Last updated December 17th, 2024.
Expo is committed to protecting the privacy and security of the information we collect and to being transparent about the ways in which we collect and process your information. This statement (the “Privacy Policy”) sets forth our policies and practices for handling the information we collect from or about you. It applies to the websites and online services that we operate and that link to this Privacy Policy (the “Services”).
We collect the following categories of information when you use our Services (including when our mobile applications run on your device):
We also receive the categories of information described above from other sources, including from users of our Services and third-party services and organizations. For example, if you access any social media or similar services through the Services to login or to share information about your experience on our Services with others, we may collect information from these third-party services. Without this information, we are not able to provide you with all the requested services, and any differences in services are related to your information. We may aggregate or de-identify the information described above. Aggregated or de-identified data is not subject to this Privacy Policy.
We use and otherwise process each of the categories of information identified above for the following business purposes:
Purpose/Activity | EEA/UK Lawful Basis for Processing, Including Basis of Legitimate Interest |
---|---|
To provide you with the products, services, and information that you request from us; to manage accounts, including identification and authentication; and to manage our relationship with you, including contacting you and notifying you about changes to our terms or privacy policy. | (a) Performance of a contract with you (b) Necessity to comply with a legal obligation (c) Necessity for our legitimate interests (for example, to keep our records updated). |
To improve our Services and to ensure that content is presented in the most relevant and effective manner for you and for your device; to administer our Services, including troubleshooting, data analytics, testing, research, statistical and survey purposes; to keep our Services, business and users safe and secure; to comply with applicable laws and regulations; and to protect or exercise our legal rights or defend against legal claims. | (a) Necessity to comply with a legal obligation (b) Necessity for our legitimate interests (for running and protecting our business; for provision of administration and IT services; for network security and to prevent cybercrime and fraud; to study how people use our Services, to develop the Services, to keep our Services updated and relevant, to grow our business and to inform our communications strategy). |
Where legally required and we have no other valid legal basis to process your information, we will obtain consent, which may subsequently be withdrawn at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing based on consent before it is withdrawn.
Where we need to collect information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may cancel a product or service you have with us.
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
If you access third-party services -- such as social media services -- through the Services, these third-party services may be able to collect information about you, including information about your activity on the Services, and they may notify your connections on the third-party services about your use of the Site, in accordance with their own privacy policies.
If you choose to engage in public activities on the Services, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
Expo does not sell your information to third parties. Expo does permit third parties to collect the information described above through our Service and discloses such information with third parties for business purposes as described in this Privacy Policy. The information practices of these third parties are not covered by this Privacy Policy.
When you use our Services, we use cookies. A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's hard drive.
These are used on our Services:
Please read the next Section (“Your Rights and Choices”) for information on how to manage cookies.
Although Expo owns the code, databases, and all rights to the Expo platform and services, you retain all rights to your data, you may be entitled, in accordance with applicable law, to request access to, rectification, erasure, and portability of your information or more information about our information practices.
Information Access: Questions related to access, rectification, and portability of your information should be directed to us via our contact form. This form needs to be submitted while logged in to your account for us to verify your identity. If we cannot reasonably verify your identity, we will not be able to comply with your request(s).
Information Erasure: To fully erase your information from our databases, you will need to log in to your Expo account and delete your account. We require you to log in because we cannot otherwise reasonably authenticate a deletion request. You must login with as many login factors (e.g., passwords, one-time codes, recovery codes) as required by the account. Additional security measures enabled by the user, including two-factor authentication, cannot be bypassed for account deletion or for any other purpose. Account deletions include any and all past and active work associated with the account, and are irreversible.
Where required by law, we will present you with a cookie banner the first time you visit our website that explains what type of cookies we use and which asks your consent for some of the cookies. You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section).
If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting cookies may in some cases cancel the opt-out selection in your browser.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on the Service may change or no longer be available to you. Any difference in the Services are related to the value provided.
We may transfer and store your information on servers located outside your resident jurisdiction. To the extent you are a resident of a country other than the United States, you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.
Some of the entities (such as third-party vendors) to which we disclose information may be located outside of the EEA or UK, including in countries that might not provide the same level of data protection or redress means as your home country. We take appropriate steps to ensure that such personnel and third-party vendors are bound to duties of confidentiality, and the Company implements measures such as standard data protection contractual clauses to ensure that any transferred information remains protected and secure. A copy of these clauses can be obtained by contacting us via our contact form. Where we need to transfer your data to provide you a Service, we may rely on the derogation “transfer necessary for the performance of a contract”, as permitted by law.
Data Privacy Framework: Expo complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework”) regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States. We have self-certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. Data Privacy Framework Principles, and the Swiss-U.S. Data Privacy Framework Principles. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.
To learn more about the Data Privacy Framework program and to view Expo's certification, please see the Data Privacy Framework website.
Pursuant to the Data Privacy Framework, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States, and the right to access that data. EU and Swiss individuals who seek access, or who seek to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Framework should direct their query to us via our contact form.
If we have received your personal information in the United States and subsequently transfer that information to a third party acting as our agent and such a third party agent processes your personal information in a manner inconsistent with the Data Privacy Framework Principles, we will remain liable unless we prove we are not responsible for the event giving rise to the damage.
In compliance with the Data Privacy Framework Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States persuant to the Data Privacy Framework. EU, UK, and Swiss individuals with Data Privacy Framework inquiries or complaints should first contact us via our contact form. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, we commit to cooperating with the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and to comply with the advice given by them in respect of the compliant.
Under certain conditions as described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). We may be required to disclose information about you under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Privacy Shield: The EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework supersede the former EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks. Before the introduction of the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework, Expo previously complied with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom to the United States in reliance on Privacy Shield. Expo will continue to protect personal information from the EEA or the UK according to the standards of the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and applicable EU law where personal information has already been transferred to the U.S. on the basis of the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield prior to their being replaced.
We do not knowingly collect or sell any information from children, as defined by applicable law, without parental consent or as otherwise permitted by applicable law. The website is not directed at children.
Information will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws. We maintain reasonable security measures to safeguard information from loss, theft interference, misuse, unauthorized access, disclosure, alteration, or destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information. You can see a list of services we use here.
Information will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws.
We maintain reasonable security measures to safeguard information from loss, theft interference, misuse, unauthorized access, disclosure, alteration, or destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
Expo may periodically update this policy. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.
Any questions about this Privacy Policy or our practices should be sent to us via our contact form.