Consent

BIOMETRIC DATA POLICY

Last Updated: ​2025-01-13

Purpose and Scope

Soliish, Inc.(“Soliish”) may use Biometric Data (as defined below) in order to screen for sleep apnea and provide awareness, education or care management services related to sleep disorders.  To the extent that Soliish collects Biometric Data, this Biometric Data Policy (the “Policy”) sets forth Soliish’s policy for the collection, use, safeguarding, storage, retention and destruction of Biometric Data.  

This policy does not apply to Biometric Data collected, used, or stored for health care, treatment, payment or operations subject to the Health Insurance Portability and Accountability Act of 1996, as amended from time to time (“HIPAA”).  If you use Soliish’s services as a patient of a healthcare provider or member of a health plan, the use and disclosure of your Biometric Data is governed by Soliish’s written contract with the healthcare provider or health plan and HIPAA. We encourage you to review your relevant healthcare provider or health plan’s HIPAA Notice of Privacy Practices for more information and to exercise your rights under HIPAA.

Definitions

Biometric Identifier means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include donated organs, tissues, or parts as defined in the Illinois Anatomical Gift Act or blood or serum stored on behalf of recipients or potential recipients of living or cadaveric transplants and obtained or stored by a federally designated organ procurement agency. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under HIPAA. Biometric identifiers do not include an X-ray, roentgen process, computed tomography, MRI, PET scan, mammography, or other image or film of the human anatomy used to diagnose, prognose, or treat an illness or other medical condition or to further validate scientific testing or screening.

Biometric Information means any information, regardless of how it is captured, converted, stored, or shared, based on an individuals’ Biometric Identifier used to identify any individual. Biometric Information does not include information derived from items or procedures excluded under the definition of Biometric Identifiers.

Biometric Data means both or either of Biometric Identifier or Biometric Information.

Purpose for Collection of Biometric Data

Soliish or one of its service providers may collect, possess, store, and/or use Biometric Data solely [to screen for sleep apnea and provide awareness, education or care management services related to sleep disorders.

Authorization

Soliish will:

a. Inform each individual in writing that Soliish and/or its service providers may be collecting, processing, storing or using the individual’s Biometric Data;

b. Inform each individual in writing of the specific purpose, circumstances and manner of such collection, processing, storage or usage, including the length of time of storage, if applicable;

c. Inform each individual in writing of the manner in which the individual may opt out of the collection, processing, storage or usage of their Biometric Data; and

d. If the individual consents to the collection, processing, storage or usage of their Biometric Data, obtain a written release signed by the individual authorizing Soliish and its service providers to collect, store and use Biometric Data for the specific reasons set forth in the written release.  

Disclosure

Soliish will not disclose, re-disclose or otherwise disseminate any Biometric Data unless:

  1. The individual consents to the disclosure or dissemination;
  2. Disclosure or re-disclosure completes a financial transaction requested or authorized by the individual;
  3. Disclosure or re-disclosure is required by state or federal law or municipal ordinance; or
  4. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Soliish will not knowingly sell, lease, trade, or otherwise profit from an individual’s Biometric Data.

Retention Schedule

Soliish will retain Biometric Data, if it is retained at all, until the first of the following occurs:

  1. The initial purpose for collecting or obtaining the Biometric Data has been satisfied; or
  2. Within one year of the data subject’s last interaction with Soliish or as required by applicable state laws.

Data Storage

To the extent Soliish collects, stores and retains Biometric Data, it shall maintain reasonable physical, administrative and technical safeguards to store, transmit, and protect from disclosure any such Biometric Data collected, stored or retained.  Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same ore more protective than the manner Soliish transmits, stores, and protect from disclosure other confidential and sensitive information, including individual information that can be used to uniquely identify an individual or an individual’s account or property.