The purpose of this policy is to define the policy and procedures for the collection, use, safeguarding, storage, retention, and destruction of biometric data. It is Torche Evolution Biometric Solutions Limited’s (“Torche” or the “Company”) policy to protect, use and store biometric data in accordance with applicable laws including, but not limited to, the Nigeria Data Protection Regulation 2019 (“NDPR”).
Torche has instituted the following biometric information privacy policy.
As used in this policy, biometric data includes “biometric identifiers” and “biometric information” as defined in this policy. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair colour, or eye colour. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
The Company’s Collection of Biometric Data
The Company may collect, store, and use biometric data from its customers to provide the customers with various services, including to enable the customers make payments and conclude other transactions with their biometric data through biometric terminals.
This data is collected, stored, and used solely for the provision of services to customers.
Disclosure
Where the Company collects, captures, or otherwise obtains biometric data relating to a customer, the Company:
Will inform the customer of the specific purpose and length of time for which the biometric data is being collected, stored, and used;
Will receive a written release signed by the customer (or his or her legally authorized representative) authorizing the Company to collect, store, and use the customer’s biometric data for the purpose of providing services to the customer;
Will not disclose, re-disclose, or otherwise disseminate a customer’s biometric data unless:
the customer or the customer’s legally authorized representative consents to such disclosure or re-disclosure;
the disclosure or re-disclosure completes a payment or other transaction requested or authorized by the customer or the customer’s legally authorized representative;
the disclosure or re-disclosure is required by law; or
the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
Retention Schedule
The Company will retain the customer’s biometric data only until, and will permanently destroy such data after 3 years when the initial purpose for collecting or obtaining such biometric data has been satisfied, such as the provision of services to the customer.
BIOMETRIC INFORMATION PRIVACY RELEASE FORM