Dayforce’s Biometric Statement
Table of Contents
This Statement was last updated on January 31, 2024.
Scope
This statement applies to the processing of time and attendance-related information collected by timekeeping devices using finger scan, vein scan, and facial recognition technology (“biometric timekeeping devices”), Dayforce Touch, TUFF and Clock+ (Formerly HTML), and shared with Dayforce by its customers, that may be considered biometric data or biometric data pursuant to certain states’ laws. For more information on Dayforce’s privacy practices please review our Global Privacy Statement.
California Residents: Dayforce processes your information as a service provider on behalf of Dayforce customers (your employer). You may have rights regarding your information under California law. For more information on your rights please contact your employer.
Definitions
Dayforce’s use of the term “biometric data” within this statement does not reference any particular legal definition of that term. Instead, Dayforce’s use of the term biometric data refers to the data collected by Dayforce’s biometric timekeeping devices. It is the responsibility of Dayforce’s customers to determine if applicable data protection and biometric privacy laws apply to the customer’s use of Dayforce’s biometric timekeeping devices.
How We Process Biometric Data
Dayforce processes the biometric data of its customers’ employees at the direction of its customers through the use of a clock as part of a timekeeping system. The method by which Dayforce processes biometric data depends on the type of clock a customer is using:
Finger Scan Clocks use multiple wavelengths of light to identify certain unique points on a user’s finger. The clock then creates a code based on these unique data points associated with the user.
Vein Scan Clocks use multiple wavelengths of light to identify certain unique patterns in the users’ finger vein system. The clock then creates a unique code based on the unique vein patterns on each finger.
Face Verification Clocks take a photograph of the user’s face, for purposes of visual verification of identity, the device then plots key aspects of the face using the photograph to generate a unique code associated with the user.
For each type of clock, the data collected is converted into an alpha-numeric “Template Value” using a proprietary algorithm. Each time an individual uses the clock, it creates a temporary Template Value which is compared to the user’s original Template Value. The original Template Value is stored on the clock and it is also sent to Dayforce and stored in the application database. Customer’s may also choose to send photographs to Dayforce through Face Verification Clocks. Each temporary Template Value is stored only momentarily on the clock.
Consent
If consent is required to collect, store and or use the data processed by Dayforce biometric timekeeping devices under any applicable laws, Dayforce relies on its customers to obtain such consent or determine another lawful basis for processing biometric data on behalf of themselves and Dayforce as its processor. Dayforce may also obtain separate written consent for the collection, storage and/or use of this information. To the extent there may be a conflict between these two consents, the customer’s consent will govern.
How We Use Biometric Data
Dayforce’s customers choose whether to use clocks to track time and attendance of their employees. Dayforce processes biometric data only on behalf of and at the direction of its customers.
Retention and Disposal
Biometric data is securely stored on the clock and in the Dayforce application database. A user’s biometric data is deleted from the clock when the user’s status is changed to terminated or when a badge is no longer valid. A user’s biometric data is retained in the application database for 1 day after the customer changes the user’s status to terminated or a badge is no longer valid. Biometric data may also be stored in archives. Archived biometric data will be stored by Dayforce no longer than 1 year after the date the biometric data is deleted from the application database.
How We Share Biometric Data
Dayforce does not sell, lease, trade or otherwise profit from biometric data. Dayforce does not authorize its vendors or customers to: use biometric data in a manner inconsistent with this Statement or Dayforce’s Global Privacy Statement; or sell, disclose, lease, trade or otherwise profit from biometric data.
Biometric data may be accessed by Dayforce, its subsidiaries and third-party consultants to implement and manage the services of its customers. Dayforce affiliates and contractors, including ArcX, may have access to biometric data to perform maintenance on the biometric clocks. Some parties with which Dayforce shares biometric data may be outside of the jurisdiction in which the biometric data is collected. Where necessary, Dayforce enters into appropriate lawful data transfer agreements to process biometric data outside of the jurisdiction in which it was collected.
Dayforce may share biometric data as described here in and will not otherwise share biometric data with any other third party unless:
- The customer’s employee or the employee’s authorized representative provides written consent to share;
- Disclosure is permitted or required by applicable law or is in response to subpoenas, court orders, or other legal processes.