CSG Biometric Policy
Last Updated: April 2021
CSG Systems International, Inc. (“CSG”) provides this Biometric Policy to address the collection and use of Biometric Information (defined below) using the Microsoft Hello for Business application to log in to CSG-owned laptops (“Device“).
Providing consent and enabling Microsoft Hello for Business is purely voluntary.
An employee will be able to log in using such employee’s current password without it. To the extent that an employee has provided consent, the Device may scan such employee’s finger or face (“Biometric Identifier”), which will be used in combination with other personally-identifiable information (“Biometric Information”)toconfirmsuch employee’sidentity in order to log into the Device.
The Device will scan an employee’s finger or face to create Biometric Information; and thereafter, each time such employee uses the Device, such employee’s finger or face will be scanned and compared to the Biometric Information created by the initial scan. Except as explained below, Biometric Information is not stored by CSG or Microsoft, but rather individually stored on the given Device in encrypted form. Certain limited information will be provided to Microsoft for diagnostic purposes.
Biometric Information will be used solely for identity verification purposes when logging into the Device and will be securely destroyed by disabling an employee’s user profile (which renders Biometric Identifiers and Biometric Information inaccessible, unrecoverable, unreadable, unusable, undecipherable, and not capable of being constructed) within one month following the termination of that user’s employment. In addition to storing Biometric Information in encrypted form on the given Device, CSG and Microsoft will use a reasonable standard of care if they store or transmit the Biometric Information. CSG and Microsoft will not sell, lease, trade or otherwise profit from the Biometric Information and will not disclose it other than as described above (except to authorized service providers) unless:
- The disclosure is required by state or federal law, or municipal ordinance;
- The disclosure is required pursuant to a valid warrant or subpoena, issued by a court of competent jurisdiction; or
- The employee otherwise consents to the
Consent to the collection and limited sharing of Biometric Information is completely voluntary and an employee may withdraw consent at any time by re-taking the Acknowledgement of Biometric Policy and Consent Form and changing the response to a negative or non consent.
If an employee does withdraw consent in the future, the attribute associated with the employee’s user profile will be removed (which renders Biometric Identifiers and Biometric Information inaccessible, unrecoverable, unreadable, unusable, undecipherable, and not capable of being constructed) within two weeks following CSG’s receipt of the employee’s withdrawal of his or her Acknowledgement of Biometric Policy and Consent Form. Biometric Information will no longer be used by Microsoft Hello and the employee will be able to log in using the employee’s current password.