Cubex LLC (“Cubex”, “we”, “us”, “our”) has adopted and instituted the following procedures and policy related to any Biometric Data that may be collected as a result of our customers’ and their respective employees’ or agents’ use of the Cubex products and services. Cubex customers are responsible for developing and complying with their own Biometric Data collection, use, storage, retention and destruction procedures and policies as may be required under any and all applicable laws and regulations.
“Biometric Data” means any biological characteristics of a person, or information based upon such a characteristic, including, without limitation, characteristics such as those defined as “biometric identifiers” and information such as that defined as “biometric information” , in each case under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq or any other similar characteristics or similar information under any comparable law or regulation.
Cubex customers are responsible for compliance with any and all applicable laws and regulations governing any collection, storage, use, retention, destruction and/or transmission of Biometric Data they conduct, possess or facilitate. Cubex customers agree to obtain the prior valid written consent of applicable third party users of Cubex products and services in order for such third party user to use the fingerprint scanner device of the Cubex inventory management devices (or any other device that is part of the Cubex products and services that collects Biometric Data), which consent shall provide legal and valid authorization for the customers, Cubex and/or Cubex’s authorized vendors to collect, store, retain, use, and/or transmit Biometric Data.
Cubex’s standard operating procedure does not call for the collection, storage, use, retention or transmission of Biometric Data by Cubex. Cubex products and services (i.e., the inventory management system and related software) provided to customers by Cubex, allow for the collection, storage, use and retention of any and all Biometric Data to be maintained and isolated on each individual physical product device (i.e., the Biometric Data is not transmitted to any other device or store on the cloud or otherwise stored, used or retained elsewhere). If, however, Cubex and/or its vendors do at any time collect, store, use, possession, retain and/or transmit Biometric Data during the course of conducting Cubex’s operations and of providing products or services to Cubex’s customers and their respective employees and agents (i) the collection, storage, use, retention and/or transmittal of any Biometric Data will be for the sole purpose of identity verification; and (ii) Cubex customers agree to obtain written authorization from each applicable individual prior to the collection of such data on Cubex’s and its vendors’ behalf.
Cubex does not sell, lease or trade any Biometric Data that is received from customers or customer employees or agents as a result of their use of Cubex products or services. Cubex customers also shall agree not to sell, lease or trade any Biometric Data that is received from customers or customer employees or agent as a result of their use of Cubex products or services.
Cubex customers agree that, in light of the developing nature of the legal landscape and requirements that may apply to the collection, use and storage of Biometric Data, to the extent that such customers and their employees and agents use the fingerprint scanner device of the Cubex inventory management devices (or any other device that is part of the Cubex products and services made available to customers that collects Biometric Data), Cubex customers agree and have the responsibility to: Generally, comply with all applicable laws and regulations regarding Biometric Data; Inform any participating employee or agent in writing that Biometric Data is being collected, stored, and used; Provide the specific purpose(s) for collecting Biometric Data and indicate the length of time for which the Biometric Data will be collected, stored, and used; Indicate to participating employee or agent the manner in which the Biometric Data will be destroyed; and Receive a prior written consent from each participating employee and/or agent authorizing the customer, to collect, use, store, and transmit the participating employee’s and/or agent’s Biometric Data.
Cubex will not disclose, disseminate and/or transmit any customer’s employees’ or agents’ Biometric Data to any person or entity other than the customer and Cubex’s authorized vendors without or unless: First obtaining the customer’s employee’s written consent; Disclosure is required by state or federal law; or Disclosure is required pursuant to a valid warrant or subpoena.
Cubex inventory management devices locally maintain all Biometric Data collected by the device. Each device contains a hard drive that securely stores the Biometric Data collected for purposes of individual verification.
While unlikely, if, at any point, after obtaining the proper authorization from each applicable employee and/or agent of a Cubex customer, any Biometric Data is shared with Cubex during the course of a customer’s term of use of a Cubex device, Cubex will securely retain the Biometric Data until the customer notifies Cubex that it has terminated the employee or agent or the employee or agent has discontinued using the applicable Cubex device, or the customer’s employee or agent makes a written request to Cubex that such Biometric Data be destroyed. At that time, any and all Biometric Data in Cubex’s possession will be destroyed.
All Cubex customers and customer’s employees and agents understand that providing Biometric Data is not required to gain secure access to any of Cubex’s inventory management devices and he or she is free to decline to provide Biometric Data and can be provided with a secure PIN for access to the Cubex inventory management device. Additionally, any customer employee or agent may revoke consent to the collection of his or her Biometric Data at any time by notifying his or her employer or agent in writing. Upon written revocation, the customer employee will be provided a PIN to access the Cubex medicinal storage solution device.
The Illinois Biometric Information Privacy Act, in relevant part, currently provides "Biometric identifier" means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include donated organs, tissues, or parts as defined in the Illinois Anatomical Gift Act or blood or serum stored on behalf of recipients or potential recipients of living or cadaveric transplants and obtained or stored by a federally designated organ procurement agency. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. Biometric identifiers do not include an X-ray, roentgen process, computed tomography, MRI, PET scan, mammography, or other image or film of the human anatomy used to diagnose, prognose, or treat an illness or other medical condition or to further validate scientific testing or screening.
The Illinois Biometric Information Privacy Act, in relevant part, currently provides “Biometric information" means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.