Heritage Landscape Supply Group

BIOMETRIC COLLECTION POLICY

This Biometric Collection Policy is applicable to employees of the operating companies including SRS Distribution, the Heritage Family of Companies, Heritage Landscape Supply Group, and Heritage Pool Supply Group (all collectively referred to as “SRS/Heritage” or the “Company”). The purpose of this Policy to ensure such Biometric Data is reasonably safeguarded and not retained for longer than is necessary. This Policy is intended to comply with all potentially applicable laws.

Definition of Biometric Data
Under this Policy, Biometric Data is defined to include, but is not limited to, all potentially applicable legal definitions of “biometric identifiers” or “biometric information,” which can include, but is not limited to, data generated from a facial, finger, retinal, or palm vein scan, or a voice pattern.

Collection of Biometric Data
The Company may collect Biometric Data through various systems and will provide specific information about such collection through the system at collection. For example, the Company may use Biometric Data to for credentialling purposes to allow employees to log into systems or may utilize Biometric Data to authenticate an employee’s identity for time management purposes. 
The Company will obtain a written release/consent, as applicable, from employees in the form approved by the Company. The form will inform the employee about the data being collected; the purpose of the collection; and the period of time the Biometric Data is being collected, stored, and used.

Use of Biometric Data
The Company will use the Biometric Data solely for purposes stated in the consent. These purposes may include, but not be limited to, identification verification processes, related audits and investigations, and other lawful purposes.

Access to Biometric Data
In general, Company employees and agents are permitted to access personal information, including Biometric Data, as necessary and appropriate to carry out their assigned job responsibilities. Consistent with the Company’s access management procedures, certain employees are designated to administer the system and, as such, may from time to time need access to Biometric Data.

Disclosure of Biometric Data
As described above and disclosed in the referenced written release/consent, the Company may store Biometric Data locally or on a server hosted by a third-party service provider. Additionally, the Company may share Biometric Data with third party service providers to operate and maintain the respective system. Further, the Company may in the future disclose Biometric Data to Company-retained attorneys and/or accountants as necessary to assist the Company with compliance, conduct audits and investigations, provide related services, or as otherwise permitted or required by law or legal process. In the event additional parties need access to Biometric Data for technical support, administration or other lawful purposes, the Company will only provide such access in accordance with applicable law and other best practices.

Retention and Destruction of Biometric Data
The Company will retain Biometric Data only until the initial purpose for collecting or obtaining such information has been satisfied. In general and except as otherwise required by law or legal process, the Company will destroy an employee’s Biometric Data which is stored on the server database or in other backup systems or repositories (if any) as soon as practicable following the termination of an employee’s employment with the Company. In no event will Biometric Data be retained for longer than one year following an employee’s last interaction with the Company.

Safeguarding Biometric Data
Consistent with the Company’s information security policies, procedures, and practices, which are incorporated herein by reference, as applicable, the Company will safeguard Biometric Data, regardless of format, from unauthorized access, acquisition, or disclosure. Such safeguards include but not be limited to limiting access to Biometric Data; using only the minimum necessary Biometric Data for a particular permissible purpose; storing Biometric Data in password-protected files; and using a mathematical algorithm that cannot be reverse engineered to produce Biometric Data.

Amendment, Enforcement and Violations
The Company reserves the right to amend this Policy at any time for any reason. The Company’s Human Resources Department will be responsible for implementing, interpreting, and enforcing this Policy in collaboration with other appropriate Company departments and officers. Employees who violate this Policy will be subject to discipline up to and including termination of employment. Employees should direct any questions to the Human Resources Department via the HR Hotline at 855.556.3221, Option 7 or at HRHotline@srsicorp.onmicrosoft.com.