This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally identifiable information’ (PII) is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, place an order, Open a Support Ticket or enter information on our site.

How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

• To allow us to better service you in responding to your customer service requests.
• To quickly process your transactions.

How do we protect visitor information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we collect Biometric Data?
Several of our time clocks can use biometric information to aid in the clocking processes of users and to ensure that only authorized users gain access to restricted functions of the time clock device.  Biometric Identifiers are collected and analyzed creating a “Template” that is stored while the Biometric Identifier (image) is immediately and permanently destroyed.  All our clocks support alternate methods of clocking and biometric enrollment is not explicitly required for someone to use a Sundial Timekeeping device.

Biometric  information (Template)  is used for improving the user experience while clocking.  Templates are collected and distributed to each of the time clock devices within the clock group.  The time clock devices store the Template in an encrypted format.  An encrypted  copy of the Template is also maintained on the server where it is used to redistribute to other connected time clock devices as needed.  Stored Templates, whether  stored in the time clocks or on the server, are stored in an encrypted format.  Sundial Time Systems does not provide the tools or knowledge needed decrypt the stored template.  In addition, users of the Timekeeping software cannot access the stored Template.  Because of this, they cannot disclose, redisclose or disseminate the stored Template.

Templates are based on the analysis of Biometric Identifiers (i.e. images), but are not images.  The Template stored is an analysis of the biometric identifier and no biometric identifier or image is actually stored.  As such, Templates cannot be used to recreate a fingerprint, face print, or palm print.

Templates are stored and used during the period of employment.  When the employment is terminated and the employee record is deactivated, all copies of the Template  are destroyed from the time clock(s) and software alike.  It is possible to prevent the destruction of the Template.  Check with your individual employer if you are concerned about delayed destruction of the Template.

Sundial has a policy specifically created for Biometric Data, its collection, use and destruction.  We encourage any interested party to review it.  

Do we use ‘cookies’?
We do not use cookies for tracking purposes
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly.
However, you can still place orders .

Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links
We do not include or offer third-party products or services on our website.

Google
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We use Google Analytics on our website to ensure a positive user experience.
Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.
We have implemented the following:
• Google Display Network Impression Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page or as a minimum on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found on the page specified above.
Users will be notified of any privacy policy changes:
• On our Privacy Policy Page
Users are able to change their personal information:
• By emailing us
• By calling us
• By logging in to their account
• By chatting with us or sending us a ticket
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under 13.

Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via email
• Within 1 business day
We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:
Improve your experience with our website, products and / or services.
To be in accordance with CANSPAM we agree to the following:

If at any time you would like to stop receiving system generated emails, you can remove your e-mail address from the account and / or your user record.
Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.
Sundial Time Systems
8515 NE 219th St
Battle Ground, Washington 98604
USA

info@sundialtime.com

Biometric Device Privacy Statement

Biometric Devices (“Device”) purchased by you (“Customer”) from Sundial Time Systems (Sundial) for time tracking, visitor management or other intended purposes, use biometric technology to recognize and record biometric data from individuals who interact with the Device. “Biometric Data” means any information based on an individual’s retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry which is used to identify an individual, regardless of how it is captured, converted, stored or shared.

Description of Device Biometric Functionality

• When an individual enrolls with or authenticates themselves to the Device, the Device captures and stores an image of that individual’s biometric identifier, either the individual’s face, fingerprint, or palm vein geometry, (“Identifier”) but only for the time needed to create the individual biometric template (“Template”) used for subsequently recognizing that same individual.
• Thereafter, only the Template, which is a binary computer file (not an image file) representing a tiny subset of the individual’s Identifier is stored. After an individual’s Template is generated, the individual’s Identifier (the image of the employee’s face, fingerprint or palm vein geometry) is immediately and permanently destroyed from the Device.
• The individual’s Identifier is temporarily stored during the process of generating the Template and the device does not permanently store any Identifier.
• Sundial Devices and all Templates stored in the Devices operating software or in the hosted service are built with precise algorithms and or encrypted and protected.

Customer Responsibilities and Compliance with Laws

It is the sole responsibility of the Customer that collects, captures, stores or otherwise uses Biometric Data relating to an individual, to:

1. Inform the individual from whom Biometric Data will be collected, in writing and prior to collecting the individual’s Biometric Data, that Biometric Data is being collected, stored and/or used;
2. Indicate, in writing, the specific purpose(s) and length of time for which Biometric Data is being collected, stored, and/or used; and
3. Receive a written release from the individual (or a legally authorized representative) authorizing the Customer and Sundial to collect, store, and/or use the Biometric Data and authorizing the Customer to disclose such Biometric Data to Sundial and any Customer third party service providers

It is the Customer’s sole responsibility to develop, maintain and to inform all individuals about any Customer policies for Biometric Data collection. Customer must maintain  its own data collection, disclosure, retention and storage policies in compliance with all applicable laws. Where required by law, Customer agrees to adopt a privacy policy in alignment with all applicable laws governing the collection, use, transfer and retention of Personal Data

Sundial encourages Customer to consult with legal counsel knowledgeable in the area of biometric privacy, especially if the Customer operates in state(s) which have enacted privacy laws governing the collection and/or storage of an individual’s Biometric Data. The Customer is solely responsible for taking any steps necessary to ensure that the Customer is in compliance with applicable biometric privacy laws when using biometric Devices.

Sundial Responsibilities and Hold Harmless

Sundial has access to the Customers’ data, including Templates through the hosted Sundial Software as a  Service (“Service”). In support of providing the Service to the Customer, Sundial’s developers and support personnel may use Customers data samples for development and testing purposes. In providing the Service, Sundial will comply with the Sundial Privacy Policy and all applicable data protection laws.

Disclosure and sharing of Biometric Information

Sundial will not sell, lease, trade or otherwise profit from any Biometric Data that it receives from Customer’s or their employees. Customer data used for development and support purposes is available only to the Sundial team members that are working on the specific tasks described. Biometric Data will not be used for any other purpose than as described herein.

Sundial will not disclose, redisclose or otherwise disseminate any Biometric Data received from Customer to any person or entity other than Sundial or Sundial’s third party service providers except for if disclosure or redisclosure is required by state or federal law or municipal ordinance or disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention of Biometric Information

Sundial shall retain Customer Biometric Data for up to 90 days after it is deleted by the Customer. Customer deletion of Biometric Data occurs when the Customer marks an employee Inactive and instructs the Service to remove the employee’s clock identity. Any Customer data that is being used by development and/or support personnel is permanently deleted when no longer needed by Sundial.

Storage of Biometric Information

Sundial will use a reasonable standard of care, consistent with the industry in which Sundial operates, to store, transmit and protect from disclosure all Biometric Data, and shall store, transmit, and protect from disclosure all Biometric Data in a manner that is the same as or more protective than the manner in which Sundial stores, transmits, and protects other confidential or sensitive data that can be used to uniquely identify an individual or an individual’s account or property.

Sundial shall be held harmless by Customer and all of Customer’s individual users for the use of Devices by Customer in a manner that is not compliant with applicable laws.

Illinois Biometric Information Privacy Act

In accordance with the Illinois Biometric Privacy Act (740 Ill. Comp. Stat. Ann. 14/1 et seq.) (“Illinois BIPA”), Sundial maintains comprehensive policies and procedures to ensure the proper collection, use, safeguarding, storage, retention, and destruction of Biometric Data by Sundial.  As required by the Illinois BIPA, Sundial makes publicly available its Biometric Data retention and storage policies in for foregoing sections. For purposes of clarity, these policies apply to all Customer personal data, not just the Customer personal data collected in Illinois.

Note: Nothing in this privacy statement is intended to constitute or provide legal advice to any Customer.