DoorBird Biometric Policy

This Policy is applicable to residents of the United States of America.

Bird Home Automation GmbH and its subsidiary EM Consult LLC (“DoorBird”) has instituted the following policy related to any finger-sensor or biometric data that DoorBird may possess, if any, as a result of DoorBird’s customers’ and customers’ end users’ and/or other individuals who are provided access to the DoorBird devices (“User” or “Users”) and/or use of DoorBird products and services and whose data is transmitted or disclosed to DoorBird by its customers. Where DoorBird products are owned and operated by another entity with its own customers/end users, such as an employer or multi-residence building operator, such customers are responsible for developing and complying with their own biometric data policies, including retention and destruction policies, as may be required under applicable law as further set forth below.

BIOMETRIC DATA DEFINED

As used in this policy, biometric data means any biological characteristics of a person, or information based upon such a characteristic, including characteristics such as those defined as “biometric identifiers” and “biometric information” under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. (“BIPA”). Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, received through trade or otherwise obtained or shared, based on an individual’s biometric identifier used to identify an individual. Some DoorBird devices utilize a finger-sensor which may be considered to collect biometric data.

COLLECTION, STORAGE, USE, AND TRANSMISSION OF BIOMETRIC DATA

DoorBird’s customers are responsible for compliance with applicable law, governing any collection, capture, receipt through trade or otherwise obtained, possession, storage, use, and/or transmission of biometric data they conduct or facilitate, including, but not limited to, BIPA; Tex. Bus. & Com. Code § 503.001; Wash. Rev. Code § 19.375.020; Virginia Consumer Data Privacy Act, § 59.1-574(A)(5); “the New York Stop Hacks and Improve Electronic Data Security Act, N.Y. Gen Bus. Law § 899-bb; “Arkansas Code § 4-110-103(7); Colorado Privacy Act. Colo. Rev. Stat. 6-1-1301 et.seq. and any other local, state and federal statute enacted into law. DoorBird’s customers shall obtain written authorization from each User of DoorBird devices to collect, capture, receive or otherwise obtain, possess, store, use, and/or transmit biometric data prior to the collection of such data. Specifically, DoorBird must inform its customers that they must:

Establish a retention and destruction schedule that complies with any required statute including, but not limited to, BIPA, must make such policy available to the public and need to follow that schedule with timely data deletion;
Notify the subjects of collection or Users, in writing, that finger-sensor data is being collected, captured, received through trade, otherwise obtained, possessed, stored, used, and disclosed by DoorBird’s customers and/or DoorBird;
Notify the subjects of collection or Users in writing of the purposes and length of term that finger-sensor data is being collected, captured, received through trade, otherwise obtained, possessed, stored, used and disclosed by DoorBird’s customers and/or DoorBird; and
Obtain a written release consenting to the collection, capture, receipt through trade or otherwise obtain, possession, storage, use and disclosure of finger-sensor data by DoorBird customers and/or by DoorBird.

DoorBird and/or its vendors do not receive, store, use and/or transmit any biometric data obtained via a DoorBird product. Such biometric data is only stored within the device itself. Therefore, neither DoorBird nor its vendors will sell, lease or trade any biometric data that it receives from customers or customer employees as a result of their use of DoorBird devices and services.

RETENTION SCHEDULE

DoorBird will retain any client’s employee’s or User’s biometric data in DoorBird’s possession, if any, until the customer notifies DoorBird Systems that it has terminated the employee or User or discontinued their access to the DoorBird devices. When DoorBird Systems receives notification that (1) a customer’s employee’s employment has been terminated or the employee’s or User’s access has been discontinued; or (2) the customer otherwise has discontinued using the DoorBird devices; or (3) the User requests in writing that his/her data be deleted. DoorBird’s retention of finger-sensor or biometric data shall be no longer than the earlier of the date when (i) the customer ceases to have a relationship with DoorBird or (ii) within three (3) years after the customer informs DoorBird that its last interaction with User has occurred.

BIOMETRIC DATA STORAGE

DoorBird and/or its vendors shall use the reasonable standard of care in DoorBird’s industry to store, transmit and protect from disclosure any finger-sensor or biometric data collected or received, and shall store, transmit, and protect from disclosure all finger-sensor or biometric data in a manner that is the same as or more protective than the manner in which DoorBird stores, transmits, and protects other personal information of Users.