Legion Privacy Policy

Last Updated: December 17, 2025

NOTICE FROM YOUR EMPLOYER: YOUR USE OF THE LEGION WEBSITE AND MOBILE APPLICATION IS COMPLETELY VOLUNTARY AND NOT A CONDITION OF YOUR CURRENT OR PROSPECTIVE EMPLOYMENT. FOR ANY QUESTIONS ABOUT YOUR EMPLOYMENT, PLEASE CONTACT YOUR EMPLOYER. YOUR EMPLOYER DOES NOT GUARANTEE THE SERVICES' AVAILABILITY, PERFORMANCE, OR SECURITY

1. Introduction

This Privacy Policy (“Policy”) describes and governs the information collection, use, and disclosure practices of Legion Technologies, Inc. (collectively, “Legion,” “we,” “us,” and “our”) with respect to your use of the Legion platform, through both the Legion workforce management product and the Legion website and mobile application (together, the “Services”).

This Policy does not apply to information that Legion receives as a data processor or service provider on behalf of our enterprise customers (ex., Your Employer). Legion does not control how enterprise customers use this information—please contact your employer to understand their practices.

Before you use or submit any information through or in connection with the Services, please carefully review this Policy. By using any part of the Services, you acknowledge that Legion will collect, use, and disclose your information as further outlined in this Policy. We may update this Policy as the Services evolve, and changes will be posted here. Material updates will be communicated as required by law. Continued use of the Services indicates your
acceptance of any changes. As between Legion and an enterprise customer, if any terms of this Policy conflict with
any terms of a contract between Legion or you as the enterprise customer, the terms of the contract shall take precedence.

2. Information We Collect

A. Information You Provide

We may collect information directly from you in various ways, such as when you:

  1. Register for an account;
  2. Complete your user profile;
  3. Provide feedback or complete surveys;
  4. Request features like newsletters or updates;
  5. Use features requiring personal information (e.g., log-in areas);
  6. Communicate with us; and
  7. Post user-generated content (e.g., comments).

The information you provide directly to us may include, but is not limited to:

  1. name;
  2. email address;
  3. work location;
  4. postal address;
  5. username and password associated with your account;
  6. phone numbers;
  7. work preferences;
  8. payment or financial account information, including details collected via Legion InstantPay;
    and
  9. demographic information, such as data related to ethnicity or nationality.

Our Services may include forums, chat rooms, and other public areas.

  1. Information posted in these areas may be publicly visible and used by others.
  2. Be respectful when posting.
  3. While we may monitor and remove inappropriate content, we are not obligated to do so.

B. Information that is Passively or Automatically

We may collect certain information about you or your device automatically when you use the Services. This includes the following information listed below.

  1. Information About Your Device and Browser (e.g. geolocation, unique device identifiers, browser type, browser language, Operating System, mobile device carrier information, IMEI and TCP/IP address, the state or country from which you accessed the Services, etc.)
  2. Usage Stats Regarding How You Interact with the Services (referring and exit web pages and URLs, platform type, clicks, page and content views, time spent using the Services, domain names, statistical information about the use of the Services, date and time you used the Services, error logs, etc.)
  3. Commercial Information Regarding Your Use of the Services (transaction data related to your use of the Services)
  4. Cookies and Tracking Technologies
    • We use cookies, server logs, and tracking pixels to collect information about your use of the Services, including the information listed above, and to enhance your experience. Cookies and web server logs help us recognize your device, store your preferences and settings, analyze website traffic, perform searches and analytics, deliver tailored content, and support security. Some cookies are stored in your browser cache. Tracking pixels (also called web beacons) provide data on your Services and email usage and interactions, and ad views.
    • As we adopt additional technologies, we may also gather additional information through other methods.
    • You can adjust browser settings to manage cookies. Blocking cookies may limit some Service features. For more, see our Cookie Statement.

C. Location Data

We may collect general (e.g., IP address, zip code) and precise (e.g., GPS) location data to customize your experience, such as notifying you of nearby job shifts. We may disclose this data to our agents and vendors to support these features. You can disable location-based features through your device or app settings.

D. Information from Employees or Third Parties

If your employer signs up to use the Services, your employer may provide basic information like your name and email to help set up your account.

3. How We Use Your Information

A. We may use the information we collect from and about you to:

  1. Provide and operate the Services and features you request;
  2. Send you transactional information, alerts, and newsletters to which you have subscribed;
  3. With consent, to send you SMS messages;
  4. Respond to your questions and gather your feedback;
  5. Conduct internal research and reporting;
  6. Improve existing Services and develop new ones;
  7. Personalize your content;
  8. Enforce our legal terms; and
  9. Manage and troubleshoot the Services

B. We may also use information we collect from and about you for any other purpose disclosed to you at the time of collection, including with your consent, when requested or required by law.

C. We may also aggregate, anonymize, or de-identify information collected through the Services and use it for any purpose, including research and marketing. We may also disclose such data to third parties.

4. When We Disclose Information

A. We may disclose your information to any non-affiliated third parties in the following situations:

  1. With Your Consent: For example, if you're pursuing new or additional employment, we may disclose relevant information about you to potential employers at your request. If you post information in public forums, you are directing us to make such information available to others.
  2. Vendors: We may provide access to or disclose your information to vendors who help us deliver services such as marketing, customer support, analytics, legal services, and data processing.
  3. Your Employer: If you're employed by a Legion enterprise customer, your employer may access your profile, shift details, and other information related to your use of the Services as an employee of such customer.
  4. Legal and Safety Reasons: You acknowledge, consent, and agree that Legion may access, preserve, and disclose your information and/or any User Content (as defined in our Terms of Service) you submit or make available for inclusion on the Services, if required to do so by law or in a good faith belief that such access, preservation, or disclosure is permitted by Legion’s Privacy Policy or reasonably necessary or appropriate to:
    • comply with legal process;
    • enforce the terms of our Privacy Policy, our Terms of Service, or other contracts with you, including investigation of potential violations thereof;
    • respond to claims that any content violates the rights of third parties;
    • respond to your requests for customer service; and/or
    • protect the rights, property, or personal safety of Legion, its agents and affiliates, its users, and the public.
      • This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.
  5. Business Transfers: If we buy, merge, or partner with other transactions, your information may be transferred as part of the business deal. In such transactions—including due diligence in anticipation of such transactions—user information, including your email, may be transferred as part of our business assets.

5. Notice Concerning Do Not Track Signals

A. Do Not Track (“DNT”) is a browser setting that signals a user’s privacy preference. We do not currently respond to DNT signals, as there is no industry consensus on their interpretation or implementation. Learn more about DNT here.

A. Under applicable law, Legion is the “data controller” for certain personal data we process under this Policy. This means Legion is responsible for deciding how to collect, use, and disclose your personal data, subject to applicable law.

B. Some jurisdictions require us to identify the legal grounds for processing your personal data. As applicable, our legal grounds for processing are:

7. Your Rights & Choices

A. Depending on your jurisdiction, you may have certain rights regarding your information. These rights may include the right to:

  1. Access: Provide access to and/or a copy of certain information we hold about you.
  2. Delete: Delete certain information we have about you.
  3. Correct: Update any information we may have about you that is incorrect.

B. To exercise any of the above rights, please submit a request to [email protected] or by using this form. You may be required to verify your identity before we can process your request. If you have an account, logging in will serve to verify your identity and request, though we may request additional information if account security is in question. For non-account holders or where security concerns arise, we will request verification details that match our records, based on the nature and sensitivity of the request.

C. You may designate an authorized agent to submit a request on your behalf by providing written authorization or a signed power of attorney. Depending on your jurisdiction, you may still be required to verify your identity directly with us.

D. Specific Jurisdictions: Rights Under Local Laws: Your local laws (e.g., laws of the EU, European Economic Area, United Kingdom, and California) may permit you to make certain requests, which are outlined in the sections applicable to each jurisdiction below

Legal Rights by Region

  1. California
  2. Colorado
  3. Maryland
  4. Nevada
  5. EU/UK/EEA
  6. Canada
  7. Australia
  8. Middle East and North Africa (MENA)

8. Data Retention

A. We retain your information as long as needed to deliver the Services or until you modify or delete it. If you disclosed any public content through the Services, it may remain accessible. We may also keep information to meet legal obligations, resolve disputes, or enforce agreements.

9. Security

A. We use administrative, technical, and physical safeguards to protect against the loss, misuse and/or alteration of your information, with measures tailored to sensitivity of the information that we collect and store. However, no system is entirely secure, and we cannot guarantee protection against all unauthorized access, use, or disclosures.

B. You are responsible for keeping your account usernames and passwords secure. If you suspect they’ve been compromised, contact us immediately at [email protected] and update your password immediately. We are not liable for unauthorized access resulting from credentials obtained from you.

10. Data Transfers

A. We maintain systems in the U.S. and EU, which means your data may be processed in the U.S., where privacy protections may differ from those in other regions. By using the Services, you consent to the transfer and processing of your information to the U.S., even if local national laws (e.g., in the EU, UK, or certain other countries) provide stronger privacy protections.

A. Our Services may link to or embed third-party sites, apps, or services (e.g., retailers or merchants where you can make purchases). We are not responsible for their privacy practices. Please review their privacy policies before sharing your information with these services.

12. Changes to This Policy

A. We may update this Policy to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. Please review it periodically. Continued use of the Services after updates means you accept the revised Policy.

13. Questions About This Policy

If you have any questions about our Policy, you can contact us by emailing us at [email protected].

I. ADDITIONAL PRIVACY TERMS APPLICABLE ONLY TO USE OF THE LEGION PUBLIC WEBSITE

A. How We Use Information: In addition to the uses described in Section 3 above,

  1. We also may use the information we collect from and about you to:
    1. Contact you with relevant information, surveys, advertising, and third-party offers and
    2. Personalize your advertising experience.
  2. We may combine data we collect from and about you (including automatically-collected information) with information from our affiliates or third parties (such as marketers, partners, or researchers) and use it as described in this Policy.
  3. We may also disclose such data to third parties such as advertisers, promotional partners, sponsors, and/or others.

B. Analytics and Advertising:

  1. Analytics: We use third-party analytics services, such as Google Analytics, to understand how users interact with our Services. These providers may collect information like noting the third-party website from which you arrive, your IP address, site navigation (not including keystrokes data), and mouse movements, often in real time. This data helps evaluate usage and improve features. To prevent Google Analytics from using your information for analytics, you can opt out by installing the Google Analytics Opt-out Browser Add-on. If you receive emails from us, we may use tools like clear GIFs to track when you open them or click links, helping us measure communication effectiveness
  2. Advertising:
    1. We may use third-party advertising technologies (such as cookies and tracking technologies) to deliver relevant content and ads on our Services and across other websites and apps. These tools collect data from your device(s) used to access the Services about your interactions with the Services to help us:
      1. Serve personalized marketing content based on your interactions with the Services and other third-party sites
      2. Analyze ad performance and user engagement with such ads
    2. Third-party ad networks and analytics providers, such as Google Analytics, may place their own cookies or tracking technologies on your device(s). We do not control these third parties or how they use your data, and this Policy does not apply to their practices. Those parties that use these technologies may offer you a way to opt out of targeted advertising as described below. You may receive tailored advertising on your computer through a web browser. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may disclose to a service provider in hashed, non-human-readable form.
    3. You may opt out of targeted ads by visiting: Google Ads Settings
    4. We acknowledge and enforce legally recognized browser-based opt-out preference signals, including the Global Privacy Control (GPC), and honor such signals in accordance with, and to the extent required by, applicable law.
    5. For additional information about your rights regarding disclosures for advertising purposes, see the “Your Rights and Choices” section below.
    6. Note: Even if you opt out, you may still see ads—they just won’t be tailored to your interests. Cookie opt-outs are browser- and device-specific and may require you to opt out again if you clear cookies or switch devices. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

C. Your Rights & Choices: In addition to the rights and choices described in Section 7 above, you have the following rights:

  1. Marketing Emails: To opt out of marketing e-mail communications, you may click the “unsubscribe” link in the marketing e-mails. If you choose to opt out, we will still send you non-marketing communications, such as those about your account or our ongoing business relations.
  2. You may have the right to receive details about any financial incentives we offer, if any. You may also have the right to be free from discrimination for exercising certain of your legal rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Services to you. If you request that we delete it, you may no longer be able to access or use the Services. We may also retain information that you request us to delete subject to other applicable exemptions available under applicable law.
  3. Do Not Sell My Information: You may have the right to opt out of the “sale,” “sharing,” or use of your personal information for “targeted advertising” as those terms are defined under applicable law. As discussed in the “Analytics and Advertising” section of this policy, we may use cookies and similar technologies to use your information to provide you with targeted advertising. We may also disclose certain contact information, such as email addresses, to platforms for advertising purposes as well. Under certain US state privacy laws, use of your information for these purposes is considered a “sale,” “sharing,” or use of personal information for “targeted advertising.” To opt out of use of your information for these purposes, click the Global Privacy Control link in the footer of this website.
  4. Browser-Based Opt-Out Signals: We acknowledge and enforce legally recognized browser-based opt-out preference signals, including the Global Privacy Control (GPC), and honor such signals in accordance with, and to the extent required by, applicable law.

II. CALIFORNIA SUPPLEMENTAL NOTICE

This Supplemental Privacy Notice applies only to California residents and supplements the main Privacy Policy. It covers personal information (as defined under the California Consumer Privacy Act (“CCPA”)) collected through our Services and other means (such as offline interactions and phone communications). It does not apply to:

  1. Personal information collected from Legion employees or job applicants in their employment context and job applicants for openings with Legion;
  2. Personal information from business personnel (e.g., employees, contractors) collected during our provision or receipt of business-related services; or
  3. Personal information we process as a processor or service provider on behalf of our customers.

1. Categories of Personal Information Collected (Past 12 Months):

  1. California law requires us to disclose the categories of personal information we collect from California consumers, the categories of sources from which the information was collected, (as those terms are defined by applicable law) for which the information was collected, and the categories of third parties to whom we disclose it.
  2. As outlined in our Privacy Policy, we and our service providers may have collected the following categories of personal information for business or commercial purposes:
    1. Identifiers: Name, email address, phone number, postal address, and account information.
    2. Commercial Information: Transaction data related to your use of the Services.
    3. Financial or Payment Information: Payment or other financial information, including details collected via LegionPay.
    4. Professional and Employment Information: Employment and business contact details, including job titles, and business contact information.
    5. Internet or Device Activity: IP address, unique device identifiers, advertising and app identifiers, browsing history, or other usage data.
    6. Location Information: General (e.g., IP-based or time zone) and, with consent, precise geolocation.
    7. Audio or Similar Information: Such as audio recordings, such as calls to customer support.
    8. Protected Class Information: Data related to classifications like ethnicity or nationality.
    9. Other Information that Identifies or Can Be Associated with You: Communications or when you post on our chat rooms or message boards.
  3. We collect the above categories of personal information from: (1) you directly, (2) your use of the Services, and (3) third parties such as marketers, partners, and researchers.

2. How We Use Your Personal Data and Your Rights:

  1. We may use the information we collect from and about you for the following business and commercial purposes to:
    1. Provide and operate the Services and features you request;
    2. Send transactional information, alerts, and newsletters to which you have subscribed;
    3. With consent, send you SMS messages;
    4. Share relevant information, surveys, advertising, and third-party offers with you;
    5. Respond to your questions and gather feedback;
    6. Conduct internal research and reporting;
    7. Improve existing Services and develop new ones;
    8. Personalize your content and advertising experience;
    9. Enforce our legal terms; and
    10. Manage and troubleshoot the Services.
  2. We disclose personal information as described in this Policy, including with vendors and as required by law. In the past twelve months, we may have disclosed certain categories of personal information to third parties (as that term is defined by the California Consumer Privacy Act) for business purposes. For example, if you direct us, we may disclose your information with your employer or potential employers. This may include:
    1. Identifiers;
    2. Professional and employment information;
    3. Personal information related to protected classifications (such as when you use the Services to send information about yourself to potential employers that may include information related to your ethnicity); and
    4. Other identifying details, such as work schedule preferences.
  3. If you are a California resident, you may have certain rights. California law may permit you to request that we:
    1. Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
    2. Provide access to and/or a copy of certain information we hold about you.
    3. Delete certain information we have about you.
    4. Correct any inaccurate information we have about you.
  4. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Services to you. If you ask us to delete such information, you may no longer be able to access or use the Services.
  5. You may have the right to receive details about any financial incentives we offer, if any. You also have the right to be free from discrimination for exercising certain of your legal rights.
  6. To exercise your rights, please submit a request to [email protected] or by using this form. You must verify your identity before we can process your request. If you have an account, logging in will serve to verify your identity and request, though we may request additional information if account security is in question. For non-account holders or where security concerns arise, we will request verification details that match our records, based on the nature and sensitivity of the request.
  7. You may designate an authorized agent to submit a request on your behalf by providing written authorization or a signed power of attorney.

3. Do Not Sell My Information:

  1. You have the right to opt out of the “sale” or “sharing” of your personal information as those terms are defined under the CCPA. As discussed in the “Analytics and Advertising” section of this policy, we may use cookies and similar technologies to use your information to provide you with targeted advertising. This may include sharing data such as cookie identifiers, IP addresses, or browsing behavior with third parties for interest-based advertising. We may also disclose certain contact information, such as email addresses, to platforms for advertising purposes as well.
  2. Depending on your use of the Services, we may share the following categories of information for such interest-based advertising which may be considered a sale (as defined by the CPRA):
    1. Identifiers
    2. Commercial Information
    3. Internet or Device information and identifiers (e.g., IP address, ad IDs, cookies), and
    4. Connection and usage data (e.g., browsing history or app activity);
    5. General Location Information
  3. We “sell” or “share” this personal information to our advertising partners, such as advertising networks and providers, advertisers, and other third-party partners, including social media networks.
  4. You may opt out of this type of data sharing by clicking the “Your Privacy Choices” link in the footer of this website.
  5. If you have enabled a legally recognized browser-based opt-out preference signal (such as Global Privacy Control) on your browser, we recognize such preference in accordance and to the extent required by applicable law.

4. Shine the Light: Under California’s Shine the Light Law (CA Civil Code § 1798.83), California residents who have an established business relationship with a business for personal, family, or household purposes can request a list of the “third parties” to which the business has disclosed certain “personal information” in the last 12 months where the business knows or reasonably should know that those third parties used the personal information for the third parties’ own “direct marketing purposes” (each term as defined by the Shine the Light). Direct marketing purposes generally means use of such personal information to solicit or induce a purchase, rental, lease, or exchange of goods or services directly to individuals by means of the mail, phone, or email for non-business purposes. A business is not required to provide this information where the business adopts and discloses a policy of not disclosing “personal information” to “third parties” for their “direct marketing purposes” 1) unless the customer first affirmatively agrees or 2) if the customer has opted out of disclosure for such purposes. Legion maintains such a policy and thus is not required to provide this information. Specifically, Legion permits California residents to opt out of “sharing” of their personal information for cross-context behavioral advertising and “sales” of their personal information (as such terms are defined by the CCPA). Such opt out would apply to any disclosures covered by Shine the Light if applicable. Please click the Global Privacy Control link in the footer of this website to opt out. That said, during the prior calendar year, Legion did not engage in any disclosures in which it knows or reasonably should know that the third parties use the personal information for their own direct marketing purposes as defined by Shine the Light.

III. COLORADO SUPPLEMENTAL

This Supplemental Privacy Notice applies only to Colorado residents and supplements the main Privacy Policy.

How We Use Your Personal Data and Your Rights:

  1. How We Use Your Personal Data:
    • Your personal data is used primarily to provide Legion products and services, to fulfill legal obligations, or to support legitimate interests such as service personalization, development, and fraud detection.
  2. Submit a State Privacy Act Report Request:
    • You may request a State Privacy Act Report containing your personal information collected and sold or disclosed for a business purpose.
    • The State Privacy Act Report includes: (i) categories of sources and categories of personal information collected; (ii) specific personal information collected; (iii) business or commercial purposes for collection or sale of personal information about you; and (iv) categories of personal information shared and the third parties to whom we sold or to whom we disclosed for a business purpose such information.
  3. Notice of Right to Opt-Out of Sale/Sharing:
    • A “Do Not Sell or Share My Personal Information” request (opt-out) restricts the use of your personal information under Colorado law from being processed for purposes of: (i) targeted advertising, (ii) personal data sales, and (iii) automated profiling that produce legal or similarly significant effects concerning you, if applicable.
    • A Full Opt-Out prevents the sale of your personal information ot a third party, with certain exceptions. Separately, we also offer a Partial Opt-Out request option. A Partial Opt-Out request will opt-out your personal information we maintain that is subject to the Colorado Privacy Laws except for any data we have relative to your occupation or profession, which will continue to be sold to third parties. In any case, an opt-out request will not apply to information that is exempt from the requirements of the Colorado Privacy Laws. If you have previously opted out but instead want to authorize your personal information to be sold, you may submit an Opt-In request.
    • When you visit our websites, we use tracking technologies which may be considered a "sale" of your personal information for targeted advertising. You may request to opt-out of such tracking technologies by utilizing the "Cookie Settings" link on our websites that use tracking technologies for targeted advertising or by sending an opt-out preference signal supported by your device or browser. Your use of an opt-out preference signal will apply only to your device or browser and not to other consumer information that is not linked to your device or browser.
    • To submit an opt-out request at [email protected]
  4. Delete My Personal Information: In some instances, you may request the deletion of your personal information. Some exemptions apply to the right to deletion.
  5. Right to Correct: You have the right to request the correction of inaccurate personal information maintained about you. To submit a correction request, contact us via [email protected]
  6. Right to Be Free from Discrimination: You have the right to not be discriminated against in pricing and services because you exercise any of your rights under the Colorado Privacy Laws.

IV. MARYLAND SUPPLEMENTAL

This Supplemental Privacy Notice applies only to Maryland residents and supplements the main Privacy Policy.

How We Use Your Personal Data and Your Rights:

  1. How We Use Your Personal Data: Your personal data is primarily used to provide you with the Legion products and services you request. It may also be used to comply with legal obligations we are subject to or to fulfill our legitimate interests, such as to personalize your experience, develop and improve our services, or to detect illegal activities.
  2. Your Rights: MODPA offers consumers many of the same rights found in other state privacy laws, such as the right to:
    • Access the consumer’s personal data
    • Confirm/know whether a controller is processing the consumer’s personal data
    • Correct inaccuracies in the consumer’s personal data
    • Delete the consumer’s personal data provided by or obtained about the consumer (unless retention is required by law)
    • Obtain a copy of the consumer’s personal data processed by the controller in a portable and (to the extent technically feasible) readily usable format and
    • Opt-out of the processing of personal data for targeted advertising, the sale of personal data, and profiling in furtherance of solely automated decisions that result in legal or similarly significant effects on the consumer.
    • Request a list of the specific third parties to which the controller has disclosed the consumer’s personal data.

V. NEVADA SUPPLEMENTAL

This Supplemental Privacy Notice applies only to Nevada residents and supplements the main Privacy Policy.

How We Use Your Personal Data and Your Rights:

  1. Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined by Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity.
  2. To learn more about your rights under Nevada law, visit https://www.leg.state.nv.us/NRS/NRS-603A.html

VI. U.S. DATA PRIVACY FRAMEWORK SUPPLEMENTAL NOTICE

This U.S. Data Privacy Framework Supplemental Notice applies to personal information transferred from the European Union (“EU”), United Kingdom (“UK”), and Switzerland to the United States pursuant to the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as administered by the U.S. Department of Commerce.

  1. Participation and Certification
    • Legion Technologies, Inc. complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the United States. Legion has certified to the U.S. Department of Commerce that it adheres to the DPF Principles. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
  2. Scope of Compliance
    • This certification covers personal information received by Legion in the United States from the EU, UK, and Switzerland in reliance on the DPF.
  3. Purposes for Collection and Disclosure
    • We may use the information we collect from and about you to provide and operate the services and features you request; send transactional information, alerts, and newsletters to which you have subscribed; with your consent, send SMS messages; share relevant information, surveys, advertising, and third-party offers; respond to questions and gather feedback; conduct internal research and reporting; improve existing services and develop new ones; personalize your content and advertising experience; enforce our legal terms; and manage and troubleshoot the Services.
    • We may also disclose your personal information with subprocessors and other third parties that provide services necessary to enable us to deliver our services (including those described above), content, and features to you and other users.
  4. Accountability for Onward Transfers
    • We remain responsible for the processing of personal information we receive under the DPF and subsequently transfer to a third party acting as an agent on our behalf. We comply with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.
  5. Individual Rights and Choices
    • EU, UK, and Swiss individuals have the right to access the personal information that we hold about them. Individuals may request to correct, amend, or delete inaccurate information, or exercise other rights provided under the DPF Principles. To exercise these rights, contact us at [email protected].
  6. Independent Dispute Resolution
    • In compliance with the DPF Principles, Legion commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States. EU, UK, and Swiss individuals with inquiries or complaints regarding our compliance with the DPF should first contact us at [email protected].
    • Legion has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-a-dpf-claim for more information or to file a complaint. This service is provided at no cost to you.
  7. Binding Arbitration
    • You may also be able to invoke binding arbitration under the DPF Panel as a last resort, pursuant to the DPF Principles.
  8. U.S. Regulatory Oversight
    • Legion is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) with respect to personal information received or processed under the DPF.
  9. Compelled Disclosure
    • We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

VII. EU/EEA/UK SUPPLEMENTAL

This European Economic Area (“EEA”) Privacy Notice (“EEA Notice”) supplements the main Privacy Policy. We provide this EEA Notice to comply with our obligations as a company that may control and/or process personal data as a part of our business activities related to the EEA, the United Kingdom and Switzerland under the EU General Data Protection Regulation (“GDPR”), UK Data Protection Act, and Swiss Data Protection Act, as applicable. This EEA Notice must be read in conjunction with our Privacy Policy to understand all of the terms that apply to the processing of your personal data. Any capitalized term used in this EEA Notice but not defined will have the meaning ascribed to it in the applicable privacy act or our Privacy Policy.

  1. For what type of personal information we collect: See Section 2 of the Privacy Policy.
  2. For how we get your personal information and why we collect it: See Sections 2(b)-(d), 3, and 5 of the Privacy Policy as well as provided below in this Supplemental.
  3. Who we may share your information with: See Section 4 of the Privacy Policy.
  4. Under applicable laws, Legion is the “data controller” responsible for determining how your personal data is collected, used, and shared. Where required (e.g., in the EU or UK), we disclose our legal bases for processing in the section below:
    • Your consent. Where required by law, and in some other cases, we use, share, or disclose information on the basis of your consent. You are able to remove your consent at any time. You can do this by contacting [email protected]
    • We have a contractual obligation. We may use, share, or disclose information to honor our contractual commitments to you, e.g. to comply with our Terms of Service.
    • We have a legal obligation. We need to use, share, and disclose information in certain ways to comply with our legal obligations.
    • We have a legitimate interest. In many cases, we use, share, or disclose information on the ground that it furthers our legitimate business interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as customer service, certain promotional activities, analyzing and improving our business, providing security for our Services, preventing fraud, and managing legal issues.
  5. How We Store Your Personal Information: See Sections 9-12 of the Privacy Policy.
  6. Where We Securely Store Your Information: Your EU Personal Data are primarily operated and managed on servers located within Oregon and Ireland.
  7. Your Data Protection Rights: Under data protection law, you have rights including:
    • Your right of access - You have the right to ask us for copies of your personal information.
    • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
    • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
    • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances (including any direct marketing processing based on profiling).
    • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances (including any direct marketing processing based on profiling).
    • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
    • Your right to revoke consent- You have a right to revoke your consent for the processing of your information.

Please contact us at [email protected] if you wish to make a request. We may request you provide us with information necessary to confirm your identity before responding to your request. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

How to Complain:

  1. If you have any concerns about our use of your personal information, you can make a complaint to us at Legion Technologies, Inc.
  2. If you are in the UK: You can also complain to the ICO if you are unhappy with how we have used your data.
    The ICO’s address:
    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AFHelpline number: 0303 123 1113
    ICO website: https://www.ico.org.uk
  3. If you are in the EEA: You can also complain to your local data protection authority if you are unhappy with how we have used your data. For more information on your local authority: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

VIII. CANADA SUPPLEMENTAL

This Supplemental Privacy Notice applies only to Canadian residents and supplements the main Privacy Policy.

How We Use Your Personal Data and Your Rights:

  1. Canadian residents have the right to request access to or correction of personal data held by Legion.
  2. If you demonstrate that the information is inaccurate or incomplete, we will update it as required. We may require you to verify your identity before processing such requests.
  3. You may also withdraw your consent for the collection, use, or disclosure of your information, although doing so may limit your access to certain Services.
  4. To exercise these rights or submit a complaint, please contact us at [email protected]

IX. AUSTRALIA SUPPLEMENTAL

This Supplemental Privacy Notice applies only to Australian residents and supplements the main Privacy Policy.

How We Use Your Personal Data and Your Rights:

  1. We will process Personal Data under this General Data Privacy Notice according to the Australian Privacy Act 1988 and the Australian Privacy Principles.
  2. To exercise your rights or raise privacy concerns under those laws, contact our Data Protection Officer at [email protected]
  3. If you disagree with the resolution proposed by us, you also have the right to lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”) at http://www.oaic.gov.au.

X. MIDDLE EAST AND NORTH AFRICA (MENA) SUPPLEMENTAL

This supplemental privacy notice applies to residents of countries in the Middle East and North Africa and supplements the main Privacy Policy.

How We Use Your Personal Data and Your Rights:

  1. Your personal data is primarily used to provide you with the Legion products and services you request. It may also be used to comply with legal obligations we are subject to or to fulfill our legitimate interests, such as to personalize your experience, develop and improve our services or to detect illegal activities. With your prior consent, it may also be used to send you offers and promotions.
  2. You have a number of rights including the right to:
    • Request access to, change, or remove your personal data, or
    • Change your marketing preferences (including withdrawing your consent at any time).
  3. To exercise your rights or raise privacy concerns, contact our Data Protection Officer at [email protected]
  4. You have a right to lodge a complaint with your local Data Protection Supervisory Authority.

 

Archive