Last updated: November 1, 2021
These updates include:
We explain that we may need to ask for additional personal information to authenticate certain online payments.
We made revisions for clarity around how we use the information we collect from you.
We explain how we may share your information with third-party service providers, including electronic payment vendors.
Effective Date: November 1, 2021
“Personal data” is information relating to an identified or identifiable natural person.
1. Personal data that is processed when you communicate with EXPOMA: When you interact with us via email, telephone, or online (e.g., when you send us an email inquiry, provide us with feedback on our services, register and post in our forums, submit support requests, and comment on blog posts), we collect personal data, including your name, organization name, phone number and email address; and information about the EXPOMA services you have purchased. We also may create event logs that are useful in diagnosing product or app performance-related issues, and capture information relating to the support or service issue. To improve customer service, subject to applicable laws, we may also record and review your conversations with us, and analyze any feedback provided to us through voluntary surveys concerning our customer service. We may log in to your EXPOMA account, if appropriate, to help troubleshoot and resolve your issue.
Purposes and Legal Grounds:
We use this information to provide you with support, to respond to inquiries, and to monitor and improve the quality and types of services and support we provide. The legal ground for processing this information for these purposes is EXPOMA’s legitimate interest in providing quality services and support, including product and service support, such as troubleshooting support, to our customers and Site users.
2. Personal data that is processed when you create an account through the Sites or seek access to a EXPOMA product or service (e.g., when a customer registers for a 30-day trial with EXPOMA): When you conduct any of these activities, we request that you provide personal data, including your name, organization name, phone number, address, and email address.
Purposes and Legal Grounds:
Account Access. EXPOMA processes your email address and password when you use your email address and your password for the purpose of enabling you to register for and log in to your EXPOMA account. We use this information to identify and authenticate your identity so that you may be provided with access to your EXPOMA Site. The legal ground for processing your email address for this purpose is EXPOMA’s legitimate interest in protecting the security of your EXPOMA account and enabling you to access our services.
Account Information. EXPOMA also processes your contact information for the purpose of sending you information about your EXPOMA services or account. The name you provide is associated with your account profile. The legal ground for processing your contact information for these purposes is EXPOMA’s legitimate interest in providing you information about your EXPOMA services or account.
Requested Information. If you choose to sign up for our newsletter or any other communication from us, we will use your contact information for purposes of sending you the information you have requested. The legal ground for processing your contact information for this purpose is EXPOMA’s legitimate interest in providing you with the information you have requested.
Marketing Purposes. EXPOMA and, where permissible, certain third-party service providers may use your email address and other contact information for the purpose of sending you electronic marketing communications.
The legal ground for processing your email address and other contact information for this purpose is our legitimate interest and the legitimate interests of our parent company and our third-party service providers in sending electronic marketing communications to current and potential customers concerning products and services.
If you decide that you no longer wish to receive electronic marketing communications from EXPOMA, you will have the opportunity to opt out from receiving electronic marketing communications from EXPOMA at any time by clicking the preferences or unsubscribe link provided at the bottom of our marketing emails.
The electronic marketing communications you receive from EXPOMA may be based on information that you provide to us when you sign up for a EXPOMA account (e.g., the city/state/country in which you are located and the type of organization in which you are involved). The legal ground for processing your personal data for this purpose is EXPOMA’s legitimate interest in providing its customers with information they have requested and with electronic marketing communications that are likely to be of interest to them.
Purposes and Legal Grounds:
Payment Processing. When you pay for services via credit card, debit card, check, or ACH payment, EXPOMA will transfer your payment data (e.g., payment card data, bank name, ABA/Routing number, bank account number, account type, account holder name) and billing details, including recurring payment schedule if applicable, to third-party electronic payment vendors (also known as payment gateways) that process electronic payment data so that you may pay for such services. For all such payments, EXPOMA only transfers payment data through protected servers and does not store any payment data. If you authorize recurring payments or non-recurring future payments, your payment data and billing details will be saved by our third-party electronic payment vendors. The legal ground for processing payment data is that such processing in order to effect payment is necessary for the performance of contracts between EXPOMA and our customers and between our customers and their members and contacts.
Payment Authentication. To help reduce the risk of fraud and provide added security to online payments through the adoption of 3D Secure 2.0, the industry standard approach, which also complies with Strong Customer Authentication (SCA) requirements in the European Union, EXPOMA or EXPOMA’s electronic payment vendors may collect additional personal data to authenticate certain online payments. For example, we may need to collect something you know (e.g., password, security question, PIN); something you have (e.g., code sent to your mobile phone or hardware token); and/or something that is unique to you (e.g., fingerprint, facial recognition). If EXPOMA collects such personal data from you, we may transfer the data to our third-party electronic payment vendors who may also partner with third-party service providers to process such personal data. The legal ground for processing this data for this purpose is EXPOMA’s legitimate interest in adopting an industry standard approach to reduce the risk of fraud and protect the security of your payments.
4. Personal data that is processed when you provide feedback and other information in our forums: If you provide comments, suggestions, feedback, or other information in one of our forums, we will collect any personal information contained in any content you provide. Please keep in mind that whenever you voluntarily disclose personal data online in a forum accessible by others, that personal data can be collected and used by others. If you post personal data online that is accessible to the public, you may receive unsolicited messages from other parties in return. Please exercise caution whenever you post information online.
Purposes and Legal Grounds: EXPOMA processes your comments, suggestions, feedback, and other information for the purpose of providing our customers with the opportunity share such content with other customers. The legal ground for processing this information for this purpose is EXPOMA’s legitimate interest in enabling our customers to provide comments, suggestions, feedback, and other information they desire to share with EXPOMA and other EXPOMA customers.
5. Personal data that is processed when you apply for a position at EXPOMA: If you email us your resumé, cover letter, and LinkedIn profile to apply for an open position at EXPOMA, we may collect a variety of personal data, including your name, mailing address, email address, phone number, work experience, education history, references, information about your applicable degrees, licenses, and certifications, whether you are legally eligible to work in the country to which you are applying, whether you have a valid driver’s license, and your salary expectations.
Purposes and Legal Grounds: EXPOMA processes this information for the purpose of permitting you to be considered for open positions that EXPOMA is seeking to fill. The legal ground for processing this information for this purpose is EXPOMA’s legitimate interest in analyzing resume information in connection with identifying qualified candidates to fill open positions at EXPOMA.
Third-party electronic payment vendors. We use third-party electronic payment vendors to process payment card data of our customer’s and our customer’s contacts, as well as other personal data required to authenticate certain online payments when products and services are purchased using credit or debit cards. Additionally, when a EXPOMA customer applies to utilize the payment services of our electronic payment vendor, we will share a summary of such customer’s transaction history, as well as certain customer personal data (e.g., name, SSN number, driver’s license number) with our electronic payment vendor, who may use the information for purposes of account verification and, where permissible, to market its payment processor services to our customer.
Governmental entities and third parties: We may disclose personal data about you to governmental entities, such as regulatory agencies, law enforcement and judicial authorities, including to meet national security or law enforcement requirements, as well as other third parties under any of the following conditions: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, search warrant, legal process or other legal obligation; (c) to enforce any of our terms and conditions or policies; (d) as necessary in the case of emergencies or internal security matters; or (e) as necessary to pursue available legal remedies or defend legal claims.
Purposes and Legal Grounds: We use this usage data to facilitate communication between your device and our Sites, store your preferences, authenticate users, detect and prevent fraud (e.g., fraudulent credit card use) and spam, enable certain functions of the Sites, administer and improve our Sites (e.g., troubleshoot geographically localized access problems), and analyze usage of and improve and enhance our Sites.
Cookie Consent: If you are in the EU or another country that requires obtaining your consent before processing your usage data, we process your usage data based on your consent. You may withdraw your consent at any time by contacting EXPOMA via email at email@example.com. Your withdrawal of consent will not apply to data that was processed prior to our receipt of your withdrawal of consent.
Your Control of Cookies: To access EXPOMA Sites as an administrator or a customer contact, you need to enable cookies (which most web browsers do by default). Web browsers allow some control of most cookies through browser settings. Some web browsers (including mobile web browsers) provide settings that allow you to reject cookies or that alert you when a cookie is placed on your computer, tablet, or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device.
Third-Party Cookies: When you visit our Sites, cookies may also be placed on your computer by third-party services that are integrated into the Site you are visiting. For example, third-party cookies are used by Google Analytics for tracking website traffic. We use information collected from such third-party services to help us better understand how users find and use our Sites, enhance our Sites and services, and better understand and improve users’ experience.
Your personal data may be transferred to and stored on servers at EXPOMA’s hosting provider, Amazon Web Services (AWS), in the United States. The European Commission has recognized Canada (commercial organizations) as providing an adequate level of data protection. The data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. AWS participates in the EU-U.S. Privacy Shield principles and the Swiss-U.S. Privacy Shield principles regarding the collection, use, sharing and retention of personal data from the European Economic Area and Switzerland, as described in the EU-U.S. Privacy Shield certifications and Swiss-U.S. Privacy Shield certifications of AWS. Click here for more information concerning such certifications of AWS.
EXPOMA will retain your personal data for only as long as needed for the purposes for which the personal data is processed and to meet EXPOMA’s legal obligations. See section below under “Your Rights” for additional information pertaining to the right of erasure, as well as other data subject rights.
We implement appropriate technical and organizational measures designed to assist in maintaining the security and confidentiality of personal data; safeguarding against anticipated threats to the confidentiality, integrity and availability of personal data; and protecting your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. Such technical and organizational measures include all applicable security requirements in accordance with the Payment Card Industry Data Security Standard.
However, whenever personal data is processed, there is a risk that such data could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party. No system or online transmission of data is completely secure. In addition to the technical and organizational measures that EXPOMA has in place to protect your personal data, you should use appropriate security measures to protect your personal data. If you believe that your EXPOMA account or any information you provided to us is no longer secure, notify us immediately at firstname.lastname@example.org.
If you reside in the European Union, you have a right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing. “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a data subject, such as when we provide you with a specific type of direct marketing information based on information you provided us when you signed up for a EXPOMA account (e.g., your location or organization type). If you exercise your right to object to processing for direct marketing purposes, including profiling related to direct marketing, EXPOMA will no longer process your personal data for such purposes.
Additionally, if you reside in the European Union, you have a right to object when we process your personal data based on the legitimate interests of EXPOMA or a third party. If you exercise your right to object where our processing or sharing of your personal data is based on legitimate interests that may result in the cancellation of your account. EXPOMA will no longer process or share the personal data covered by your objection unless EXPOMA has compelling legitimate grounds for the processing or sharing that override your objection or that relate to the establishment, exercise or defense of legal claims.
If you live in the European Union and wish to exercise your right to object, please contact EXPOMA by emailing email@example.com or writing to EXPOMA Limited (Attn: Privacy Support), The Black Church, St. Mary’s Place, Dublin 7, Republic of Ireland.
If you reside outside of the European Union, you may have a similar right to object under your local laws. If you do not live in the European Union but you think you have a right to object under your local laws, please contact EXPOMA by emailing firstname.lastname@example.org or writing to EXPOMA Limited (Attn: Privacy Support), The Black Church, St. Mary’s Place, Dublin 7, Republic of Ireland.
If you reside in the European Union, you may also, under certain circumstances specified within the General Data Protection Regulation (GDPR), have the right to request access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, and the right to lodge a complaint with a supervisory authority. If you live in the European Union, and if you wish to exercise any of these rights, please contact EXPOMA by emailing email@example.com or writing to EXPOMA Limited (Attn: Privacy Support), The Black Church, St. Mary’s Place, Dublin 7, Republic of Ireland.
If you reside outside of the European Union, you may have similar rights under your local laws. For example, if you reside in Australia, Canada or New Zealand, you have a right to access and to seek correction of your personal data. If you wish to exercise those rights in those countries or if you live outside the European Union and think you have any data subject rights under your local laws, please contact EXPOMA at firstname.lastname@example.org.
Additionally, if you are a EXPOMA site administrator, you can review and update your personal data or initiate account cancellation by visiting the Account page and taking the desired actions.
If you are a contact of an organization with a EXPOMA site and you think you have a right to erasure under pertinent laws, you can delete your profile, including all your personal data, by contacting your site administrator.
Do Not Track. The California Online Privacy Protection Act (CalOPPA) requires us to let California residents know that EXPOMA does not track its customers over time and across third-party websites and online services (e.g., mobile apps), and therefore does not respond to Do Not Track (DNT) signals. However, some third-party sites and apps may track your browsing activities when they provide you content, which enables them to tailor what they present to you. Third parties may collect personal data relating to your online activities over time and across different websites and apps when you use our Sites.
Request for California Privacy Information. Under California’s “Shine the Light” law, a part of California’s Consumer Records Act, EXPOMA customers who are California residents may request, once per calendar year, information regarding the types of customer information shared by EXPOMA with third parties for their direct marketing purposes, during the previous calendar year, and the identities of those third parties. To request this information, California customers may send an email to email@example.com with “Request for California Privacy Information” in the subject line.
Notice for Minors. Under California’s “Privacy Rights for California Minors in the Digital World,” if you are a California resident under the age of 18, you have the right to remove or request and obtain removal of certain content that you have publicly posted on the EXPOMA website. There may be circumstances under which the law does not require or permit removal even if requested. Additionally, complete or comprehensive removal of content or information posted on the site or app cannot be ensured. If you are a California minor wanting to request removal, please send an email detailing the specific information you would like removed to firstname.lastname@example.org.
If your personal data was collected by and on behalf of EXPOMA (e.g., personal data of a customer collected through our website), then such personal data is controlled by EXPOMA Limited, which is located at The Black Church, St. Mary’s Place, Dublin 7, Republic of Ireland and which you can contact by email at email@example.com. However, if your personal data was collected by or on behalf of a EXPOMA customer, then such personal data is controlled by our customer, with EXPOMA acting as a data processor.
We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Such notice will be provided on the EXPOMA website.