Date Last Revised: July 2023
Date Last Reviewed: July 2023

Scope and Overview

This policy outlines how Thornapple Credit Union, its vendors, and/or the licensor of Thornapple Credit Union’s consumer verification software processes biometric data collected from you for identity verification and fraud prevention purposes.

Biometric Data Defined

As used in this policy, biometric data includes “biometric identifiers” and “biometric information”. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. As the term is used in this policy, the selfie photograph you upload to the software for use in the biometric algorithm is considered a "biometric identifier." “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.

Disclosure and Authorization Policy

To the extent that Thornapple Credit Union, its vendors, and/or the licensor of the Thornapple Credit Union’s consumer verification software collect, capture, or otherwise obtain biometric data relating to a consumer, Thornapple Credit Union must first:

Inform each consumer that Thornapple Credit Union, its vendors, and/or the licensor of the Thornapple Credit Union’s consumer verification software are collecting, capturing, or otherwise obtaining the employee’s biometric data, and that the Thornapple Credit Union is providing such biometric data to its vendors and the licensor of the Thornapple Credit Union’s consumer verification software.

Inform the consumer of the specific purpose and length of time for which the consumer’s biometric data is being collected, stored, and used; and receive consent by the consumer authorizing Thornapple Credit Union, its vendors, and/or Thornapple Credit Union’s consumer verification software to collect, store, and use the consumer’s biometric data for the specific purposes disclosed by the Thornapple Credit Union, and for Thornapple Credit Union to provide such biometric data to its vendors and the licensor of the Thornapple Credit Union’s consumer verification software.

Thornapple Credit Union, its vendors, and/or the licensor of the Thornapple Credit Union’s consumer verification software will not sell, lease, trade, or otherwise profit from employees’ biometric data; provided, however, that the Thornapple Credit Union’s vendors and the licensor of the Thornapple Credit Union’s consumer verification software may be paid for products or services used by Thornapple Credit Union that utilize such biometric data.

This policy is intended to comply with all federal, state, and local laws.

Purpose for the Collection of Biometric Data

Thornapple Credit Union, its vendors, and/or the licensor of Thornapple Credit Union’s consumer verification software collect, store, and use biometric data solely for identity verification and fraud prevention purposes.

Disclosure

Thornapple Credit Union will not disclose or disseminate any biometric data to anyone other than its vendors and the licensor of the Thornapple Credit Union’s consumer verification software providing products and services using biometric data without/unless:

First obtaining consumer consent to such disclosure or dissemination.

The disclosed data completes a financial transaction requested or authorized by the consumer.

Disclosure is required by law or ordinance; or

Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Security

Thornapple Credit Union shall use a commercially reasonable standard of care to store, transmit and protect from disclosure any biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which Thornapple Credit Union stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers.

Retention

Thornapple Credit Union shall retain consumer biometric data only until, and shall request that its vendors and the licensor of Thornapple Credit Union’s consumer verification software permanently destroy such data when, the first of the following occurs:

The initial purpose for collecting or obtaining such biometric data has been satisfied, such as verification of consumer identity.

Request of consumer to destroy the biometric data; or Within 30 days of consumer’s provisioning of biometric data.

Contact Information

If you have any questions about our use, storage, or security of your biometric data you can contact us at contact@thornapplecu.com

BIOMETRIC INFORMATION CONSUMER CONSENT

As outlined in the “Biometric Information Privacy Policy”, I understand and consent to the collection, use, retention, storage, and/or disclosure or re-disclosure of data or images from biometric verification technology by Thornapple Credit Union, its vendors, and/or the licensor of the Thornapple Credit Union’s consumer verification software. I acknowledge that I have been given a copy of the Policy, or that the Policy has been made accessible to me, and I have had an opportunity to review it and request any additional information concerning the Thornapple Credit Union’s procedures and safeguards for collecting, maintaining, using, disclosing, sharing, storing, and/or destroying this data.