Last updated June 22nd, 2022.
We collect the following categories of information when you use our Services (including when our mobile applications run on your device):
We use and otherwise process each of the categories of information identified above for the following business purposes:
|EEA/UK Lawful Basis for Processing, Including Basis of Legitimate Interest
|(a) Performance of a contract with you
(b) Necessity to comply with a legal obligation
(c) Necessity for our legitimate interests (for example, to keep our records updated).
|To improve our Services and to ensure that content is presented in the most relevant and effective manner for you and for your device; to administer our Services, including troubleshooting, data analytics, testing, research, statistical and survey purposes; to keep our Services, business and users safe and secure; to comply with applicable laws and regulations; and to protect or exercise our legal rights or defend against legal claims.
|(a) Necessity to comply with a legal obligation
(b) Necessity for our legitimate interests (for running and protecting our business; for provision of administration and IT services; for network security and to prevent cybercrime and fraud; to study how people use our Services, to develop the Services, to keep our Services updated and relevant, to grow our business and to inform our communications strategy).
Where legally required and we have no other valid legal basis to process your information, we will obtain consent, which may subsequently be withdrawn at any time by contacting us. Withdrawing consent does not affect the lawfulness of processing based on consent before it is withdrawn.
Where we need to collect information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may cancel a product or service you have with us.
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
If you access third-party services -- such as social media services -- through the Services, these third-party services may be able to collect information about you, including information about your activity on the Services, and they may notify your connections on the third-party services about your use of the Site, in accordance with their own privacy policies.
If you choose to engage in public activities on the Services, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
These are used on our Services:
Please read the next Section (“Your Rights and Choices”) for information on how to manage cookies.
Although Expo owns the code, databases, and all rights to the Expo platform and services, you retain all rights to your data, you may be entitled, in accordance with applicable law, to request access to, rectification, erasure, and portability of your information or more information about our information practices.
Information Access: Questions related to access, rectification, and portability of your information should be directed to us via our contact form. This form needs to be submitted while logged in to your account for us to verify your identity. If we cannot reasonably verify your identity, we will not be able to comply with your request(s).
Information Erasure: To fully erase your information from our databases, you will need to log in to your Expo account and delete your account. We require you to log in because we cannot otherwise reasonably authenticate a deletion request. Account deletions include any and all past and active work associated with the account, and are irreversible.
Where required by law, we will present you with a cookie banner the first time you visit our website that explains what type of cookies we use and which asks your consent for some of the cookies. You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section).
If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you and any differences in service are related to the data. Deleting cookies may in some cases cancel the opt-out selection in your browser.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on the Service may change or no longer be available to you. Any difference in the Services are related to the value provided.
Some of the entities (such as third-party vendors) to which we disclose information may be located outside of the EEA or UK, including in countries that might not provide the same level of data protection or redress means as your home country. We take appropriate steps to ensure that such personnel and third-party vendors are bound to duties of confidentiality, and the Company implements measures such as standard data protection contractual clauses to ensure that any transferred information remains protected and secure. A copy of these clauses can be obtained by contacting us via our contact form. Where we need to transfer your data to provide you a Service, we may rely on the derogation “transfer necessary for the performance of a contract”, as permitted by law.
Privacy Shield: Expo complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom to the United States in reliance on Privacy Shield. Although the EU-U.S. Privacy Shield has been ruled invalid for the transfer of personal data, we will continue to protect personal information from the EEA or the UK according to the standards of the Privacy Shield and applicable EU law where personal information has already been transferred to the U.S. on the basis of the EU-U.S. Privacy Shield prior to being held invalid. Expo commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland. Expo is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Expo is responsible for the processing of Personal Information it receives or subsequently transfers to a third party acting as an agent on its behalf. Expo complies with applicable data protection law, including Privacy Shield Principles for all onward transfers of Personal Information from the EU, EEA and Switzerland, including the onward transfer liability provisions in the Privacy Shield Principles. It is possible that under certain conditions, the individual can invoke binding arbitration. Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States, and the right to access that data. EU and Swiss individuals who seek access, or who seek to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, or have a question or complaint related to Expo's participation in the EU-U.S. Privacy Shield should direct their query to us via our contact form. For any complaints related to the Privacy Shield Frameworks that Expo cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority established panel for resolving disputes with EU individuals. Please contact us if you’d like us to direct you to your data protection authority contacts. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.
We do not knowingly collect or sell any information from children, as defined by applicable law, without parental consent or as otherwise permitted by applicable law. The website is not directed at children.
Information will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws. We maintain reasonable security measures to safeguard information from loss, theft interference, misuse, unauthorized access, disclosure, alteration, or destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information. You can see a list of services we use here.
Information will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws.
We maintain reasonable security measures to safeguard information from loss, theft interference, misuse, unauthorized access, disclosure, alteration, or destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.