Biometric Data Policy
This Policy describes how Simplex Investments, LLC (the “Firm,” “we,” “us,” or “our”) collects, uses, stores, retains, discloses, and destroys biometric identifiers and biometric information in accordance with the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”). This Policy is intended to be publicly available.
Effective Date: July 1, 2026
1. Scope
This Policy applies when the Firm collects, captures, receives, stores, or otherwise obtains biometric identifiers or biometric information from an individual in Illinois, including (as applicable) employees, applicants, contractors, visitors, or other individuals. This policy also applies to all biometric data collected, stored, used, transmitted, or destroyed by the Firm or by third-party vendors acting on the Firm’s behalf and all systems and devices that capture, process, or store biometric data, including but not limited to software that proctors assessments given to candidates for employment.
2. Definitions
BIPA defines the following terms:
“Biometric Identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.
“Biometric Information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.
“Biometric Data” means biometric identifiers and biometric information.
3. Purpose and Notice and Written Release (Consent)
The Firm may collect the following biometric data for the following purposes:
- Proctoring assessments given to candidates for employment;
- Identifying voices for purposes of automated notetaking in internal meetings;
- Identity verification for regulatory or compliance purposes; and
- Such other purposes as are specifically disclosed and consented to in writing.
Before the Firm collects or stores biometric data, the Firm will
- inform the individual in writing that the Firm collects, uses, and/or stores biometric data;
- inform the individual in writing of the specific purpose and length of term for which the Firm collects, stores, and uses the biometric data; and
- obtain a written release executed by the individual (or the individual’s legally authorized representative) authorizing the Firm to collect, store, and use the biometric data.
4. Prohibition on Sale or Profit
The Firm does not sell, lease, trade, or otherwise profit from an individual’s biometric data.
5. Disclosure and Redisclosure
The Firm will not disclose, redisclose, or otherwise disseminate an individual’s biometric identifier or biometric information unless one of the following applies:
- the individual (or the individual’s legally authorized representative) consents to the disclosure or redisclosure;
- disclosure or redisclosure completes a financial transaction requested or authorized by the individual (or the individual’s legally authorized representative);
- disclosure or redisclosure is required by state or federal law or municipal ordinance; or
- disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
6. Retention Schedule
The Firm will permanently destroy biometric data when the first of the following occurs:
- the initial purpose for collecting or obtaining the biometric data has been satisfied; or
- three years have passed since the individual’s last interaction with the Firm.
7. Guidelines for Permanent Destruction
When biometric data reaches the end of the retention period described in Section 6 above, the Firm will permanently destroy it using industry-standard methods designed to make the data unreadable and unrecoverable, such as overwriting, destruction of physical storage media, cryptographic erasure, or verified deletion from cloud infrastructure.
8. Security
The Firm stores, transmits, and protects biometric data using a reasonable standard of care within the Firm’s industry and in a manner that is the same as or more protective than the manner in which the Firm stores, transmits, and protects other confidential and sensitive information.
9. Questions
Questions about this Policy may be directed to: legal@simplextrading.com
