Biometric Information Privacy
This Notice explains how Blue Diamond Development Inc. collects, stores, and protects biometric identifiers and biometric information, and your rights to notice, consent, and refusal.
Purpose and Scope
This Biometric Information Privacy Notice (the “Notice”) describes the limited circumstances under which Blue Diamond Development Inc. (“BDDI,” “we,” “our,” or “us”) may collect, store, use, or disclose biometric identifiers or biometric information, and explains your rights with respect to that information.
This Notice applies to employees, contractors, vendors, subcontractors, applicants, tenants, and visitors at our offices, project sites, and managed properties, in every state in which we operate. We comply with the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq., “BIPA”), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001 et seq., “CUBI”), the Washington Biometric Privacy Act (RCW 19.375), and any other applicable state biometric law.
Definitions
- “Biometric Identifier” means a retina or iris scan, fingerprint, voiceprint, scan of hand or face geometry, or similar identifier as defined in the applicable state statute.
- “Biometric Information” means any information, regardless of how it is captured, converted, stored, or shared, based on a biometric identifier used to identify an individual. It does not include writing samples, written signatures, photographs, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.
What We May Collect
In limited circumstances, we may collect biometric identifiers and biometric information for the following purposes:
- Time and Attendance: some construction sites use biometric time clocks (such as a fingerprint or hand-geometry scanner) to track work time and to comply with payroll, prevailing-wage, and certified-payroll requirements.
- Site Access Control: some project sites or managed properties use biometric access systems (such as facial-recognition or hand-geometry scanners) to control access to secure areas, including occupied units, vacant units under renovation, equipment yards, and tool cribs.
- Equipment Operation: some heavy equipment requires fingerprint or facial-recognition unlock for operator authentication.
We do not capture biometric identifiers from members of the general public who simply walk past a property, and we do not use facial-recognition technology to track unrelated members of the public.
Notice and Written Consent
Before we collect a biometric identifier, we will:
- Inform you in writing that the identifier is being collected or stored;
- Inform you in writing of the specific purpose and length of time for which the identifier will be collected, stored, and used; and
- Receive a written release executed by you (or your legally authorized representative).
You are not required to consent. If you do not consent, we will offer an alternate method (such as PIN entry or key-card access) where reasonable.
Storage, Transmission, and Protection
We store biometric data using a reasonable standard of care, which includes:
- Storage in encrypted form, both at rest and in transit;
- Storage that is at least as protective as the manner we use to store our other confidential and sensitive information;
- Limited access on a strict need-to-know basis;
- Vendor due-diligence and contractual safeguards on any third-party processor.
Disclosure
We do not sell, lease, trade, or otherwise profit from biometric data. We do not disclose biometric data to a third party except (a) with your written consent, (b) to a vendor that processes the data on our behalf under contract, (c) when required by valid subpoena or court order, or (d) where disclosure completes a transaction you authorized.
Retention and Destruction
We retain biometric data only as long as necessary to fulfill the purpose for which it was collected, and in any event no longer than three (3) years after the last interaction with the individual or the date the initial purpose for collection has been satisfied, whichever occurs first. After the retention period expires, the data is permanently destroyed using secure deletion procedures.
Your Rights
You have the right to:
- Receive a copy of this Notice;
- Decline to provide biometric data and use an alternative method;
- Request information about whether we hold biometric data about you;
- Request deletion of your biometric data, subject to retention obligations imposed by law.
To exercise any right, contact our Privacy Officer at derrick@bluediamonddevelopinc.com.
State-Specific Provisions
Illinois (BIPA)
Illinois residents are entitled to the rights described in 740 ILCS 14/15, including the right to receive notice and provide a written release prior to collection. Illinois residents may pursue private rights of action under 740 ILCS 14/20.
Texas (CUBI)
Texas residents are entitled to the protections of Tex. Bus. & Com. Code § 503.001. Enforcement is exclusive to the Attorney General.
Washington (RCW 19.375)
Washington residents are entitled to receive prior notice and may decline enrollment.
Other States
Where any other state has enacted a biometric privacy law, we comply with the notice, consent, retention, and destruction provisions of that law.
Updates
We may update this Notice. The “Last Updated” date reflects the most recent revision. Material changes take effect thirty (30) days after posting.
Contact Us
Blue Diamond Development Inc.
Attention: Biometric Privacy Officer
1501 South Greeley Highway, Suite C-3022, Cheyenne, WY 82007
Phone: (888) 851-1477
Email: derrick@bluediamonddevelopinc.com
Vendor and Service Provider Requirements
Where we engage a third-party vendor (such as a time-clock provider, access-control provider, or background-check provider) that processes biometric data on our behalf, we enter into a written contract that requires the vendor to (a) process biometric data only on our written instructions and only for the purpose stated, (b) implement technical and organizational measures consistent with this Notice, (c) limit access to authorized personnel on a need-to-know basis, (d) destroy or return biometric data on termination of the engagement, and (e) maintain a written information security program. We perform vendor due diligence at engagement and on a periodic basis.
Cross-Border Transfers and Local Requirements
If a project, office, or managed property is located in a state with biometric legislation, we follow the state’s specific notice, consent, retention, and destruction obligations even where stricter than this Notice. Where a project crosses state lines (such as a multi-state portfolio), we apply the strictest applicable standard. We do not transfer biometric data outside the United States.
No Transfer for Marketing or Profit
We do not sell, lease, license, or otherwise transfer biometric data for monetary consideration or other valuable consideration. We do not use biometric data for marketing, advertising, behavioral profiling, or any purpose unrelated to the purpose for which it was collected.
Right to Refuse and Alternative Methods
You have the right to refuse to provide biometric data. Where biometric data is requested for time-and-attendance, we offer an alternative method, such as PIN entry on a mobile time-clock app, key-fob check-in, or supervisor verification. Where biometric data is requested for site access, we offer alternative methods such as a physical access card, PIN entry, or escort by an authorized employee.
Refusal to provide biometric data will not result in any adverse employment, contracting, leasing, or other consequence.
Specific Notices for Worksites and Properties
At every site, office, or managed property where biometric collection occurs, we post a written notice at the point of collection that (a) describes the type of biometric identifier captured, (b) describes the purpose of capture, (c) describes the retention period and destruction practice, and (d) provides contact information for questions, including the contact information of our Biometric Privacy Officer. You may request a written copy of any posted notice by contacting our Biometric Privacy Officer at derrick@bluediamonddevelopinc.com.
Incident Response and Notification
If we become aware of an unauthorized acquisition, access, use, or disclosure of biometric data, we will (a) investigate the incident, (b) take reasonable steps to contain and remediate the incident, (c) notify affected individuals and applicable regulators in accordance with applicable breach-notification laws, and (d) document the incident in a manner consistent with our internal incident-response policy. Notification timing follows the strictest applicable state law for the residency of affected individuals.
No Use for Surveillance or Profiling
We do not use biometric data to track the location of employees or contractors throughout the day, to monitor productivity beyond the time-and-attendance functions disclosed in this Notice, to make automated employment or housing decisions, or for any other surveillance or profiling purpose. Time-and-attendance biometric data is used only to record clock-in and clock-out events for payroll and certified-payroll purposes.
Minors
We do not collect biometric data from minors except in limited circumstances permitted by law (such as a minor lawfully employed in a permitted occupation), and only with the prior written consent of the minor’s parent or legal guardian.