ENSONO FINGER-SCAN AND BIOMETRIC DATA INFORMATION POLICY

Ensono, Inc. (“the Company”) has partnered with a third-party vendor or vendors to provide technology to collect and/or store data for the Company’s information security and identity verification purposes. Upon consent to use the system, employees will be required to use the system described in this Finger-Scan and Biometric Data Information Policy (“Policy”), after having reviewed this Policy and having signed a written consent form.

To “log” into the system described in this Policy, an employee will use a fingerprint scanner or biometric capable camera available on their computer. The fingerprint scanner or biometric capable camera collects and stores a mathematical representation of particular data about portions of the face and fingertip and may collect or store images of your face, fingers or fingerprints.

The Company has carefully selected vendors/software providers, including the business partners who provide the Company’s technology, who share the Company’s commitment to protecting confidential and sensitive information. Finger-scan and biometric data from the system is not shared or transmitted to any other system including Ensono Staff. Finger-scan and biometric authentication requests, will be processed locally on your device, and authorization may be shared with those vendors/software providers/business partners, but any data obtained through the system will otherwise not be disclosed or disseminated other than as outlined in this Policy without the employee’s consent unless required by any local, state, or federal law, municipal ordinance, valid warrant, or valid subpoena. Furthermore, the Company and the vendors/software providers/business partners will not sell, share (as the term is defined by applicable privacy law), lease, trade, or otherwise profit from an employee’s biometric data.

Any employee data collected and that is described in this Policy will be retained until, at the latest: (1) 90 days following the termination of active employment with the Company and return of relevant equipment; (2) 30 days after the employee moves to a role within the Company for which the technology is not used; or (3) within 3 years of the last collection of biometric data through the system. At that time, the Company will take steps through its system and/or through its vendor(s)/software provider(s)/business partner(s) to permanently destroy such biometric data.

This Policy is intended to comply with all federal, state, and local laws. If you have questions about this Policy, including how the technology works or how to opt-out of the collection of your biometric data, contact the Privacy Office at [email protected]. A copy of this Policy will be made publicly available at www.ensono.com/biometric-policy.