Privacy Policy - Biometric Information

EdgeCore (“us”, “we”, or “our”) operates data centers (“DataCenters”). This page informs you of our policies regarding the collection, use, and disclosure of data we receive from users of the Data Center located in Arizona (this “Policy”).

Definition of Biometric Data

Biometric data means information that is derived from biometric identifiers.  Examples of a “biometric identifier” include fingerprints; a retina or iris scan; voiceprint; or scan of hand or face geometry. Biometric identifiers do not include photographs; human biological samples used for valid scientific testing or screening; tattoo descriptions; or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.

To access the Data Center, our security systems capture the following information:

  1. Photo
  2. Fingerprint
  3. First name
  4. Last name
  5. Vaccination status (if elected to provide)

Purpose for Collection of Biometric Data

Biometric identifiers are stored as binary data within our security systems which create a visual data representation of the identifiers as points on a graph. Images of the physical fingerprint are not taken or stored in our security systems. The data is encrypted using ANSI256. The data is also stored in a Microsoft SQL database and further encrypted with AES 256. In the event of a data breach, a hacker would not be able to reconstruct the fingerprint image given the method of storage.

We use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic biometric data collected. We perform such storage, transmission, and protection from disclosure in a manner that is the same as or more protective than the manner in which we store, transmit and protect from disclosure other confidential and sensitive information, including our own.

Disclosure and Authorization

We, our vendors, and/or the licensor of our security software will not sell, lease, trade, or otherwise profit from users’ biometric data.

Access to biometric data (which is encrypted and as noted above does not recreate an image) is only accessible by a limited number of vendors or licensors who are responsible for maintenance and performance of security software unless:  

  1. We first obtain your written consent to such disclosure or dissemination.
  2. Disclosure is required by state or federal law or municipal ordinance.
  3. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention Schedule

We may retain your biometric datauntil receiving a request from you for the biometric data to be destroyed.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Contact us and Further Information

If you have any questions about our biometric privacy policy, the data we hold, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.  For a requests about exercising your data protecting rights – including obtaining, changing or deleting your information– we have 30 days to respond.

We reserve the right to change or amend this Policy.