Ping Identity Biometric Data
Retention Destruction Policy
This Ping Identity Biometric Data Retention and Destruction Policy (“Policy”) applies only to the extent that a Customer or a Customer End-User chooses to upload Biometric Information in connection with the services provided by Ping Identity Corporation or its affiliates, as applicable (collectively “Ping Identity”).
Pursuant to applicable law, Ping Identity provides this Policy to establish its retention schedule and destruction guidelines with respect to Ping Identity’s processing of Biometric Information on its customers’ behalf.
1. Definitions. For purposes of this Policy, the terms below have the following meanings:
“Biometric Information” means any biometric information or biometric identifier as those terms are defined in the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq.
“Customer” means the entity or person who placed an order with Ping Identity and uses the services provided by Ping Identity.
“Customer Biometric Information” means Biometric Information uploaded by the Customer or Biometric Information that a Customer allows a Customer End-User to upload.
“Customer End-User” means the individual whose Biometric Information Customer uploads or causes to be uploaded to the applicable Ping Identity service.
2. Retention and Destruction. The period for which Customer Biometric Information will be retained and the criteria used to determine that period is determined by Customer during the term of the Agreement via Customer’s use and configuration of the Service. By default, some of Ping Identity’s services (such as PingOne Verify) do not retain underlying Biometric Information.
Any Customer Biometric Information not deleted by Customer will be deleted by Ping Identity promptly upon (i) expiration or termination of the Agreement; (ii) expiration of any post-termination “retrieval period” described in the Agreement; or (iii) within three (3) years of Customer End-User’s last interaction with Customer, whichever occurs first.
3. Exceptions. Ping Identity may otherwise retain Customer Biometric Information as otherwise required to comply with applicable law, valid legal/judicial process, or to the extent such information is subject to pending or reasonably anticipated litigation.
4. Questions Regarding this Policy. If you are a Customer End-User of Ping Identity’s services, please contact the relevant Customer. Where required by law or our contractual commitments, we will take steps to assist the Customer in responding to your inquiries.