Au10tix – Biometric Data Policy

Policy Statement

The purpose of this policy is to explain the procedures for the collection, use, safeguarding, storage, retention, and destruction of biometric data used by Au10tix Ltd. (the “Company”), as part of the Company’s authentication and identity verification services, in accordance with applicable laws including, without limitation, the Illinois Biometric Information Privacy Act. The Company uses its proprietary technology to compare facial images to verify the authenticity of a person’s identity identification card and the identity of the person.

The Company’s clients are responsible for developing and complying with their own biometric data retention and destruction policies as may be required under applicable law.

Biometric Data Defined

“Biometric Data” includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/1, et seq, “biometric identifier” as defined under Texas. Bus. & Com. Code §503.001, “biometric identifier” as used in Washington. Rev. Code Ann. §19.375.020, “biometric information” as used in the California Consumer Privacy Act, 2018, “biometric information” as used in the New York Stop Hacks and Improve Electronic Data Security Act, “biometric data” as used in the Arkansas Code §4-110-103, and further includes also any similar definitions under state or local law related to any biological characteristics of a person, or information based upon such a characteristic.

“Biometric Identifier” means, as defined under BIPA, a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. Biometric Identifier has additional similar meanings under the laws stated above under the definition of Biometric Data.

“Biometric information” means, as defined under BIPA, any information, regardless of how it is captured, converted, stored, or shared based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers. “Biometric information” has additional similar meanings under the laws stated above under the definition of Biometric Data.

Purpose for Collection of Biometric Data

The Company and its vendors may capture, purchase, receive, or otherwise obtain Biometric Data in the course of providing the Company’s products and services.

The Company uses its proprietary technology to compare costumer facial geometry images to verify the authenticity of a person’s identity identification card and the identity of the person.

The Company and its vendors will capture, purchase, receive, or otherwise obtain Biometric Data solely to provide, manage, maintain, improve and further develop the Company’s identity and authentication services. Neither the Company nor its vendors will sell, lease or trade any Biometric Data that it receives from clients or from a client’s customer as a result of their use of the Company’s services.

The Company’s clients are responsible for their own compliance with applicable laws governing their collection, storage, use, and transmission of Biometric Data, including to obtain, in advance, a written authorization from each customer to collect, capture, purchase, receive, or otherwise obtain Biometric Data related to the customer, for the purposes described under this policy.

Disclosure

The Company will not disclose or disseminate any Biometric Data to anyone other than its authorized vendors, except in the following circumstances:

the subject of the Biometric Data or the subject’s legally authorized representative consents to the disclosure or dissemination.

the disclosure or dissemination completes a financial transaction requested or authorized by the subject of the Biometric Data or the subject’s legally authorized representative;

the disclosure or dissemination is required by State or federal law or municipal ordinance; or

the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention Schedule

The Company will retain Biometric Data of a specific Company client’s customer until the first of the following events occurs:

The initial purposes, as described under this policy, for collecting or obtaining the Biometric Data has been satisfied; or,

the Company has received a written notice from the client, indicating that 3 years have lapsed following the last interaction of the client with the client’s customer.

Data Storage

The Company will store, transmit, and protect Biometric Data using a reasonable standard of care within the Company’s industry. The Company will perform such storage, transmission, and protection from disclosure in a manner that is the substantially the same as or more protective than the manner in which the Company stores, transmits, and protects from disclosure other confidential and sensitive information, within the Company’s possession, including any sensitive personal information.