For security and similar purposes, Freddie Mac uses various tools that capture biometric information from certain individuals seeking entry to our facilities or particular areas within our facilities. For purposes of this policy, “biometric information” is data derived from an individuals’ biometric identifiers, such as a fingerprint, handprint, voiceprint, retina or iris pattern, face geometry, or other unique biological pattern or characteristic that is used to identify a specific individual. Biometric information does not include photographs or audio or visual recordings.

As of the Revision Effective Date of this policy, as noted below, Freddie Mac only captures biometric information from employees, on-site contractors, and other individuals who work for or with Freddie Mac. The captured biometric information is derived from facial, fingerprint, or handprint scans. The scanned image is analyzed by software that identifies major features of the face, fingerprint, or handprint and converts those features into a mathematical code that, to the best of our knowledge, cannot be reverse-engineered or converted back to the scanned image. We do not retain the scanned image itself, and we only use it to create this mathematical code. Only the mathematical code is retained. This mathematical code is biometric information for purposes of this policy and we collect, retain and use it as follows:

  • Purpose of Collection. We use biometric information solely in connection with security and access control for our offices, buildings, and other facilities.
  • Opportunity to Consent. Individuals from whom we collect biometric information are first asked to complete a consent and release to permit the collection of the biometric information. The consent and release can be declined. Consent can also be revoked after consenting. If individuals decline the consent and release or later wish to revoke consent, they may do so at any time and without any adverse employment or other action. Individuals who decline a scan and the corresponding consent and release, or revoke consent, must instead use two-factor authentication (i.e., badge and PIN) to access our facilities. Anyone who declines the consent and release or revokes the consent must have a badge and PIN issued by Corporate Security or the Badging Office. Consent may be revoked by contacting Corporate Security or the Badging Office.
  • Storage and Third-Party Disclosure. Biometric information is stored on segregated, company-owned servers and equipment and is disclosed to or stored with trusted third-parties who provide security, authentication, or fraud-prevention services to Freddie Mac. We do not sell, lease, trade or otherwise profit from biometric information.
  • Disclosure for Legal Purposes. Freddie Mac does not and will not disclose any biometric information to anyone other than as described above or as required by law.
  • Retention. Freddie Mac retains biometric information only until, and permanently destroys such biometric information when, the purpose for obtaining it has been satisfied. Typically, this occurs within 30 days of the date when an individual who works for or with Freddie Mac and requires access to our facilities last interacts with Freddie Mac (normally when they stop working for or with us). In all cases, permanent destruction occurs no later than one (1) year after that date.
  • Data Security. Freddie Mac uses, and requires its suppliers who store or have access to biometric information to use, a reasonable standard of care to collect, store, transmit and protect from disclosure all biometric information collected. Such collection, storage, transmission, and protection from disclosure is performed in a manner that is the same as or more protective than the manner in which we collect, store, transmit and protect from disclosure other confidential and sensitive information including personal information that can be used to uniquely identify an individual.

For questions about this policy or other privacy matters at Freddie Mac, contact: [email protected].

Revision Effective Date: September 14, 2022