eXpress badging’s Veonics Portal™ Privacy Policy
eXpress badging (VENDOR) professionally and securely prints photo ID badges, and other types of identification cards, name tags, and name badges (ID BADGE) to confirm a vetted and a trusted association between the ID BADGE Holder (HOLDER) and the ID BADGE Issuer (ISSUER). For the sole reason of professional identification, the VENDOR must collect personally identifiable information (PII-defined below) that is used to create an ID BADGE for the HOLDER, as an authorized and contracted vendor for the ISSUER.
What information does the VENDOR collect to issue an ID BADGE?
· Most commonly used examples include; First, Middle, Last Names, Facial Photo, Department, Title, Employers Name or Logo, Professional Certifications, ID Number, and Employee number.
· Less used PII may include, E-mail Address, Managers Name, Work Location Name, Work Location Address, Date of Hire, Date of Issue of the ID BADGE, Personal Characteristics (height, weight, eye and hair color), HOLDER’s Signature Scan, Membership Level, and the HOLDER’s Mailing Address if VENDOR is mailing an ID BADGE directly to the HOLDER.
· The VENDOR never requires the collection of the HOLDER’s social security number, driver’s license number or healthcare information. If the ISSUER provides such information, the VENDOR will delete as soon as noticed; unless approved by the ISSUER in writing.
What is PII?
· PII is define by the National Institute of Standards and Technology (NIST) as; any personally identifiable information about an individual maintained by an agency (or company), including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
· Examples of PII include, but are not limited to:
How does the VENDOR protect HOLDER information?
The VENDOR implements a variety of security measures to maintain the safety of HOLDER’s
information. All HOLDER’s information is contained behind secured networks and
is only accessible by a limited number of VENDOR and ISSUER personnel who have
special access rights to such systems, and are required to keep the information
confidential. When ISSUER’s place an ID Badge order or the HOLDER accesses their
Veonics Portal™ ID BADGE information, the VENDOR offer’s the use of a secure
server network regardless if located on our physical premise or our AWS hosted Veonics
Portal™ and operations on a series of encrypted at rest servers. All of the information
provided to produce the HOLDER’s ID Badge is transmitted via Secure Socket
Layer (SSL) technology and then encrypted into our databases to be only
accessed as stated above.
How long does the VENDOR store the HOLDER’s information?
Upon the ISSUERS written request, VENDOR will promptly destroy/delete/obliterate all ISSUER’s and HOLDER’s PII and will certify in writing to the ISSUER that the VENDOR has destroyed all copies of such materials within ten (10) business days of ISSUER’s acceptance of badges.
If an ISSUER’S ID BADGE print job does not require any high-risk PII data, and high-risk PII data is supplied by the ISSUER or HOLDER along with other badge-relevant data, the VENDOR will delete all high-risk PII nonrelevant data upon notice.
The VENDOR will periodically destroy/delete/obliterate all inactive accounts HOLDER data within three to six months of PORTAL non-use for VENDOR managed Veonics Portal™ accounts or three months after a Veonics Portal™ account renewal has expired; unless the VENDOR’s data retention terms and fees are approved and then requested in writing by the ISSUER.
The VENDOR is not responsible for lost or stolen ID BADGEs, and any non-electronic or electronic (RFID or smart chips, magnetic stripes, or barcodes) PII disclosure that may occur as an outcome of such actions.
Does the VENDOR’s Veonics Portal use "cookies"?
Yes. Cookies are small files that a site or its service provider transfers to the
HOLDER’s computer hard drive through the HOLDER’s web browser (if allowed) that
enables the Veonics Portal™ site or service provider's systems to recognize the
used browser and capture and remember certain information.
The HOLDER can choose to have their computer or device provide a warning each
time a cookie is sent, or the HOLDER can choose to turn off all cookies. The
HOLDER would do this through the browser (like Google Chrome, FireFox or
Internet Explorer) settings. Each browser is a little different, so look at the
browser Help menu to learn the correct way to modify cookies. The VENDOR
recommends using Google Chrome. By turning cookies off, the HOLDER will not
have access to many Veonics Portal™ features, and will most likely not be able
to complete the requested task by the ISSUER. The VENDOR recommends that the
HOLDER not disable cookies.
Does the VENDOR disclose the information collected to outside parties?
The VENDOR will never make public or sell, trade, or otherwise transfer to
outside parties Veonics Portal™ HOLDER personally identifiable information, and/or
any other non-PII data; period!
How can the HOLDER opt-out, remove or modify information you have provided
to us?
To approve and/or modify your ID Badge data and/or photo, the HOLDER must agree
to have read this Privacy Policy to continue. Otherwise, if the HOLDER
declines, they must notify the ISSUER and let them know the HOLDER does not
agree to the VENDORS terms and to either make modifications for the HOLDER, or
other options they may prefer. Please note that due to email production
schedules the HOLDER may receive any emails already in the VENDORS production
schedule until disabled.
How does the VENDOR manage changes to this Privacy Policy:
If the VENDOR decides to change this Privacy Statment, the VENDOR will update
all changes on this page without notification to the HOLDER. Privacy Policy
changes will apply only to information collected after the date of the
change.
This policy was last modified on March 1, 2019.
What happens if the VENDOR has a data breach?
The VENDOR has a written and rehearsed process that starts with enabling a Breach Team made of employees, contracted cyber specialist, government authorities, and other associated partners (the VENDOR’s vendors) that may be affected by any breach liability. The immediate object is to plug any cyber-holes used by the criminals that caused the breach, assess the breach liability, then notifying all parties that qualify for email and mail notifications; which may include both ISSUERs and all HOLDERs, to include call center access on a worst case scenario.
Questions and Feedback:
The VENDOR welcomes all questions, comments, and concerns about the VENDOR’s Privacy
Policy and processes. For security and PII protection, the VENDOR requires the
HOLDER to notify the ISSUER and have them forward all feedback the the VENDOR about
privacy, or any other issue.
HOLDER’s Consent:
By accessing and using the VENDOR Veonics Portal™ website, the HOLDER consents
to this Privacy Policy and User License agreement found here Veonics Portal™ ULA