ETS中国的生物识别信息隐私政策
Biometric Information Privacy Policy for ETS China

ETS中国采用了以下生物识别信息隐私政策:

ETS China has adopted the following biometric information privacy policy:

生物识别数据 Biometric Data

“生物识别数据”是指任何生物特征识别（定义见下文）以及与自然人的身体、心理或行为特征有关的具体技术处理所产生的任何其他个人信息，用以识别或确认认该自然人的独特身份。

“Biometric Data” means any Biometric Identifier (as defined below) and any other personal information resulting from specific technical processing relating to the physical, psychological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person. 

“生物特征识别”是指视网膜或虹膜扫描、指纹、声纹、或手部或面部几何体的扫描。在不使用自动识别的数学分析或模板创建的情况下，生物特征识别不包括录音、书写样本、书面签名、照片或身体描述，如身高、体重、头发颜色或眼睛颜色。

“Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include audio recordings, writing samples, written signatures, photographs, or physical descriptions such as height, weight, hair color, or eye color, absent mathematical analysis or creation of templates for automated identification.  

处理生物识别数据的目的 Purposes for Processing Biometric Data

在遵守适用法律的前提下，ETS中国可以收集、使用和保留生物识别数据，以便在其批准的多重要素验证中识别和验证应试者和考试中心管理员。生物识别数据的处理仅用于支持考试的安全性和完整性以及相关目的，如起诉欺诈或知识产权盗窃。

Subject to applicable laws, ETS China may collect, use and retain Biometric Data to identify and authenticate test takers and test center administrators in connection with its approved multi-factor authentication programs. Biometric Data may be processed solely to support test security and integrity and for related purposes, such prosecution of fraud or intellectual property theft.

处理生物识别数据的规则 Rules for Processing Biometric Data

处理生物识别数据时要遵守以下要求:

The processing of Biometric Data is subject to the following requirements:

• 根据ETS中国隐私政策，生物识别数据被归类为敏感个人信息（和特殊类别数据），所有ETS中国隐私政策中关于敏感个人信息的规定应适用于生物识别数据的处理。

  Biometric Data are classified as Sensitive Personal Information (and Special Categories of Data) under the ETS China Privacy Policy and all provisions regarding Sensitive Personal Information in the ETS China Privacy Policy shall apply to the processing of Biometric Data. 

• ETS中国（或代表ETS中国收集生物识别数据的任何服务商）必须以书面形式通知个人：(a) ETS中国正在收集、取得或以其他方式获得个人的生物识别数据，并（如适用）将这些生物识别数据提供给其供应商和/或数据收集软件的许可方；(b) 收集、储存和使用个人生物识别数据的具体目的和时间长度。 生物识别数据收集通知必须符合适用的法律要求，例如，《根据欧盟通用数据保护条例》、《伊利诺伊州生物识别信息隐私法》和《中华人民共和国个人信息保护法》。

  ETS China (or any service provider that is collecting Biometric Data on ETS China’ behalf) must inform the individual in writing (a) that ETS China is collecting, capturing, or otherwise obtaining the individual’s Biometric Data, and (if applicable) providing such Biometric Data to its vendors and/or the licensors of the data collection software; (b) of the specific purpose and length of time for which the individual’s Biometric Data is being collected, stored, and used.  Biometric Data collection notices must meet applicable legal requirements, e.g., under the EU General Data Protection Regulation (GDPR), the Illinois Biometric Information Privacy Act (BIPA) and Personal Information Protection Law of the People's Republic of China (PIPL). 

• ETS中国（或代表 ETS中国收集生物识别数据的任何服务商）必须获得个人（或其合法授权代表，或其监护人）的肯定性书面同意，授权 ETS中国处理该生物识别数据。

  ETS China (or any service provider that is collecting Biometric Data on ETS China’ behalf) must obtain affirmative written consent from the individual (or his or her legally authorized representative, or his or her guardian) authorizing ETS China’ processing of the Biometric Data. 

• ETS中国不得出售、租赁、交易或以其他方式从个人的生物识别数据中获利。 ETS中国不允许其供应商或许可方出售、租赁、交易或以其他方式从这些生物识别数据中获利；但ETS中国的供应商和许可方可以因ETS中国使用利用该生物识别数据的产品或服务而获得报酬。

  ETS China shall not sell, lease, trade, or otherwise profit from individuals’ Biometric Data.  ETS China shall not permit its vendors or licenses to sell, lease, trade or otherwise profit from such Biometric Data; provided, however, that ETS China’ vendors and licensors may be paid for products or services used by ETS China that utilize such Biometric Data. 

• ETS中国不得向其服务商和许可人以外的任何人披露任何生物识别数据，除非：(a) 该个人（或其代表）已对该披露表示肯定性同意，(b) 该披露是法律要求的，(c) 该披露是根据有管辖权的法院发出的有效授权令或传票要求的，(d) 该披露是法律允许的。 

  ETS China shall not disclose any Biometric Data to anyone other than its service providers and licensors unless: (a) the individual (or their representative) has provided affirmative consent for the disclosure, (b) the disclosure is required by law, (c) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction, (d) the disclosure is otherwise legally permitted.  

• ETS中国应仅为考试安全性和完整性及相关目的而保留生物识别数据。除非法律规定的保留期限更短，否则 ETS中国通常会从收集之日起计算，将生物识别数据保留三 (3) 年。在保留期结束时，ETS中国应安全地删除和/或销毁生物识别数据，并要求其供应商和许可方也安全地删除和/或销毁该数据。如果拥有此类数据的个人撤回其对 ETS中国收集此类数据的同意，ETS中国应删除或匿名化有关生物识别数据。

  ETS China shall retain Biometric Data only as needed for test security and integrity and related purposes. Unless a shorter retention period is required by law, ETS China will generally retain Biometric Data for three (3) years from the date it was collected. At the end of the retention period, ETS China shall secure delete and/or destroy the Biometric Data and shall request that its vendors and licensors also securely delete and/or destroy the data. ETS China shall delete or anonymize Biometric Data if the individual who owns such data withdraws his or her consent for ETS China’s collection of such data.

• ETS中国应使用合理设计的组织、技术和物理控制措施来保护生物识别数据的安全性、保密性和完整性，以防止对于生物识别数据未经授权的访问或使用。这些安全控制措施的严格程度将不低于 ETS中国用来保护其他敏感个人信息的控制措施。ETS中国隐私政策及本生物识别信息隐私政策，规定了生物识别数据所需的最低限度的安全控制。

  ETS China shall protect the security, confidentiality and integrity of the Biometric Data using organizational, technical and physical controls that are reasonably designed to prevent unauthorized access to or use of the Biometric Data.  These security controls will be no less stringent than the controls used by ETS China to protect other sensitive personal information. The ETS China Privacy Policy and this Biometric Information Privacy Policy set the minimum security controls necessary for Biometric Data.