Hamra Biometric Data Policy

NAVIGATE

Hamra Biometric Data Policy

BIOMETRIC DATA PRIVACY POLICY

Hamra Enterprises[1] (the “Company”) has instituted the following Biometric Data Privacy Policy (the “Policy”):

Purpose of This Policy

The purpose of this Policy is to notify you of the policy and procedures that may be used to collect, capture, use and store your biometric data.

Biometric Data Defined

As used in this Policy, biometric data includes “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1, et seq., commonly referred to as “BIPA”. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers. This Policy is intended to govern biometric data that is unique, measurable biological or behavioral characteristics that can be used for identification and that are regulated by applicable state or federal laws or industry standards in the jurisdictions and industries that Hamra Enterprises does business in (including, without limitation, fingerprints, thumbprints, voiceprint, retina scans, and iris scans).

Purpose for Collection of Biometric Data

The Company, its vendors, the licensor of the Company’s time and attendance equipment and software, and/or the licensor of the Company’s point-of-sale equipment and software, may from time to time collect, store, and use biometric data solely for employee identification and fraud prevention purposes in connection with Company’s current time and attendance and point-of-sale systems and equipment, and in connection with any other workplace equipment (including work-issued computers and back-office servers) used currently or that may be utilized in the future by Company in order to identify employees using such equipment, keep track of employee’s time and attendance, access certain functions on the point-of-sale systems, and, in general, prevent fraud. All such equipment is referred to herein collectively as “Workplace Equipment”, and the vendors and licensors of such Workplace Equipment and related software used on such Workplace Equipment are collectively referred to herein as “Vendors and Licensors”.  The current Workplace Equipment and related software utilized by the Company does not collect, use or store a complete fingerprint or thumbprint.  If the fingerprint or thumbprint technology on such Workplace Equipment is activated, the equipment creates a “template” of the employee’s fingerprint or thumbprint by collecting employee’s pressure points and key characteristics of the fingerprint or thumbprint.  Providing biometric information in order to utilize such Workplace Equipment is not a condition to your employment.  You may opt out of this process and use alternative methods (such as, but not limited to, swipe cards).

Disclosure to Employee and Authorization by Employee

To the extent that the Company and its Vendors and Licensors of the Workplace Equipment collect, capture, or otherwise obtain biometric data relating to an employee, the Company must first:

  1. Inform the employee in writing that the Company and its Vendors and Licensors of the Workplace Equipment and related software are collecting, capturing, or otherwise obtaining the employee’s biometric data, and that the Company is providing such biometric data to such Vendors and Licensors;
  2. Inform the employee in writing of the specific purpose and length of time for which the employee’s biometric data is being collected, stored, and used; and
  3. Receive a written release signed by the employee (or his or her legally authorized representative) authorizing the Company and its Vendors and Licensors of the Workplace Equipment and related software to collect, store, and use the employee’s biometric data for the specific purposes disclosed by the Company, and for the Company to provide such biometric data to its Vendors and Licensors of the Workplace Equipment and related software.

In accordance with the above, this Policy addresses (a) and (b) above, and attached to this Policy is the Biometric Data Privacy Employee Consent (the “Consent”) should you choose to authorize Company and its Vendors and Licensors of the Workplace Equipment and related software to collect, capture, or otherwise obtain your biometric data for the purposes described in this Policy.

Please note that due to the organizational structure of the Company, any biometric data provided to a specific employer entity of Hamra Enterprises may be disclosed to or available to all of the affiliated Company entities comprising the Hamra Enterprises organization.  In addition, please note that with respect to each of our restaurants, certain Workplace Equipment, including, without limitation, the point-of-sale system and the back-office server, may be installed by, or software or information on such point-of-sale system or back-office service may be accessible to, the particular restaurant’s franchisor entity or such franchisor’s agents, vendors and licensors. For purposes herein and the Consent, the term “Vendors and Licensors” shall include such franchisor entities and franchisor’s agents, vendors and licensors that install or have access to such Workplace Equipment.

Neither Company nor its Vendors will Sell Your Biometric Data

The Company and its Vendors and Licensors of the Workplace Equipment and related software will not sell, lease, trade, or otherwise profit from employees’ biometric data; provided, however, that the Company’s Vendors and Licensors of the Workplace Equipment and related software may be paid for products or services used by the Company that utilize such biometric data.

Disclosure

The Company will not disclose or disseminate any biometric data to anyone other than to its Vendors and Licensors of the Workplace Equipment and related software that are providing products and services using biometric data without/unless:

  1. First obtaining written employee consent to such disclosure or dissemination;
  2. The disclosed data completes a financial transaction requested or authorized by the employee;
  3. Disclosure is required by state or federal law or municipal ordinance; or
  4. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Data Storage

The Company shall use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers and social security numbers. Your biometric data will be collected, used, retained, and destroyed in accordance with BIPA and any other applicable state and federal privacy laws.

Retention and Disposal of Biometric Data

The Company shall retain employee biometric data only until, and shall request that Vendors and Licensors of the Workplace Equipment and related software destroy such data when, the first of the following occurs:

  1. The initial purpose for collecting or obtaining such biometric data has been satisfied, such as the termination of the employee’s employment with the Company, or the employee moves to a role within the Company for which the biometric data is not used; or
  2. Within 3 years of the employee’s last interaction with the Company.

If you would like additional information from the Company, from the Vendors and Licensors of the Workplace Equipment and related software or from the manufacturer of any workplace equipment that utilizes your biometric information with respect to retention and disposal of your biometric information, please reach out to Company’s IT department or to the Company’s human resource representative.

Amendment of Policy.

The Company reserves the right to amend this Policy at any time in order to remain in compliance with evolving state and federal privacy laws in the jurisdictions where Company does business and with industry practices.

 

[1] Hamra Enterprises is the doing business as name for the entire Hamra Enterprises organization which includes, without limitation, the following employer entities:  Boston Bread, LLC, Chicago Bread, L.L.C., Southern Bread LLC, Wendy’s of Missouri, Inc., Wendy’s of New England, LLC, Hamra Chicago, LLC, Hamra Noodles, LLC, SJH Inns, L.P., and Hamra Management Company, L.L.C., as well as certain other affiliates, subsidiaries and parent companies.  All such companies under the Hamra organization are referred to herein as the “Company”.