uses Biometric Data relating to an individual, to:

  1. Inform the individual from whom Biometric Data will be collected, in writing and prior to collecting the individual’s Biometric Data, that Biometric Data is being collected, stored, and/or used.
  2. Indicate, in writing, the specific purpose(s) and length of time for which Biometric Data is being collected, stored, and/or used.
  3. Receive a written release from the individual (or a legally authorized representative) authorizing the Customer and ZKTeco to collect, store, and/or use the Biometric Data and authorizing the Customer to disclose such Biometric Data to ZKTeco and any Customer third-party service providers.
  4. Develop, maintain, and to inform all individuals about any Customer policies for Biometric Data collection. Customer must maintain its own data collection, disclosure, retention, and storage policies in compliance with all applicable laws. Where required by law, Customer agrees to adopt a privacy policy in alignment all applicable laws governing the collection, use, transfer and retention of Personal Data.
  5. Ensure that ZKTeco is immediately notified upon termination or other discontinuation of use of ZKTeco’s biometric products or services with respect to an employee or other individual.

Disclosure and Sharing of Biometric Information

ZKTeco will not sell, lease, trade or otherwise profit from any biometric data that it receives from Customer’s employees. Biometric data will not be used for any purpose other than as described herein.

ZKTeco will not disclose, redisclose or otherwise disseminate any biometric data received from Customers to any person or entity other than ZKTeco and ZKTeco’s third party service providers except for if disclosure or redisclosure is required by state or federal law or municipal ordinance or disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Note Regarding Illinois Biometric Information Privacy Act

In accordance with the Illinois Biometric Information Privacy Act (740 Ill. Comp. Stat. Ann. 14/1 et seq.) (the “Illinois BIPA”), ZKTeco maintains comprehensive policies and procedures to ensure the proper collection, use, safeguarding, storage, retention, and destruction of Biometric Data by ZKTeco. As required by the Illinois BIPA, ZKTeco makes available its Biometric Data Retention and Storage policies in the following sections. For purposes of clarity, these policies apply to all Customer Personal Data, not just Customer Personal Data collected in Illinois.

Retention of Biometric Information

ZKTeco will retain biometric data for ZKTeco’s standard Customer Personal Data retention period of sixty (60) days, or the individual is terminated by the Customer in Customer’s workforce management system, or Customer notifies ZKTeco that the individual has been terminated, whichever occurs first, at which time ZKTeco shall permanently destroy all copies of the employee’s Biometric Data in its possession unless ZKTeco is required to hold Customer Personal Data pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Storage of Biometric Information

ZKTeco will use a reasonable standard of care, consistent with the industry in which ZKTeco operates, to store, transmit and protect from disclosure all biometric data, and shall store, transmit, and protect from disclosure all biometric data in a manner that is the same as or more protective than the manner in which ZKTeco stores, transmits, and protects other confidential or sensitive data that can be used to uniquely identify an individual or an individual’s account or property.