Consent to Collection and Storage of Biometric Data.
By using the Services, you consent to Keyo's collection and storage of your Biometric Data in accordance with the terms of this Biometric Data Policy.
Biometric data is identifying information related to your biometric characteristics which may be used to identify you. Examples of common forms of biometric data that you may use in your daily life include fingerprints, voiceprints, veins in your palm, facial recognition, and iris or retina recognition. When Keyo talks about “Biometric Data”, we are referring to certain physical information we collect about you (such as your palm print or internal vein pattern) in order to identify you individually in order to provide you our resources and services available through our Website, applications and APIs (the “Services”).
When you sign up for a Keyo account, you will provide certain Biometric Data at a Keyo kiosk. Keyo collects that Biometric Data and then encrypts and stores it on Keyo’s data servers, which Keyo will use to identify you when you want to use the Services. Keyo does not collect, capture, receive or otherwise obtain your Biometric Data without notifying you in writing in advance or without your consent or without the consent of your legally authorized representative. You may decline to provide your Biometric Data. However, if you decline to provide Biometric Data, certain Services that require the use of such data will become unavailable to you. You may also experience a loss of functionality of some or all of the Services that we provide.
In order to use the Services, such as at a point of sale, you will use an input device or terminal designed to collect your Biometric Data, which will then be encrypted and sent to Keyo and compared with the Biometric Data you provided when you enrolled and signed up for your Keyo account. If it is a match, your transaction will be approved and your account will be charged for the purchase you are making.
Keyo does not sell, lease, or trade your Biometric Data to any third parties or derive any profit in such a manner. Keyo may work with certain third parties to provide the Services to you, but only as necessary to provide you with such Services. Keyo has agreements with third parties that will receive your Biometric Data where the third party has a legitimate need to deliver the Services to you. These third parties are required to keep your Biometric Data secret and secure. We do not disclose, re-disclose or otherwise disseminate your Biometric Data without your request or consent or without the request or consent of your legally authorized representative. However, in certain specific instances, we may be compelled to disclose your Biometric Data in cases where such disclosure or re-disclosure is required by State or federal law, or municipal ordinance, or when required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
In order to deliver the Services to you, Keyo stores and uses your Biometric Data as long as you have an active account with Keyo. Your account is considered “active” as long as you have used the Services within the last year (unless you specifically request that we close your account sooner). You may request that we delete your Biometric Data by notifying us at [email protected] We reserve the right to maintain certain, limited non-biometric Personal Data that you provide for a period of up to five (5) years for purposes of maintaining legally required records for your various consents and authorizations.
After you close your account (or your account automatically closes, as described above), Keyo will keep your Biometric Data on file for a reasonable time of up to one year, for reasons including fraud prevention. Keyo will permanently destroy your Biometric Data on or before the one-year anniversary of the date that you cancel your account (or the one-year anniversary after the date that you last used your Keyo account). After your account is closed, you will need to re-enroll and provide your Biometric Data to Keyo again before you can use the Services.
The Personal Information Protection Act, Arkansas Code §4-110-103(7) (2019 Amendment) includes Biometric Data which it defines as “Fingerprints; Faceprint; A retinal or iris scan; Hand geometry; Voiceprint analysis; Deoxyribonucleic acid (DNA); or Any other unique biological characteristics.”
Under the California Consumer Privacy Act (CCPA), Biometric Data is defined to include, among other tthings, physiological, biological or behavioral characteristics, including imagery of the hand, palm, and vein patterns from which identifying information can be extracted,
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act (2019) provides that certain biometric information is private information and defines biometric information to include fingerprints, voiceprints, retina or iris images, or other unique physical characteristics.
Last updated: July 19, 2021