Skip links

BIPA Policy


McCracken Label Co. (“The Company”) has instituted the following Biometric Data Privacy Information Privacy Policy (“BIPA Policy”):

Biometric Data Definition, Collection and Purpose

This BIPA Policy defines the Company’s policy and procedures for collection, use, safeguarding, storage, retention, and destruction of Biometric Data (defined below) collected by the Company and/or its vendors in accordance with the applicable laws including, but not limited to, the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14/1, et seq.

The Company uses a time management system provided by Paylocity, a third- party service provider, to capture a photograph of each employee upon their entry into the Company’s facilities. The data generated by such photographs may be classified as “biometric identifiers” or “biometric information,” subject to regulation under BIPA. The reason for the Company collecting this data is to ensure all employee time is accurately captured. The Company established this Policy to ensure such data is reasonably safeguarded and not retained for longer than is necessary.

The Company will obtain a written release/consent, as applicable, from employees in the form approved by the Company. The form will inform the employee about the data being collected, the purpose of the collection, and the period of time the Biometric Data is being collected, stored, and used.

“Biometric Data” means personal information stored by the Company and/or its vendors about an individual’s physical characteristics that can be used to identify that person. As used in this Policy, Biometric Data includes “biometric identifiers” and “biometric information” as defined in the Illinois BIPA.

“Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. Biometric identifiers do not include an X-ray, roentgen process, computed tomography, MRI, PET scan, mammography, or other image or film of the human anatomy used to diagnose, prognose, or treat an illness or other medical condition or to further validate scientific testing or screening.

“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on the individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.


To the extent that the Company and/or its vendors collect, capture, or otherwise obtain Biometric Data relating to an employee, the Company will first:

  1. Inform the employee (or his or her legally authorized representative) in writing that the Company and/or its vendors are collecting, capturing, or otherwise obtaining the employee’s Biometric Data, and that the Company is providing such Biometric Data to its vendors;
  2. Inform the employee (or his or her legally authorized representative) in writing of the specific purpose and length of time for which his or her Biometric Data is being collected, stored, and used; and
  3. Receive a written release signed by the employee (or his or her legally authorized representative) authorizing the Company and/or its vendors to collect, store, and use the employee’s Biometric Data for the specific purposes disclosed by the Company, and for the Company to provide such Biometric Data to its time management vendors.

The Company and/or its vendors will not sell, lease, trade, or otherwise profit from an employee’s Biometric Data.

The Company will not disclose or disseminate any Biometric Data to anyone other than its vendors without/unless:

  1. First obtaining written employee consent to such disclosure or dissemination;
  2. The disclosed data completes a financial transaction requested or authorized by the employee;
  3. Disclosure is required by state or federal law or municipal ordinance; or
  4. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
Data Storage and Retention Schedule

The Company shall use a reasonable standard of care to store, transmit and protect from disclosure any paper or electronic Biometric Data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property, such as genetic markers, genetic testing information, account numbers, PINs, driver’s license numbers, and social security numbers.

Where the Company retains Biometric Data, the Company shall retain employee Biometric Data only until, and shall request that its vendors permanently destroy such data when, the first of the following occurs:

  1. The initial purpose for collecting or obtaining such Biometric Data has been satisfied; or
  2. Within three (3) years of the employee’s last interaction with the Company.

Consent Form

Each employee as a condition of employment and/or continued employment must execute a copy of the Consent Form attached to this Policy.

Amendment, Enforcement and Violations

The Company reserves the right to amend this Policy at any time for any reason. Employees who violate this Policy may be subject to discipline up to and including termination of employment under the Company’s employment policies and procedures.