COINFLIP BIOMETRIC INFORMATION PRIVACY POLICY
In order to effectively and securely confirm the identity of individuals, GPD Holdings LLC and its affiliates (collectively “CoinFlip”) may use a biometric identification system. CoinFlip may use a third-party biometric online verification system or authorized vendor, including but not limited to Persona Identities, Inc. (“Persona”), Veriff OÜ (“Veriff”), and Amazon Web Services, Inc. ("AWS"), to provide biometric identification systems or services. This Biometric Information Privacy Policy supplements our CoinFlip Privacy Policy, found at (https://coinflip.tech/terms/privacy-policy).
Biometric Data Defined
As used in this policy, biometric information includes scans of facial geometry and any information derived therefrom, as well as any information that constitutes “biometric identifiers” and “biometric information,” as each term is defined in applicable law, including but not limited to the Illinois Biometric Information Privacy Act (740 ILCS § 14/1, et seq.) and the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001 et seq.).
In order to comply with applicable law concerning biometric information, CoinFlip has instituted the following policy:
Biometric Information Collection & Use
As part of your use of certain CoinFlip services, you may be asked to verify your identity by providing images of your face. CoinFlip’s vendors will generate biometric information by analyzing images of your face during this verification process.
CoinFlip and its vendors may utilize biometric technology and collect this biometric information solely for the purposes of confirming the identity of potential or existing customers, security, and fraud prevention. CoinFlip and its vendors may also use the data collected to improve their services and internal operations.
Authorization
If you elect to use CoinFlip features that require facial verification through these biometric technologies, you will use an input device or terminal designated to collect your biometric information. When you participate in the verification process, we collect your consent to the collection and use of your biometric information by CoinFlip and its vendor(s) in accordance with this policy.
Use of biometric verification features is voluntary. However, if you choose not to participate, you may be unable to access certain Coinflip services that require biometric identity verification, including but not limited to transacting or registering.
Disclosure
As indicated above, some of the features through which you are asked to provide biometric information may be operated on CoinFlip’s behalf by Persona, Veriff, AWS, or another authorized third-party vendor. CoinFlip discloses (or permits the direct collection of) biometrics data to/by such vendor(s) for the purposes of operating the identity-verification systems they provide to CoinFlip and to improve their services and internal operations.
CoinFlip will not sell, lease, trade, or otherwise profit from an individual’s biometric information. Nor will it authorize its identification vendors to engage in any such activity. (CoinFlip does, however, pay its vendors for the services they provide.) Persona, Veriff, AWS, or any other vendor used in accordance with this policy may engage with third parties to assist in providing the identification services, including hosting, cloud services, and other information technology services; email communication and SMS software providers; and identity verification services, background check providers, public and private records database providers, consumer reporting services, and fraud and identity management providers. Neither CoinFlip nor its identification vendors will disclose or disseminate an individual’s biometric information unless:
The individual or the individual’s legally authorized representative provides consent to such disclosure;
The disclosed data completes a financial transaction requested or authorized by the individual;
Disclosure is required by state or federal law or municipal ordinance; or
Disclosure is required pursuant to a valid warrant or subpoena.
Storage
Coinflip and its vendors may retain biometric information only for so long as reasonably necessary to provide identity verification, fraud prevention, and authentication services in connection with your account. The purpose for collecting biometric information will be deemed to expire upon the earliest of: (a) termination or deactivation of your account; or (b) one (1) year from the date of your last interaction with Coinflip. Upon expiration of such purpose, Coinflip will destroy the biometric information within a reasonable time, but not later than thirty (30) days after the date the purpose expires. If a biometric identifier is used in connection with a record or document that is required by applicable law to be maintained for a longer period, Coinflip will destroy the biometric identifier within a reasonable time, but not later than thirty (30) days after the date such record or document is no longer required to be maintained by law.
CoinFlip shall use a reasonable standard of care to store, transmit, and protect from disclosure any paper or electronic biometric information collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which CoinFlip stores, transmits, and protects from disclosure similar sensitive and confidential information. CoinFlip will require its vendors to similarly protect and delete biometric information.