Last Updated:  November 10, 2023

  1. Purpose

Telos Corporation, a Maryland corporation, and its subsidiaries and affiliates (“Telos”) has adopted this Biometric Data Collection and Retention Policy (the “Policy”) for the collection, use, storage, safeguarding, transmitting, retention, and destruction of biometric data. 

  1. Scope

It is the guiding principle of Telos to collect, transmit, and retain biometric data in accordance with all applicable laws.  In this regard, this Policy sets forth the guidelines established by Telos for the collection, transmitting (or channeling), and retention of biometric data of Telos employees, contractors and consultants (collectively, “Telos Personnel”), Telos direct customers and participants in government programs operated by Telos (collectively, “Data Subjects”), and other third parties.

This Policy is effective as of November 10, 2023 (the “Effective Date”) and applies to all biometric data collected by Telos on or after the Effective Date.

  1. Definitions

“Biometric identifier” means the data generated by measurements of an individual’s unique biological characteristics such as a fingerprint, faceprint, voiceprint, retina or iris image, or any other biological characteristic that is collected by Telos for the purpose of identifying a specific individual. 

“Biometric data” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier and used to identify that particular individual.  The term “biometric data” as used in this Policy shall refer to both biometric identifiers and biometric data as defined in this section.  Biological characteristics collected by Telos but not associated with any personally identifying information of a specific individual for purposes of identification and authentication are not biometric data under this Policy.

  1. Guidelines

Telos shall collect, use, store, transmit, and protect from disclosure all biometric data in accordance with all applicable laws and in a manner consistent with how Telos stores, transmits, and protects from disclosure its other confidential and sensitive information. 

Except where the collection and transmitting of biometric data is performed in connection with federal, state, or local government requirements, or a program operating under federal law(s), the biometric data of Telos Personnel, Data Subjects, and other third parties shall be retained only for the period of time prescribed under applicable state law.

In the absence of specified retention periods under state law, the biometric data of Telos Personnel, Data Subjects, and other third parties shall be retained only until the purpose for collecting the biometric identifiers has been satisfied and the use and retention of the biometric data is no longer required, as determined by Telos in its sole discretion. 

For Telos Personnel, Data Subjects, or other third parties subject to the State of Illinois Biometric Information Privacy Act, 740 ILCS 14/ (“IL-BIPA”), and in circumstances where there is no federal preemption of state law, Telos shall permanently destroy biometric identifiers and biometric information, as those terms are defined by IL-BIPA, 740 ILCS 14/10, when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three (3) years of the individual’s last interaction with Telos, whichever occurs first. 

In the event any part of this Policy is found to be inconsistent with or conflicts with state law, the state law shall displace or preempt, in whole or in part as necessary, this Policy.

Telos may revise this Policy from time to time and will keep this Policy publicly available on its website.