Magnit Privacy Notice
Magnit (formerly Workforce Logiq) VMS

Magnit (formerly Workforce Logiq) is committed to protecting the privacy of the users of the Vendor Management System ("VMS") and that of the individuals whose personal data is collected, processed or stored on or through the VMS, (collectively "users" or "data subjects"). We want to provide a safe and secure user experience. We endeavor to ensure that the personal data submitted to us remains private and used only for the purposes as set forth herein. The following sets forth the Privacy Notice ("Privacy Notice" or "Notice") for the VMS.

Privacy Policy

Magnit adheres to the following:

• We collect, retain and use personal data for the performance of our professional business services when delivering contingent workforce management services. We limit the personal data we collect to that which we believe is appropriate and necessary to manage user needs, provide our services and comply with applicable laws.
• We strive to maintain the accuracy of personal data.
• Our employees are required to protect personal data on our system. We have internal policies and programs designed to protect personal data.
• We limit the internal and external disclosure of personal data.
• We do not share personal data with any third parties, except as set forth below.

Categories of Information Collected and Processed

Magnit uses many sources of information to help us meet our needs and the needs of our customers and users.

Personal Data: Magnit collects personal data including:

• For workers directly employed by Magnit: Magnit maintains certain personal data about our employees as part of our general employee records. This includes contingent workers who are directly employed by Magnit and assigned to work at our clients ("Magnit Employees").

  Magnit's records include:

  • Names and contact data may include your first and last names, personal and/or professional email addresses, physical addresses, phone numbers, and emergency contact information.
  • National Identifiers such as your national identification, passport information, citizenship, residency, work permit, social security number, or other government identification number, to the extent required by applicable law used for payroll processing, tax compliance and verifying right to work.
  • Employment Information such as the position you hold now or in the past, job title(s), work location, hire date, date of termination, educational background, employment application, history with the company, areas of expertise, details of compensation and benefits, bank details, performance appraisals and salary reviews, records relating to holiday and other leave, working time records and other management records (collectively, "Employee Data"). Employment Information may be used for, among other things, general workforce management, human resources management, compensation and benefits administration Employee Data can be processed by Magnit as controller related to 1. Employee data of Magnit as part of Magnit's internal organization workforce (Working Staff) and 2. Employee data of Magnit as part of Magnit's external workforce organization (Contingent Workers) and as such deployed at Clients of Magnit.

• For workers employed or supplied by third parties: Magnit maintains personal data about contingent workers employed or supplied by third parties such as temporary employment agencies and other labor providers.

  • Names and contact data may include your first and last names, personal and/or professional email addresses, physical addresses, phone numbers, and emergency contact information.
  • National Identifiers such as your national identification, passport information, citizenship, residency, work permit, social security number, or other government identification number. to the extent required by applicable law used for payroll processing, tax compliance and verifying right to work.
  • Employment Information such as the position you hold now or in the past, job title(s), work location, assignment start and end dates, educational background, history with the company, areas of expertise, job performance records relating to holiday and other leave, working time records and other management records.

• For customers and Magnit staff employees: Limited personal data is kept on the VMS for users such as client managers and Magnit staff employees.

  This may include:

  • Names and contact data may include your first and last names, personal and/or professional email addresses, physical addresses, phone numbers, and emergency contact information.

Anonymized Data and Aggregated Statistical Information: Magnit may use anonymized data and aggregated statistical information to enhance its services and in connection with other services Magnit may offer to its customers. Magnit also may use the aggregated and statistical data derived from the operation of the VMS, including, without limitation, the number of records in the system, the number and types of transactions, configurations, and reports processed in the system and the performance results for the system for purposes of providing or improving service, benchmarking service performance, preparing statistics and system metrics, and marketing, or to provide other services that Magnit may offer to its customers; provided however, that Magnit's use of anonymized data and/or aggregated statistical information will not reveal personal data to any third party.

The Reasons We Process Personal Data

We process personal data for the following purposes and lawful processing grounds:

• Purpose: Delivering Contingent workforce management.

• Lawful processing ground: processing is necessary for the purposes of the legitimate interests pursued by Magnit or its clients, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  • For example, Magnit and its client have a legitimate interest in locating qualified individuals for possible employment by Magnit or to place on assignment to provide services to our clients, communicating with them, evaluating, and hiring them, and retaining them in their jobs and/or assignments.
  • We may also collect and use your personal data when necessary for other legitimate interests, such as general HR administration (such as administering payroll and employee benefits, maintaining attendance records, responding to reference requests), company directories, general business management and operation (such as conducting performance and compensation reviews, determining suitability and fitness to render services to our client(s), disclosures for auditing and reporting purposes, internal investigations, management of network and information systems security and business operations, provision and improvement of employee services, physical security and to protect the life and safety of employees and others.

• Lawful processing ground: We may use your personal data to comply with the law, including collecting and revealing personal data as required (e.g., for minimum wage, hours worked, tax, health and safety, anti-discrimination laws, and global mobility), to respond to judicial authorities, or to exercise or protect Magnit's and/or its client's legal rights.

It is not a statutory requirement to provide the personal data in accordance with this Privacy Notice. However, providing certain categories of personal data might be necessary to execute the agreement with Magnit. Failure to provide your personal data when requested may prevent us from being able to carry out these tasks and/or comply with our legal obligations, in which event Magnit is entitled to decrease or terminate the contractual relationship.

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need it for another purpose that is compatible with the original purpose and there is a legal basis for further processing.

Magnit does not:

• Use the data collected in any form of automated decision-making.
• Collect or process "special categories of personal data" as that term is used in the EU General Data Protection Regulations (GDPR), Article 9 without your consent, e.g., we do not collect or process data revealing the user's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning user sex life or sexual orientation. If we become under a legal obligation to collect such data, we will always inform you and ask for your specific consent before processing.
• Collect or process personal data of persons who are less than 16 years old.

How We Share Personal Data

For the purposes described in this Notice, Magnit may disclose the personal data of users:

• Employee Data: Employee Data can be processed by Magnit as controller related to 1. Employee data of Magnit as part of Magnit's internal organization workforce (Working Staff) and 2. Employee data of Magnit as part of Magnit's external workforce organization (Contingent Workers) and as such deployed at Clients of Magnit. Employee data of 1 (Working Staff) can be processed by our related Magnit group companies (including Magnit Unlimited, Inc) when necessary for fulfillment of our employment obligations. Magnit uses Employee data of Working Staff for a variety of personnel administration and employee, work, and general management purposes;
• To third parties who provide Magnit with legal and accounting advice, or who provide or administer our insurance, retirement funds, and employee benefits;
• To third party contractors who perform services on our behalf, such as reviewing and developing our business systems, procedures, and infrastructure (including testing or upgrading our computer systems);
• To the client(s) for whom you provide services;
• To government agencies or individuals appointed by a government responsible for the investigation and resolution of disputes or complaints; or
• To comply with our legal obligations, regulations, or contracts, or to respond to a court order, administrative or judicial process, such as subpoena, government audit or search warrant;
• As required to create, exercise, or defend against future, threatened, or actual legal action (such as with adverse parties and the court in litigation);
• Wherever it is important to protect Magnit, its client, your vital interests (such as safety and security), or the interests of another individual;
• In connection with the sale, assignment or other transition of all or part of our business such as to a potential purchaser and its legal/professional advisors); or
• Otherwise in accordance with your consent or as otherwise required or authorized by law.

Security of Your Personal Data

Magnit is committed to keeping your personal information secure. To help protect your personal data from unauthorized access, use, or disclosure, we employ a range of security technologies and procedures. This includes establishing, implementing, maintaining, and continually improving a privacy and security information management system based on the requirements, control objectives and controls in ISO 27001, and extended by a set of privacy-specific requirements, control objectives and controls. Also, to demonstrate compliance with data protection regulations such as GDPR. ISO/IEC 27701 specifies control implementations around the following areas: For example, we store your personal information on computer servers with restricted access that are housed in secure facilities, and we encrypt highly confidential or sensitive personal information when processed.

Where We Store and Process Data

• When delivering our contingent workforce management services using the VMS in Europe, the data controlled by our customers and users will remain on servers in Europe.

• Employee Data can be processed by Magnit as controller related to
  • Employee data of Magnit as part of Magnit's internal organization workforce (Working Staff)
  • Employee data of Magnit as part of Magnit's external workforce organization (Contingent Workers) and as such deployed at Clients of Magnit.

• The Employee Data as mentioned under 2: Employee Data related to Employees of Magnit as part of Magnit's external workforce organization (Contingent Workers) and as such deployed at Clients of Magnit using the VMS in Europe will not be transferred outside the EEA.

Our Retention of Personal Data

Personal data will be stored according to the applicable laws or regulatory requirements and kept as long as is necessary to fulfill the purposes for which it was collected. Generally, this means that your personal data will be retained as documented in our corporate data retention schedule, contracts, and applicable supplemental documents.

Cookies

To make the VMS work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

• What are cookies?

  A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don't have to keep re-entering them whenever you come back to the site or browse from one page to another.

• How do we use cookies?

  The cookies that may be used on VMS fall into the categories described below. These descriptions can help you determine if and how you would like to interact with our websites and other online services.

  • STRICTLY NECESSARY COOKIES

    These cookies are essential in order to enable you to navigate this website and use certain features. A strictly necessary cookie is a type of cookie that is used by the website to function properly, without which the site would not work.

  • PERFORMANCE COOKIES

    We (or service providers operating on our behalf) may place our performance cookies on your device. The information collected using our performance cookies is used by us or for our benefit, to improve our website experience or for other statistics gathering purposes. Performance cookies are used to generate aggregated, anonymous information about how you and other users use this website and its features.

  • FUNCTIONALITY COOKIES

    We (or service providers operating on our behalf) may place our functionality cookies on your device. We do not share information collected using our functionality cookies with other third parties. Our functionality cookies are used to remember choices you make (such as language preference, country location, or other online settings) and provide the personalized or enhanced features that you select.

• How to control cookies?

  You can control and/or delete cookies as you wish - for details, see www.aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

  Magnit does not track its users when they cross to third party websites, and does not use targeted advertising, and therefore does not respond to Do Not Track signals.

For Residents of the US, EU, UK, EEA, and Switzerland

When using the VMS the data subjects can:

• Make a request for access to and a copy of your personal information;
• Request the rectification (or correction) of any incorrect personal data;
• Request the erasure (or deletion) of personal data that is no longer needed to serve the purposes for which it was obtained, or that Magnit or its client does not need to keep for other legitimate purposes;
• Restrict or object to your personal data being processed; and
• Request that your personal data be ported (transferred) to another organization.

These rights can be applied differently depending on the type of data involved and Magnit's specific legal justification for processing personal data.

Please contact our data protection officers by means of privacy@magnitglobal.com if you want to exercise one of the above privileges. Any requests will be considered and responded to in compliance with relevant data privacy laws. Please be aware that we may ask you for personal details in order to verify your identity and right of access, as well as to search for and provide you with the personal data we have about you.

You have the right to revoke your consent at any time if we are depending on your consent to process (any of) your personal data. Please notice, however, that the lawfulness of the processing prior to the revocation of your consent will not be affected.

Questions or complaints

For questions or complaints about how we handle personal data you can contact us at:

Magnit
Marconibaan 1a,
3439 MR, Nieuwegein,
The Netherlands

If you do not receive timely acknowledgement of your question or complaint from us, or if we have not addressed your complaint to your satisfaction, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where the Magnit controller that collected your personal data has its registered seat. A list of the national data protection authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

For Residents of the US, including California

Magnit Unlimited Inc. continues to comply with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and/or Switzerland, respectively, to the United States. However, Magnit does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the EU Court of Justice in Case C-311/18. Magnit has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

The main body of this Privacy Notice provides information to California residents whose personal information is processed pursuant to the California Consumer Privacy Act of 2018 ("CCPA") and California Privacy Rights Act ("CPRA"). (For purposes of this Privacy Notice, the term "personal data" has the same meaning as the term "personal information" is defined in the CCPA.)

This Privacy Notice:

• Describes the categories of personal information Magnit collects from you (see "Categories of Information Collected and Processed"; and
• Describes the purposes for which that information is collected (see "Why We Process Personal Data" and "How and Why We Share Personal Data" above).

The sources of information from whom we collect personal data are noted under Personal Data, above.

Your Data Subject Rights

• Make a request for access to and a copy of your personal information.;
• Request the rectification (or correction) of any incorrect personal data;
• Request the erasure (or deletion) of personal data that is no longer needed to serve the purposes for which it was obtained, or that Magnit or its client does not need to keep for other legitimate purposes.

If you have questions about your personal information or our CCPA compliance program, please contact us:

Magnit
1150 Iron Point Road, Ste. 100,
Folsom, CA 95630,
United States
Email: privacy@magnitglobal.com

Updates and Changes to this Privacy Notice

We will update this document if our privacy policies change so that you are aware of what information we gather, how it is used, and under what conditions it may be revealed. Magnit will have the possibility to alter, amend, or adjust this Notice after which the Notice with it's changes will be will be published online. This Notice is effective as of the date that appears at the top of this document. In the event of any questions about our privacy policies or related matters, please contact us at privacy@magnitglobal.com.

Privacy Shield Statement:

Magnit* complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and/or Switzerland, respectively, to the United States. However, Magnit does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data, in light of the judgement of the Court of Justice of the European Union (Schrems II). Magnit has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov .

Magnit is subject to the jurisdiction of the United States Federal Trade Commission, which has the right to enforce Magnit's compliance with the Privacy Shield Programs. Magnit has further committed to cooperating with EU and UK data protection authorities ("DPAs") with regard to unresolved EU-US Privacy Shield complaints regarding personal data transferred from the EU. If a data subject does not receive timely acknowledgement from us of their complaint, or if we have not addressed the complaint to their satisfaction, they should contact the EU or UK DPAs (as applicable) for more information or to file a complaint. The services of the EU and UK DPAs are provided at no cost to data subjects.

In compliance with Privacy Shield principles, Magnit commits to resolve complaints about our collection or use of your personal information. Individuals with complaints regarding our Privacy Shield policy should first contact Magnit at privacy@magnitglobal.com . If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where the Magnit controller that collected your personal data is registered. Under certain conditions, you may invoke binding arbitration for complaints regarding Privacy Shield compliance that are not resolved by following complaint procedures.

For onward transfers to third parties, Magnit complies with contractual obligations and shares data as noted above in this Notice.

*Magnit's Privacy Shield certification includes Magnit's affiliate entities: Magnit APC II, LLC; Magnit JMM, LLC.; Magnit Quick, LLC; Magnit APC III, LLC; APC Workforce Solutions II, LLC; Job Market Maker, LLC; Quick Acquisition, LLC; ZeroChaos, LLC; APC Workforce Solutions III, LLC.