Biometric Information Privacy Policy and Consent

effective date: August 1, 2023

Scope and Overview

This policy outlines how Pheple Federal Credit Union, its vendors, and/or the licensor of the Pheple Federal Credit Union’s consumer verification software processes biometric data collected from you for identity verification and fraud prevention purposes.  

Biometric Data Defined

As used in this policy, biometric data includes “biometric identifiers” and “biometric information”. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. As the term is used in this policy, the selfie photograph you upload to the software for use in the biometric algorithm is considered a "biometric identifier."  “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.  

Disclosure and Authorization Policy

To the extent that Pheple Federal Credit Union, its vendors, and/or the licensor of the Pheple Federal Credit Union’s consumer verification software collect, capture, or otherwise obtain biometric data relating to a consumer, Pheple Federal Credit Union must first:

Inform each consumer that Pheple Federal Credit Union, its vendors, and/or the licensor of the Pheple Federal Credit Union’s consumer verification software are collecting, capturing, or otherwise obtaining the employee’s biometric data, and that the Pheple Federal Credit Union is providing such biometric data to its vendors and the licensor of the Pheple Federal Credit Union’s consumer verification software;

Inform the consumer of the specific purpose and length of time for which the consumer’s biometric data is being collected, stored, and used; and

Receive consent by the consumer authorizing Pheple Federal Credit Union, its vendors, and/or Pheple Federal Credit Union’s consumer verification software to collect, store, and use the consumer’s biometric data for the specific purposes disclosed by the Pheple Federal Credit Union, and for Pheple Federal Credit Union to provide such biometric data to its vendors and the licensor of the Pheple Federal Credit Union’s consumer verification software.

Pheple Federal Credit Union, its vendors, and/or the licensor of the Pheple Federal Credit Union’s consumer verification software will not sell, lease, trade, or otherwise profit from employees’ biometric data; provided, however, that the Pheple Federal Credit Union’s vendors and the licensor of the Pheple Federal Credit Union’s consumer verification software may be paid for products or services used by Pheple Federal Credit Union that utilize such biometric data.

This policy is intended to comply with all federal, state, and local laws. 

Purpose for the Collection of Biometric Data

Pheple Federal Credit Union, its vendors, and/or the licensor of Pheple Federal Credit Union’s consumer verification software collect, store, and use biometric data solely for identity verification and fraud prevention purposes.

Disclosure

Pheple Federal Credit Union will not disclose or disseminate any biometric data to anyone other than its vendors and the licensor of the Pheple Federal Credit Union’s consumer verification software providing products and services using biometric data without/unless:

  • First obtaining consumer consent to such disclosure or dissemination;

  • The disclosed data completes a financial transaction requested or authorized by the consumer;

  • Disclosure is required by law or ordinance; or

  • Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Security

Pheple Federal Credit Union shall use a commercially reasonable standard of care to store, transmit and protect from disclosure any biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which Pheple Federal Credit Union stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.

Retention

Pheple Federal Credit Union shall retain consumer biometric data only until, and shall request that its vendors and the licensor of Pheple Federal Credit Union’s consumer verification software permanently destroy such data when, the first of the following occurs:

  • The initial purpose for collecting or obtaining such biometric data has been satisfied, such as verification of consumer identity;

  • Request of consumer to destroy the biometric data; or

  • Within 30 days of consumer’s provisioning of biometric data.

Contact Information

If you have any questions about our use, storage, or security of your biometric data you can contact us at: info@pheplefcu.org

BIOMETRIC INFORMATION CONSUMER CONSENT

As outlined in the “Biometric Information Privacy Policy”, I understand and consent to the collection, use, retention, storage, and/or disclosure or re-disclosure of data or images from biometric verification technology by Pheple Federal Credit Union, its vendors, and/or the licensor of the Pheple Federal Credit Union’s consumer verification software.  I acknowledge that I have been given a copy of the Policy, or that the Policy has been made accessible to me, and I have had an opportunity to review it and request any additional information concerning the Pheple Federal Credit Union’s procedures and safeguards for collecting, maintaining, using, disclosing, sharing, storing, and/or destroying this data.