Data Policy
Legion is a global provider of services facilitating workforce management collaboration between Legion’s customers and their workers. This document describes Legion’s approach to storing, processing, and otherwise handling data of companies (“Customers”) subscribing to Legion’s software products (the “Platform”), and information of individual employees (“Workers”) who also use the Platform. "Legion" means Legion Technologies, Inc. “You” refers to a user of the Platform, whether a Customer or a Worker.
Context of Use of the Platform by Customers and Workers
Customers and Workers utilize the Platform for various workforce management related activities, such as attendance capture, and shift scheduling.
Definitions
“Platform” means Legion’s suite of workforce management related products, provided on a software as a service basis, and the mobile app used by Workers to connect to the workforce management products.
“Engagement” means, as to a Customer, a connection to an individual Worker via the Platform. As to a Worker, a “Engagement” is a connection the Worker has with a Customer via the Platform.
“Activity Data” means data referencing interactions between a specific Customer and a specific Worker within the Platform (e.g., clock-in times, clock-out time, and calendar days worked).
“Worker Supplied Info” refers to information unrelated to Customer that a Worker voluntarily provides to Legion such as personal email address, phone number, self-photograph, notification preferences, location preferences or other preferences. As information voluntarily submitted by Worker about his/her personal information, the information could not be considered proprietary or confidential to the Customer, and this information does not identify Customer.
Ownership of Data
Legion recognizes and acknowledges that, as between Legion and each Customer, the Customer owns all data on the Platform processed by or for Customer and Activity Data. Similarly, Legion recognizes and acknowledges that, as between Legion and each Worker, the Worker owns all of his or her Worker Supplied Info and Activity Data.
Legion also recognizes that, given the interactive nature of the Platform --with both Customer and Workers contributing and exchanging information– that both Customer and Worker have an interest in and control of the data relating to their interactions.
Confidentiality
Legion understands the confidential nature of data on the Platform, and Legion will use reasonable technical and organizational measures to not use or disclose without authorization any Platform data.
Respecting the confidential nature of the data on the Platform, Legion will not sell, rent, or lease your confidential information.
Due to law restrictions, you agree to not contribute any data that is regulated under the International Traffic in Arms Regulations (U.S. government regulations addressing defense-related articles and services) nor any so-called “Sensitive Personal Information” (such as religious beliefs, medical history, or similar regulated personal attributes as defined by applicable law).
Deletion of Data
When Customer ceases using the Platform, Customer’s data can be deleted from the Platform. Similarly, a Worker at any time can delete any or all of his/her Worker Supplied Info (but Activity Data will still be available to Customer).
If a Worker cancels her/his profile or deletes the mobile application from his/her mobile device, he/she will no longer be able to access the Activity Data, but Customer may still access the Activity Data throughout Customer’s subscription on the Legion Platform.
Contact Information
When a representative of Customer creates a business account on the Platform, Legion asks for the name and contact information for an account administrator. The account administrator’s information may be used by Legion to contact the Customer with notices, service offerings and Platform administration purposes. The account administrator for Customer is given primary control regarding the establishment and maintenance of user accounts and contacts within a Platform. If Customer so chooses, Customer’s organization may provide additional contacts (e.g., “Customer Listed Contacts” in the Platform).
Legion recommends that users use caution in submitting personal information. For example, individual contact information submitted to the Platform should not include private home contact information.
Customers and Workers agree to not enter sensitive government identification numbers associated with individual persons into the Platform (e.g., U.S. Social Security Numbers), and to not send documents over the Platform containing such identifiers.
Voluntary Use by Workers
Workers may voluntarily download the Legion mobile application in order to use the Platform as a way to interact with his/her employer (the Customer). If a Worker objects to using the Platform, the Worker should not download or use the Legion mobile application.
Data Use by Legion
Legion will treat the Platform data as confidential information and unless otherwise authorized will use it only to: facilitate operation of Platform and related services; enhance use of the Platform by Customers or Workers; perform internal tracking and Platform improvement; analyze the extent to which you use the Platform (e.g., level of engagement, frequency and history); enable Legion to contact you; and process your interactions with Engagements through the Platform.
Legion may use your contact information to contact you relating to your use of the Platform in response to your support requests, and to provide service notifications.
Disclosures at the direction of Customer or Workers; Use of Third Parties.
In using the Platform, Legion will follow the Customer’s instructions in disclosing to Workers the information that Customer configures to expose to a Worker. Similarly, a Worker has certain configuration choices as to his/her profile. Legion will follow the instructions received from Customer and instructions from each Worker as to disclosures to others, such as a finance partner who might provide early wage access to Worker.
Legion utilizes service providers for certain aspects of the Platform (e.g., AWS being the hosting provider of the Platform), insisting that they adhere to these confidentiality obligations as to any Customer or Worker as part of the services provided to Legion by the service provider. Legion will remain responsible for all service providers utilized by Legion.
Data Analytics and Benchmarking
Legion may create Platform analytics, which includes information relating to system performance, level of usage and adoption. Legion will not disclose analytics unless it is (a) deidentified so as not to identify Customer, and (b) aggregated with data across multiple other customers.
Legion also offers to Customers who voluntarily opt-in to participate a benchmarking program (which is anonymized and aggregated so that Customer cannot be identified) to facilitate deeper analysis into workforce management practices. Benchmarking can provide Customer valuable feedback on how Platforms use compares to typical usage of others by industry, company size, or region.
Legion operates the analytics and benchmarking activities according to standards that protect the confidentiality of each Customer’s information and each Worker’s information.
Legion’s Commitment to Data Security
The Platforms are audited as a Type 2 for compliance with the SOC 2 Standards for Availability, Confidentiality, and Security. General information on the Legion security programs can be found at https://legion.co/toc/ss .
Legion is compliant with the regulations spelled out in the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and similar regulations.
Miscellaneous
The English version of this Data Policy shall govern in the event of any conflict or substantive translation impact of a non-English version of this Data Policy.
v10April2022