Last Updated: 1/4/2023
Forged & Formed Inc. (“Forged & Formed”, “Company”, “we”, “us”, “our”) has composed this Biometric Information Privacy and Security Policy (“Policy”) to define its policy and procedures for collection, use, safeguarding, storage, retention, and destruction of biometric data collected by or provided to the Company as a result of the Company’s operations, its Partners, and customer designing, creating and purchasing products and/or services. It is the Company’s policy to protect biometric data of its customers and potential customers (“Customers”) in accordance with the applicable laws regarding biometric information and privacy including, but not limited to, laws of the states of Arkansas, California, Illinois, Texas, and Washington.
First, the Company’s Partners are responsible for developing and ensuring that their own practices comply with applicable laws regarding biometric data and information.
Biometric Data Defined
As used in this Policy, “Biometric Data” refers to personal information about an individual’s physical characteristics used to identify that person, specifically including “Biometric Identifiers” and “Biometric Information.” “Biometric Identifier” refers to a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. “Biometric Information” refers to any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s Biometric Identifier used to identify an individual. “Biometric Data” also includes biometric information, as defined by Cal. Civil Code 1798.140(b), meaning “an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity...this includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.”
Purpose and Procedure
Forged & Formed creates keepsake jewelry and other products. Customers can use the Company’s services to design and/or purchase products from the Company that include a pet nose or paw print, an individual’s handprint, footprint, fingerprint, and/or other user-generated print, (“Print”) that is provided by the customer. The Company uses its proprietary process and software to create an imprint of the Print that is used to create products purchased by the customer. The Print and information collected by the Company may be considered to be Biometric data or information, but it is not used by the Company to identify the individual whose Print is provided by the customer.
When a customer seeks to design a product or service using a Print, they can use the Company’s Website, an electronic device, or other medium to provide the Print the customer wants to use. The Print is collected, stored, used, disclosed and/or transmitted by the Company and/or its Partners to design, create, and process orders and/or purchases of products for the customer and/or individual whose data it is (or their authorized legal representative). The Company will not sell, lease, or trade any Print that it collects or receives from its customers, except for with respect to designing, creating and processing products for the customer that provided the Print.
Out of an abundance of caution and to ensure complete disclosure to its customers the Company will take the following actions when collecting, reviewing, capturing, using or otherwise obtaining an individual’s pet print, handprint, footprint, fingerprint, and/or other user-generated print, from a customer:
- Inform the customer and individual (or authorized legal representative of the individual) whose information is being provided and used to design or make a product, in writing that the Company may be collecting, capturing, using or otherwise obtaining information that could be considered Biometric Data.
- Inform the customer and individual (or authorized legal representative of the individual) whose information is being provided and used to design or make a product, of the specific purpose and length of time for which the Company collects, stores and uses information that could be considered Biometric Data.
- Obtain a written consent signed by the customer and/or individual (or the individual’s legally authorized representative) whose Biometric Information is being used authorizing the Company and its vendor to collect, store, use, and/or retain information that could be considered Biometric Data for the specific purposes disclosed by the Company, and for the Company to provide such information to its vendors.
Other than to create the products that a customer wants to purchase, the Company will not sell, lease, trade, or otherwise profit from Prints or any other the information that could be considered Biometric Data that the Company collects.
The Company will not disclose or disseminate any Print or any other information that could be considered Biometric Data to anyone, to allow customers to design products using their Print and in creating a product purchased by a customer, without/unless:
- First obtaining written consent from the customer who provided it and individual whose information it is to such disclosure or dissemination;
- The disclosed data completes a financial transaction requested or authorized by the customer and/or and the individual whose information it is;
- Disclosure is required by state or federal law or municipal ordinance; or
- Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
The Company shall use a commercially-reasonable standard of care when storing, transmitting and in protecting from disclosure, any Print or any other information that could be considered Biometric data. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual.
Except as otherwise provided, the Company shall retain customer’s Prints and any information that could be considered Biometric Data only until the first of the following occurs:
- The initial purpose for collecting or obtaining such Print or information that could be considered Biometric Data has been satisfied, such as the customer requesting that the Print be permanently destroyed; or
- For Prints that could be considered Biometric Data – the customer does not interact with the Company for three (3) years, such as logging into their account, using their account to design a product, or purchases a product through their account.
When one of those events occurs, the Company will destroy the data that it is storing and will request that its Service Providers permanently destroy such data, unless required to be preserved under federal, state or local laws.
This Policy replaces and supersedes all previous policies related to Prints and/or Biometric information. The Company reserves the right to modify this Policy at any time. In the event the Company expands its use of Biometric Information or begins collecting Biometric Information for any additional purpose, the Company will update this policy, and require an additional consent. Nothing in this policy creates any contractual obligations or any greater obligations, protections, or liabilities than required by applicable law between the Company and any customer, especially with respect to any information or Prints that are not considered Biometric Information or Data.