Illinois Biometric Data Policy

Last Updated: August 5, 2024 

Purpose:  Olo Inc. (“Olo,” “we” or “us”) has instituted this Illinois Biometric Data Policy (the “Policy”) to establish procedures for the collection, use, storage, retention and destruction of Biometric Data (defined below) that we collect from Illinois residents. We collect and process Biometric Data for our Know Your Customer (KYC) process (i) to verify and authenticate an individual’s identity, (ii) for fraud prevention purposes and (iii) to satisfy our legal and contractual obligations (together, the “Purposes”). We reserve the right to amend this Policy at any time, with or without advance notice.  

Scope: This Policy applies to all employees and personnel who have access to Biometric Data on behalf of Olo. We take reasonable steps to impose the requirements in this Policy on any service provider to whom we disclose Biometric Data.   

Definitions: 

Biometric Laws” means the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq.  

Biometric Data” means collectively all Biometric Identifiers and Biometric Information.  

Biometric Identifier” means a retina or iris scan, fingerprint, voiceprint or scan of hand or face geometry, or any additional characteristics defined as such under Biometric Laws. 

Biometric Information” means any information, regardless of how it is captured, converted, stored or shared, based on an individual’s biometric identifier used to identify an individual, or any additional characteristic or measurement defined as such under Biometric Laws. 

Collection and Disclosure of Biometric Data: 

We use and process Biometric Data in accordance with Biometric Laws. We use and process Biometric Data only for the Purposes and related activities set forth in this Policy. We do not sell, lease or trade Biometric Data.  

We obtain written consent from individuals prior to the collection of their Biometric Data. We will not disclose Biometric Data unless (i) we have obtained an individual’s consent or (ii) we are required by law, subpoena or warrant to make the disclosure. This Policy is not intended to restrict communications or actions protected or required by local, state or federal law.  

Retention Schedule & Destruction: 

We retain Biometric Data for so long as we need to achieve the initial purpose for collecting or obtaining such data or three years from the collection of an individual’s Biometric Data, whichever occurs first. Upon expiration of the retention period, Olo will securely destroy Biometric Data and require that its service providers do the same.  

Security:

We use a reasonable standard of care to store, transmit and protect Biometric Data.  

Questions:

If you have any questions about this Policy, please reach out to dataprivacy@olo.com.