Chicago Heights Steel respects the privacy of the people who use the CHS Mobile App. This Privacy Policy explains, in plain terms, what information the app collects, why we collect it, how we use and share it, and the choices you have. We have aimed to keep it readable while still being complete.
In this policy, "Company," "we," "us," and "our" mean Chicago Heights Steel (CHS) together with its internal divisions Highway Steel, Inc. (HSI) and Raw Materials, Inc. (RMI). "App" means the CHS Mobile App and the systems that support it, including the mobile and desktop applications, the web portal, the clockhouse display screens, the badge and gate access-control hardware, and the server and database that run them. "You" means an employee, supervisor, security officer, administrator, or authorized contractor who uses the app. You can learn more about the Company at chs.com.
The app is a private tool for Company business. It is not offered to the public, and it is not intended for personal or consumer use.
1. How this policy fits with your employment
The app supports the working relationship between you and the Company, and we handle the information in it for ordinary business and employment purposes, as described below. Nothing in this policy changes your terms of employment, and where a collective bargaining agreement applies, that agreement governs the terms and conditions of employment. If a question about your information is not answered here, your supervisor or Human Resources can help.
Because the app continues to develop over time, the categories described below may grow as we add features. When we make a change that materially affects how we handle your information, we will update this policy, and where the law requires your consent for a new practice, we will ask for it before that practice begins.
2. Information we collect
We collect only what the app needs to do its job. Depending on your role and the features you use, that may include the following.
Identity and employment details
Your name, clock number, Company email address, and, where provided, your phone number, along with your role and access level (employee, supervisor, guard, or administrator), your division (CHS, HSI, or RMI), department and cost center, crew, shift, position, hire date, and supervisor. It may also include work-related records such as uniform and locker assignment, hard-hat issue date, access-card and gate-card numbers, and your notification preferences.
Account and sign-in information
The email and password managed by the app's sign-in service, the session tokens that keep you signed in, and, if you choose to use them, the basic profile details returned by Google, Microsoft, or Apple when you sign in with one of those providers. We never receive the password for your Google, Microsoft, or Apple account. If you turn on the optional fingerprint or face unlock offered by your device, that check is performed by your device and the app receives only a confirmation that it succeeded (see Section 4).
Time, attendance, and access activity
Clock-in and clock-out events, badge and RFID scans at the clockhouse and gates (including the scanner, direction, and time), open and closed work sessions, timecards and timesheet entries (hours, pay codes, crew, shift, comments, and unpaid time), supervisor approvals, and call-off, late-arrival, early-departure, and clock-issue reports.
Location information
When you use mobile clock-in, the app checks your device location at the moment you clock in or out to confirm that you are within an authorized clockhouse area. It records whether you were inside that area, and on Android it may note whether the device reports a falsified ("mock") location, which helps prevent time fraud. When you carry out certain equipment inspections or guard rounds, the app may also use your location, together with Bluetooth proximity, to identify the equipment nearest to you (for example, to fill in which machine you are inspecting) and to confirm that you reached a designated inspection point or guard checkpoint. During an active guard round, your location may be checked more than once so the app can verify that each scheduled point was visited. The app uses location for these work tasks and to confirm presence, and it is not designed to track your personal movements when you are not performing a task.
Bluetooth and proximity
The app may detect Bluetooth signals from Company clockhouse scanners, training beacons, or tagged equipment to confirm that you are physically near them. This is used only to verify proximity to Company equipment, not to identify or track other people's devices.
Requests, signatures, and HR submissions
Time-off and schedule-change requests, family and medical leave requests, and pay-in-lieu requests, including the dates, hours, and notes you enter. It also includes the signatures you draw on screen to acknowledge or approve timecards, requests, training records, and inspections, and the attendance-point and paid-time-off balances tied to your record, which may be imported from the Company's payroll or HR system.
Health and safety information
If you take part in safety reporting, the app may collect injury, medical, near-miss, or incident details that you or a supervisor submit. We treat this information as confidential. We use it for workplace safety, for required recordkeeping such as occupational safety logs, and to administer workers' compensation and related matters, and we share it only with the people who need it for those purposes. We do not use it to make unlawful employment decisions.
Inspections, training, and operational content
Training attendance and checklist results, equipment inspection records and equipment status, guard-round results, plant notifications and acknowledgments, and any photographs you capture as part of an inspection or report. Please keep photos focused on the equipment or condition at issue, since an image may incidentally include other people.
Messages and communications
Messages, alerts, and acknowledgments sent through the app, along with your related delivery preferences. If a feature that converts speech to text is offered and you use it, the audio you provide is processed to produce the text you intended to enter.
Device and technical information
Basic device and technical details such as device type, operating system, app version, language, and connection status, along with diagnostic and log information (for example, error logs and request records) that we use to run and secure the app. If you enable notifications, we store a device token used only to deliver them.
3. How we use information
We use the information above for legitimate business and employment purposes. These include signing you in and keeping your account secure; recording time and attendance and confirming on-site presence for mobile clock-in; collecting, reviewing, correcting, and approving timecards and hours, and preparing the data needed to run payroll through the Company's payroll system (see Section 6); administering time-off and schedule requests, attendance points, call-offs, schedules, training, equipment inspections, guard rounds, and access control; using location and Bluetooth proximity to identify nearby equipment, confirm presence at inspection points and checkpoints, and verify that scheduled rounds were completed; sending work-related notifications and messages relevant to your role; supporting workplace safety and required recordkeeping; detecting and preventing fraud, including time-clock spoofing, and protecting the safety and security of people, equipment, and facilities; and operating, troubleshooting, securing, and improving the app.
We do not use app information for advertising, and we do not sell it. We do not use it to make decisions about you that produce legal or similarly significant effects through automated means alone, without human review.
4. Biometric information and device unlock
The app does not use facial recognition, fingerprints, or any other biometric method to record time or attendance, and the Company does not collect, capture, or store any biometric identifier or biometric information as defined by the Illinois Biometric Information Privacy Act (740 ILCS 14, "BIPA"). Drawn signatures, badge and RFID cards, location, and Bluetooth proximity are not biometric identifiers under that law.
If you choose to enable fingerprint or face unlock to open the app, that feature is provided by your device's operating system, such as Touch ID or Face ID on Apple devices or the equivalent on Android. Your fingerprint and facial data stay on your device. They are never sent to, seen by, or stored by the app or the Company, and the app learns only whether the unlock succeeded. You can turn this option off at any time and continue to sign in with your email and password.
5. The app as a workplace system
The app is a Company system provided for work. We rely on our legitimate interest in administering employment, operating our facilities safely, keeping accurate time and pay records, and meeting our legal obligations, and, where it applies, on your consent, for example when you grant the device permissions for location, Bluetooth, camera, and notifications. To the extent the law allows, the Company may monitor and record activity in the app for security, integrity, safety, and operational reasons. You should not expect your use of the app to be private beyond what this policy describes and what the law requires.
6. How we share information
Payroll
The Company runs payroll through a third-party workforce system (currently UKG). The app does not calculate net pay, withhold or file taxes, or move money, and it does not collect bank-account numbers, routing numbers, or Social Security numbers for payroll. Instead, the app gathers approved hours, pay codes, cost centers, and related time data and provides that information to authorized payroll staff, who enter or import it into the payroll system. Once that data reaches the payroll system, it is handled under that provider's terms and the Company's payroll and HR practices rather than this policy.
Service providers
We use a small number of vendors to host and operate the app under contracts that limit them to providing services to us. These currently include, or may include, the following: Cloudflare, for secure network routing and delivery between the app and our server; Google, for Google sign-in and, during the transition away from the Company's legacy tools, Google Workspace (Sheets, Drive, and Apps Script) that still hold certain HR, timesheet, inspection, and reporting data; Microsoft and Apple, for optional single sign-on; the Google and Apple push-notification services and a third-party text-message provider, for delivering notifications; and UKG, the Company's payroll system, as described above.
Within the Company
Authorized Company personnel such as supervisors, HR, payroll, safety, and IT staff can see information on a need-to-know basis according to their role, and information may be shared among CHS, HSI, and RMI as needed to run shared workforce operations.
Legal, safety, and business changes
We may disclose information when we believe in good faith that it is necessary to comply with the law or legal process, to enforce Company policies or the Terms of Service, to respond to a safety or security situation, or in connection with a business transaction such as a merger, acquisition, or reorganization.
No sale of personal information
We do not sell, rent, or trade your personal information, and we do not share it for advertising.
7. Notifications, email, and text messages
The app may send you work-related messages through in-app alerts, push notifications, email, and, where enabled, text messages (SMS or MMS), such as approvals, schedule and clock-in notices, plant alerts, training check-ins, and reminders. These are operational messages, not marketing. You can control push notifications through your device settings and your in-app preferences. If text messaging is used, standard message and data rates may apply, and you can opt out of texts by replying STOP. Because some messages carry time-sensitive work information, opting out of a channel may delay your receipt of that information, and the Company may reach you another way.
8. How long we keep information
We keep information for as long as it is needed for the purposes in this policy and for as long as our recordkeeping obligations and the law require. As examples, raw access and scan logs are purged automatically on a regular schedule (currently about every 90 days), while open work sessions are kept until they are closed, and timecard, payroll-input, time-off, training, inspection, and safety records are kept for the periods required by wage-and-hour, tax, safety, and other applicable laws and by Company policy. When information is no longer needed, we delete it or remove the details that identify you.
9. How we protect information
The Company maintains administrative, technical, and physical safeguards designed to protect the information in the app. These include encrypted connections between the app and our server, sign-in tokens that expire and that sign you out when access is withdrawn, role-based permissions that limit what each person can see, secure storage of credentials on your device, a self-hosted database with restricted access, and logging and monitoring. No system can be perfectly secure, so you also play a part by protecting your credentials and your device, as described in the Terms of Service.
10. Your choices and rights
You can review much of your information directly in the app, and you can ask your supervisor or HR to access or correct your records. You control the device permissions the app uses, such as location, Bluetooth, camera, and notifications, through your device settings, although some features, for example mobile clock-in, badge or QR scanning, inspection photos, and proximity or checkpoint verification, will not work without the related permission. Your access to the app is tied to your employment or engagement and may be suspended or removed when it ends. The Company operates in Illinois and follows Illinois law, including the Personal Information Protection Act (815 ILCS 530) and BIPA. If you work in a state that gives employees additional privacy or data-access rights, we will honor those rights as the law requires, and you can contact us using Section 14 to make a request. You may also ask us to delete your CHS Mobile App account and associated personal data by using the data deletion request on our website or by emailing davez@chs.com; we will delete what we can and explain anything we must keep to meet a legal or recordkeeping obligation.
11. Children
The app is intended only for the Company's workforce and authorized contractors, who are adults. It is not directed to children, and we do not knowingly collect information from anyone under 18 through the app.
12. Where information is processed
Information in the app is stored and processed in the United States, on Company-controlled infrastructure and with the service providers listed in Section 6. It is not intended to be processed outside the United States.
13. Changes to this policy
We may update this policy from time to time. When we do, we will revise the date shown at the top and, for significant changes, provide notice through the app or by another reasonable method. Where the law requires your consent before a new use of your information begins, we will obtain it first. Your continued use of the app after an update takes effect means you are aware of the current policy, to the extent the law allows.
14. How to contact us
For questions about the CHS Mobile App itself, such as how a feature works or a technical problem, contact David Zapata at davez@chs.com. For questions about this policy or your information that are not specific to the app, or to make a request about your information, contact the Company through chs.com or your Human Resources representative.
Back to top