eXpress badging’s Veonics Portal™ Privacy Policy

 

eXpress badging (VENDOR) professionally and securely prints photo ID badges, and other types of identification cards, name tags, and name badges (ID BADGE) to confirm a vetted and a trusted association between the ID BADGE Holder (HOLDER) and the ID BADGE Issuer (ISSUER). For the sole reason of professional identification, the VENDOR must collect personally identifiable information (PII-defined below) that is used to create an ID BADGE for the HOLDER, as an authorized and contracted vendor for the ISSUER.

 

What information does the VENDOR collect to issue an ID BADGE?

·         Most commonly used examples include; First, Middle, Last Names, Facial Photo, Department, Title, Employers Name or Logo, Professional Certifications, ID Number, and Employee number.

·         Less used PII may include, E-mail Address, Managers Name, Work Location Name, Work Location Address, Date of Hire, Date of Issue of the ID BADGE, Personal Characteristics (height, weight, eye and hair color), HOLDER’s Signature Scan, Membership Level, and the HOLDER’s Mailing Address if VENDOR is mailing an ID BADGE directly to the HOLDER.

·         The VENDOR never requires the collection of the HOLDER’s social security number, driver’s license number or healthcare information. If the ISSUER provides such information, the VENDOR will delete as soon as noticed; unless approved by the ISSUER in writing.

What is PII?

·         PII is define by the National Institute of Standards and Technology (NIST) as; any personally identifiable information about an individual maintained by an agency (or company), including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

·         Examples of PII include, but are not limited to:

• Names, such as full name, maiden name, mother‘s maiden name, or alias
• Personal identification numbers, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number, or financial account or credit card number
• Address information, such as street address or email address
• Personal characteristics, including a photographic image (especially of the face, or other identifying characteristics), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry) 
• Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information).

 

How does the VENDOR protect HOLDER information?

The VENDOR implements a variety of security measures to maintain the safety of HOLDER’s information. All HOLDER’s information is contained behind secured networks and is only accessible by a limited number of VENDOR and ISSUER personnel who have special access rights to such systems, and are required to keep the information confidential. When ISSUER’s place an ID Badge order or the HOLDER accesses their Veonics Portal™ ID BADGE information, the VENDOR offer’s the use of a secure server network regardless if located on our physical premise or our AWS hosted Veonics Portal™ and operations on a series of encrypted at rest servers. All of the information provided to produce the HOLDER’s ID Badge is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases to be only accessed as stated above.

How long does the VENDOR store the HOLDER’s information?

Upon the ISSUERS written request, VENDOR will promptly destroy/delete/obliterate all ISSUER’s and HOLDER’s PII and will certify in writing to the ISSUER that the VENDOR has destroyed all copies of such materials within ten (10) business days of ISSUER’s acceptance of badges.

If an ISSUER’S ID BADGE print job does not require any high-risk PII data, and high-risk PII data is supplied by the ISSUER or HOLDER along with other badge-relevant data, the VENDOR will delete all high-risk PII nonrelevant data upon notice.

The VENDOR will periodically destroy/delete/obliterate all inactive accounts HOLDER data within three to six months of PORTAL non-use for VENDOR managed Veonics Portal™ accounts or three months after a Veonics Portal™ account renewal has expired; unless the VENDOR’s data retention terms and fees are approved and then requested in writing by the ISSUER.

The VENDOR is not responsible for lost or stolen ID BADGEs, and any non-electronic or electronic (RFID or smart chips, magnetic stripes, or barcodes) PII disclosure that may occur as an outcome of such actions.

Does the VENDOR’s Veonics Portal use "cookies"?

Yes. Cookies are small files that a site or its service provider transfers to the HOLDER’s computer hard drive through the HOLDER’s web browser (if allowed) that enables the Veonics Portal™ site or service provider's systems to recognize the used browser and capture and remember certain information.

The HOLDER can choose to have their computer or device provide a warning each time a cookie is sent, or the HOLDER can choose to turn off all cookies. The HOLDER would do this through the browser (like Google Chrome, FireFox or Internet Explorer) settings. Each browser is a little different, so look at the browser Help menu to learn the correct way to modify cookies. The VENDOR recommends using Google Chrome. By turning cookies off, the HOLDER will not have access to many Veonics Portal™ features, and will most likely not be able to complete the requested task by the ISSUER. The VENDOR recommends that the HOLDER not disable cookies.

Does the VENDOR disclose the information collected to outside parties?

The VENDOR will never make public or sell, trade, or otherwise transfer to outside parties Veonics Portal™ HOLDER personally identifiable information, and/or any other non-PII data; period!


How can the HOLDER opt-out, remove or modify information you have provided to us?

To approve and/or modify your ID Badge data and/or photo, the HOLDER must agree to have read this Privacy Policy to continue. Otherwise, if the HOLDER declines, they must notify the ISSUER and let them know the HOLDER does not agree to the VENDORS terms and to either make modifications for the HOLDER, or other options they may prefer. Please note that due to email production schedules the HOLDER may receive any emails already in the VENDORS production schedule until disabled.


How does the VENDOR manage changes to this Privacy Policy:

If the VENDOR decides to change this Privacy Statment, the VENDOR will update all changes on this page without notification to the HOLDER. Privacy Policy changes will apply only to information collected after the date of the change. 

This policy was last modified on March 1, 2019.

What happens if the VENDOR has a data breach?

The VENDOR has a written and rehearsed process that starts with enabling a Breach Team made of employees, contracted cyber specialist, government authorities, and other associated partners (the VENDOR’s vendors) that may be affected by any breach liability. The immediate object is to plug any cyber-holes used by the criminals that caused the breach, assess the breach liability, then notifying all parties that qualify for email and mail notifications; which may include both ISSUERs and all HOLDERs, to include call center access on a worst case scenario.

Questions and Feedback:

The VENDOR welcomes all questions, comments, and concerns about the VENDOR’s Privacy Policy and processes. For security and PII protection, the VENDOR requires the HOLDER to notify the ISSUER and have them forward all feedback the the VENDOR about privacy, or any other issue.

HOLDER’s Consent:

By accessing and using the VENDOR Veonics Portal™ website, the HOLDER consents to this Privacy Policy and User License agreement found here Veonics Portal™ ULA