Thumbies, LLC (“Thumbies”, "Company", "we", "us", "our") has established this Biometric Information Privacy and Security Policy (“Policy”) to define its policy and procedures for collection, use, safeguarding, storage, retention, and destruction of biometric data collected by or provided to the Company as a result of the Company’s operations, its Partners, and customers designing, creating and purchasing products and/or services. It is the Company’s policy to protect biometric data of its customers and potential customers (“Customers”) in accordance with the applicable laws regarding biometric information and privacy including, but not limited to laws of Arkansas, California, Illinois, Texas and Washington.
To be clear, the Company’s Partners are responsible for developing and ensuring that their own practices comply with applicable law regarding biometric data and information.
As used in this Policy, “Biometric data” means personal information about an individual’s physical characteristics used to identify that person, specifically including “biometric identifiers” and “biometric information” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1, et seq. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s Biometric identifier used to identify an individual. “Biometric data” also includes biometric information, as defined by Cal. Civil Code 1798.140(b), meaning “an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity...this includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.”
Thumbies makes jewelry, keepsakes and other products. Customers can use the Company’s services to design and/or purchase products from the Company that include an individual’s fingerprint, handprint, foot-prints, handwriting, soundwave/voice/audio recording, pet print and/or other user-generated print, photo/image, and/or audio recording (“Print”) that is provided by the customer. The Print submitted by customers are often from a deceased loved one. The Company uses its proprietary process and software to create a mold and/or imprint of the Print that is used to create products purchased by the customer. The Print and information collected by the Company may be considered to be Biometric data or information, but it is not used by the Company to identify the individual whose fingerprint, handprint, foot-print, handwriting, soundwave/voice/audio recording, pet print and/or other user-generated print, photo/image, and/or audio recording is provided by the customer.
When a customer seeks to design a product or service using an Print, they can use the Company’s Website, Mobile App, electronic devices, paper application or other medium or have a Partner of the Company use an electronic device, paper application or other medium to provide the Print that the customer wants to use. The Print is collected, stored, used, disclosed and/or transmitted by the Company and/or its Partners to design, create, and process orders and/or purchases of products for the customer and/or individual whose data it is (or their authorized legal representative). The Company will not sell, lease, or trade any Print that it collects or receives from its Partners or directly from customers, except for with respect to designing, creating and processing products for the customer that provided the Print.
Out of an abundance of caution and to ensure complete disclosure to its customers the Company and its Partners will take the following actions when collecting, reviewing, capturing, using or otherwise obtaining an individual’s fingerprint, handprint, foot-prints, handwriting, soundwave/voice/audio recording, pet print and/or other user-generated print, photo/image, and/or audio recording from a customer:
When the information is for a deceased individual, the written consent to store, use and retain the Print must be provided by the legal personal representative of the deceased estate or in charge of the decedent’s property (i.e. executor, administrator, surviving spouse, appointed by court, etc.).
Other than to create the products that a customer wants to purchase, the Company will not sell, lease, trade, or otherwise profit from Prints or any other the information that could be considered Biometric data that it or its Partners collect.
The Company will not disclose or disseminate any Print or any other the information that could be considered Biometric data to anyone, other than with the Company’s Partner who collected it, to allow customers to design products using their Print and in creating a product purchased by a customer, without/unless:
The Company will take commercially reasonable measures to confirm its Partner that collects Print of or for a customer does not sell, lease, trade, or otherwise profit from any biometric data of the customer or the individual that the Print is collected from; provided, however, that Company may pay its Partner for services of collecting and transmitting the information to the Company.
The Company shall use a commercially-reasonable standard of care when storing, transmitting and in protecting from disclosure, any Print or any other the information that could be considered Biometric data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual.
Except as otherwise provided, the Company shall retain customer’s Prints and any information that could be considered Biometric data only until the first of the following occurs:
Once one of those events occurs, the Company will destroy the data that it is storing and will request that its Partners and any Service Providers permanently destroy such data, unless required to be preserved under federal, state or local laws.
This Policy replaces and supersedes all previous policies related to Prints and/or biometric information. The Company reserves the right to modify this Policy at any time. In the event the Company expands its use of biometric information or begins collecting biometric information for any additional purpose, the Company will update this policy, and require an additional consent. Nothing in this policy creates any contractual obligations or any greater obligations, protections, or liabilities than required by applicable law between the Company and any customer, especially with respect to any information or Prints that are not considered Biometric information or data.