Biometric Policy

BIOMETRIC INFORMATION POLICY AND INFORMED CONSENT FOR BIOMETRIC DATA USE IN THE DONATION PROCESS

WHAT ARE BIOMETRICS?

Biometrics is the measurement of an individual’s physical and/or behavioral characteristics. The technology associated with biometrics has many uses, but frequently, it is used to verify personal identity. Examples of physical characteristics that constitute a “biometric identifier” include fingerprints, face, hand, retina, or ear features. Some examples of behavioral characteristics that constitute a biometric identifier include voice, gestures, and typing rhythm.  Biometric information means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.  As used in this Biometric Information Policy, “biometrics” or “biometric data” include “biometric identifiers” and “biometric information.”

BIOMETRIC INFORMATION POLICY

ImmunoTek has instituted this Biometric Information Policy to establish certain guidelines regarding the collection, use, safeguarding, storage, retention, and destruction of a donor’s biometric data that may be obtained by ImmunoTek and our third-party software database provider as part of our automated plasmapheresis program and donor screening process.

HOW BIOMETRICS IS COLLECTED AND USED BY IMMUNOTEK PLASMA CENTERS

We use biometrics technology in the form of a fingerprint scan of a donor to confirm the identity of a donor in our system and securely allow the donor to access the self‐interview questionnaire at the kiosk as part of the donor screening process. The fingerprint sensor takes a ‘picture’ of a donor’s finger and converts it into a numerical value called an electronic SIGNATURE. The original picture of a donor’s fingerprint cannot be copied and is deleted in the event that the donor has not visited the plasma center for donation in the last six (6) months. Our system will store a donor’s unique fingerprint SIGNATURE (numerical value) securely in the donor’s profile. It will only be used as a means of donor identification for future donations. A donor’s fingerprint or associated electronic data will not be used by other programs and will never be given to outside parties other than our third-party software database management vendor as described in this Policy.

THIRD-PARTY DATABASE PROVIDER

ImmunoTek uses a software and database service provided by Haemonetics Corporation (“Haemonetics”) as part of our effort to use the fingerprint scan method to screen new and returning donors. This software helps ImmunoTek screen donors by using the finger scan method of authenticating to the software service to identify donors who may be ineligible to donate.

The biometric data provided to the software service through the finger scanner is a unique series of characters as described above and is stored in a database as part of the software service provided by Haemonetics to ImmunoTek.  While the database is stored on a server owned by Haemonetics, ImmunoTek owns the data (including any biometric data) stored within the database, and we may use it when a donor scans his or her finger into the software service for screening donors. ImmunoTek’s policy and practice are to only retain biometric data for as long as necessary to satisfy the initial purpose for which it was collected, and we destroy any donor data kept in the database if the donor has not visited the plasma center for donation within six (6) months from the date of the most recent donation or center visit and to direct Haemonetics on the retention or destruction of such data. Haemonetics’s publicly available privacy policy, which provides information on when Haemonetics will delete donor data, is located at https://www.haemonetics.com/privacy-statement.

SECURE USE OF BIOMETRICS

ImmunoTek will not sell, lease, trade, or otherwise profit from a donor’s biometric identifier or biometric information. We will not disclose, redisclose, or otherwise disseminate a donor’s biometric identifier or biometric information to other parties other than to Haemonetics through the software database service it provides to ImmunoTek and other than disclosure required by applicable law or valid subpoena issued by a court of competent jurisdiction. ImmunoTek shall store, transmit and protect from the disclosure of biometric identifiers and biometric information using a reasonable standard of care consistent within our industry and in a manner that is the same as or more protective than the manner in which we store and protect other confidential and sensitive information.

DELETION OF DONOR BIOMETRICS

Absent a warrant or subpoena issued by a court of competent jurisdiction, in the event a donor has not visited the plasma center for donation within six (6) months from the date of the most recent donation or center visit, rendering the donor inactive, any donor biometric data will be deleted from our system.

ImmunoTek may modify and update this Policy at any time without prior notice.  This Policy and Consent Agreement is maintained by the Company in my donor record file.