Biometric Data Policy
Effective Date: November 6, 2024
Last Updated: November 6, 2024
1. Introduction
Persona Jewelry, a brand of TEMPUS LUXURY, LLC ("Persona Jewelry," "Company," "we," "us," or "our"), is committed to protecting the privacy and security of biometric data in compliance with applicable laws, including the Illinois Biometric Information Privacy Act (BIPA), Texas Business and Commerce Code §503.001, and other state regulations. This Biometric Data Policy ("Policy") outlines our practices regarding the collection, use, storage, and destruction of biometric identifiers and biometric information (collectively, "Biometric Data") when you ("User," "you," or "your") use our services.
By accessing or using our website www.personajewels.com ("Website"), mobile applications, or any related services (collectively, the "Services"), and by uploading your biometric data, you acknowledge that you have read, understand, and agree to the terms of this Policy. If you do not agree with this Policy, please do not provide your biometric data or use our Services.
2. Definitions
- Biometric Identifier: A retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
- Biometric Information: Any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual.
- Confidential and Sensitive Information: Personal information that requires special handling due to its sensitive nature, including Biometric Data.
- Services: Our Website, mobile applications, and related services through which biometric data may be collected.
3. Purpose of Collection
We collect Biometric Data solely for the purpose of creating personalized jewelry products as requested by you. The Biometric Data is used to engrave or embed your unique biometric identifiers (e.g., fingerprints) onto the jewelry items you order, providing a customized and personal touch to our products.
4. Consent and Collection
4.1. Implied Informed Consent
By voluntarily uploading your biometric data through our Services, you consent to the collection, use, storage, and disclosure of your Biometric Data as described in this Policy. Your actions constitute your agreement to this Policy and serve as your informed consent.
- Acknowledgment: By uploading biometric data, you acknowledge that you have been informed of the purpose and intended use of your Biometric Data.
- Acceptance of Policy: Your use of our Services and provision of biometric data signify your acceptance of this Policy and our Privacy Policy.
- Right to Decline: You have the right to decline providing Biometric Data. If you choose not to provide the required biometric data, we may not be able to offer certain personalized services or products.
4.2. Methods of Collection
- Secure Uploads: Biometric Data is collected when you voluntarily upload fingerprint images or other biometric identifiers through secure channels on our Website.
- Data Minimization: We collect only the Biometric Data necessary to fulfill your specific order and no more.
4.3. Notice at Collection
At the point of biometric data submission, we provide clear and conspicuous notice of:
- Purpose of Collection: The specific purpose and intended use of your Biometric Data.
- Duration of Storage: The length of time your Biometric Data will be stored and used.
- Link to Policy: Access to this Biometric Data Policy for detailed information.
5. Use of Biometric Data
5.1. Limited Purpose
Your Biometric Data is used exclusively for:
- Product Personalization: Designing and manufacturing the personalized jewelry item(s) you have ordered.
- Order Fulfillment: Ensuring the accuracy and quality of the personalized product.
5.2. No Additional Use
We do not use your Biometric Data for any purposes other than those explicitly stated in this Policy. Specifically, we do not:
- Use Biometric Data for marketing, advertising, or promotional purposes.
- Sell, lease, trade, or otherwise profit from your Biometric Data.
- Use Biometric Data for identifying or tracking purposes beyond fulfilling your order.
6. Disclosure of Biometric Data
6.1. Third-Party Service Providers
We may share your Biometric Data with trusted third-party service providers solely for the purpose of fulfilling your order. These providers are contractually obligated to:
- Confidentiality: Maintain the confidentiality of your Biometric Data.
- Restricted Use: Use your Biometric Data only for the specific services they provide to us.
- Security Measures: Implement appropriate security measures to protect your Biometric Data.
6.2. Legal Obligations
We may disclose your Biometric Data if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government investigations), after providing you with notice if legally permissible.
6.3. Mergers and Acquisitions
In the event of a merger, acquisition, or sale of all or a portion of our assets, your Biometric Data may be transferred to the acquiring entity. We will notify you before your Biometric Data becomes subject to a different privacy policy.
7. Storage and Protection of Biometric Data
7.1. Data Security Measures
We are committed to protecting your Biometric Data using a combination of administrative, technical, and physical safeguards:
- Encryption: Biometric Data is encrypted during transmission and at rest using industry-standard encryption protocols.
- Access Controls: Access to Biometric Data is strictly limited to authorized personnel who require access for order fulfillment.
- Secure Servers: Biometric Data is stored on secure servers located in controlled environments with restricted access.
- Security Policies: We maintain comprehensive security policies and conduct regular training for employees on data protection practices.
- Monitoring and Audits: Regular security assessments, audits, and monitoring to detect and prevent unauthorized access or disclosure.
7.2. Retention Schedule
- Duration of Storage: Biometric Data is retained only for as long as necessary to fulfill the purpose for which it was collected, which includes the time required to produce and deliver your personalized product. In general, we retain Biometric Data for no longer than three (3) years from your last interaction with us.
- Compliance with Laws: Retention periods comply with all applicable federal, state, and local laws and regulations.
8. Destruction of Biometric Data
8.1. Destruction Methods
Upon expiration of the retention period or completion of the purpose for which Biometric Data was collected, we will permanently and securely destroy your Biometric Data using methods designed to prevent reconstruction or retrieval:
- Digital Data: Secure deletion protocols that overwrite data to render it unrecoverable.
- Physical Media: Shredding, pulverizing, or incinerating physical storage devices containing Biometric Data.
8.2. Documentation of Destruction
We maintain records documenting the destruction of Biometric Data, including:
- Date of Destruction: The date when the Biometric Data was destroyed.
- Method of Destruction: The specific method used to destroy the Biometric Data.
- Verification: Confirmation that the destruction was completed successfully.
9. Your Rights Regarding Biometric Data
9.1. Access and Correction
You have the right to:
- Access: Request information about the Biometric Data we have collected about you.
- Correction: Request corrections to any inaccurate or incomplete Biometric Data.
To exercise these rights, please contact us at [email protected].
9.2. Deletion Requests
You may request the deletion of your Biometric Data before the end of the retention period. We will comply with your request unless:
- Legal Obligations: Retention is required by law or legal process.
- Completion of Service: The Biometric Data is necessary to complete your order or fulfill our contractual obligations.
9.3. Withdrawal of Consent
If you wish to withdraw your consent for the collection and use of your Biometric Data, please contact us. Please note that withdrawal of consent may impact our ability to provide certain services or complete your order.
9.4. Complaint Resolution
If you believe that we have violated your rights regarding Biometric Data, you may file a complaint with:
- Our Company: Contact us at [email protected], and we will promptly investigate and address your concerns.
- Regulatory Authorities: You may also file a complaint with the relevant data protection authority in your jurisdiction.
10. Policy Availability and Updates
10.1. Availability
This Biometric Data Policy is:
- Online Access: Available on our Website at https://www.personajewels.com/biometric-data-policy.
- Upon Request: Available upon request by contacting us at [email protected].
10.2. Policy Updates
We reserve the right to modify or update this Policy at any time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
- Notification of Changes: We will provide notice of significant changes by posting the updated Policy on our Website and updating the "Effective Date."
- Continued Use: Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated terms.
11. Compliance with Applicable Laws
We comply with all applicable federal, state, and local laws and regulations regarding the collection, use, storage, and destruction of Biometric Data, including but not limited to:
11.1. Illinois Biometric Information Privacy Act (BIPA)
- Compliance Measures: We adhere to BIPA's requirements for informed consent, data retention, and destruction.
- Private Right of Action: BIPA provides individuals with the right to take legal action in the event of violations.
11.2. Texas Business and Commerce Code §503.001
- Disclosure Limitations: We do not sell, lease, or disclose Biometric Data to third parties except as permitted by law.
- Consent Requirements: Collection and use of Biometric Data are conducted with appropriate consent.
11.3. Other State Laws
We comply with other state laws and regulations that may apply to Biometric Data, including but not limited to:
- Washington State H.B. 1493
- California Consumer Privacy Act (CCPA)
- New York SHIELD Act
12. Data Breach Notification
In the unlikely event of a data breach involving Biometric Data, we will:
- Prompt Notification: Notify affected individuals in a timely manner as required by applicable laws.
- Regulatory Compliance: Report the breach to relevant regulatory authorities as required.
- Mitigation Efforts: Take immediate steps to mitigate the breach and prevent future occurrences.
13. Children's Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect Biometric Data from children under 18. If we become aware that we have inadvertently collected Biometric Data from a child under 18, we will promptly delete such data from our records.
14. International Users
Our Services are operated in the United States. If you are accessing our Services from outside the United States, please be aware that your Biometric Data may be transferred to, stored, and processed in the United States where our servers are located.
- Consent to Transfer: By providing your Biometric Data, you consent to the transfer and processing of your data in the United States.
- Data Protection Laws: The data protection laws in the United States may differ from those of your country. We take appropriate measures to ensure that your Biometric Data is treated securely and in accordance with this Policy.
15. Contact Information
If you have any questions, concerns, or comments about this Biometric Data Policy or our practices regarding Biometric Data, please contact us:
- Email: [email protected]
- Phone: (786) 706-7656
-
Mailing Address:
Persona Jewelry
Attn: Biometric Privacy Officer
133 NE 2nd Ave
Apt 2605
Miami, FL 33132
United States