Biometric Policy



Certain parts of our Services (as defined in our Privacy Policy) make use of biometric data.  Biometric data generally means personal data about an individual’s physical or human characteristics that can be used to identify that person, such as facial recognition technology performed on photographs collected through our Services. Biometric data may be subject to additional laws and regulations, including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”); and the Illinois Biometric Information Privacy Act (the “Illinois Act”), and other United States Federal, State or local legislation or ordinances (collectively, the “U.S. Laws,” and, in the aggregate, the “Biometrics Laws”). For the purposes of this Biometric Privacy Notice, “Biometric Data” means any such physical information we or our third-party service providers collect about you to identify you (such as a face scan performed on a photograph) and provide the Services that is within our possession, including, as applicable: (i) “biometric identifiers” and “biometric information” as defined under the Illinois Act or other U.S. Laws; and (ii) “biometric data” as defined under the GDPR.  This policy sets forth Civic’s procedures for how we treat Biometric Data. 

Collection, Disclosure, and Use of Biometric Data

We and/or our third-party service providers (e.g. Onfido) may collect Biometric Data from you to detect liveness and authenticate your identity when you use the Services and for other similar purposes. These identifiers may include facial recognition data, as well as mathematical representations of your biometric identifier, such as the template maintained for comparison.  We share Biometric Data as detailed in our Privacy Policy in order to provide the Services, including (i) with our third-party service providers who assist with the provision of our biometrics-related services or our IT, security, and fraud programs, and (ii) as required by law or regulation.  Except in connection with a merger, acquisition, reorganization, bankruptcy, receivership, purchase or sale of assets, other change of control event, or transition of service to another provider, Civic does not sell your Biometric Data.

When we collect Biometric Data, we endeavor to provide a specific notice and consent request at the time of that collection. Each user of our Services is required to expressly consent to our collection of such user’s Biometric Data when they engage with our Services. If a user chooses not to consent to our collection of such user’s Biometric Data, then then the user should notify us at We reserve the right to request a new consent if any of the terms contained in this Biometric Privacy Notice undergo a material change.

Retention of Biometric Data

Civic will retain Biometric Data in accordance with our Privacy Policy, except where otherwise required under the Biometrics Laws.

Unless required by law to maintain any specific Biometric Data for longer than our retention schedule, Civic will securely delete Biometric Data according to this schedule rendering it no longer available for inspection or access.

Security of Biometric Data

Civic implements industry-standard encryption and other data security technology designed to ensure that your Biometric Data is processed, stored, transmitted, and protected in a secure fashion.

Third-Party Service Providers

Civic uses certain third-party service providers, such as Onfido and FaceTec, to collect, store, and otherwise process Biometric Data on its behalf.  By using the Services, you agree that your Biometric Data will be processed in accordance with Onfido’s and FaceTec’s privacy and biometrics policies, which are generally available on their respective websites for your review.