Expio LLC/ S-Corp (“Company”) respect your privacy and are committed to protecting it through our compliance with this policy and any applicable laws when you use the website at www.expioconsulting.com and any related website or domain operated by Expio (the “Sites”), or any Services (defined in the next paragraph) accessed from any Sites, or both of the Sites and Services.
Expio offers various services (the “Services”) to provide businesses and individuals access to a rich collection of resources related to search engine optimization and inbound marketing, including without limitation search engine optimization tools, link analysis tools, downloadable toolbars, application program interfaces (“APIs”), site profile services, search analytics, blogs, user-generated content, personalized content, and industry surveys and opinion polls.
This policy applies to information we collect:
On the Sites.
Under GDPR, this policy also applies to Personal Data to the extent that you as a Data Subject under GDPR provide that Personal Data to or it is collected from you on the websites of certain Expio partners who provide a service registering you for Expio events such as ExpioCon (e.g. Eventbrite or Bizzabo) and those partners in their capacity as Data Controllers share any event attendee/participant Personal Data with Expio.
In email, text, and other electronic messages between you and the Sites.
Through mobile and desktop applications you download from the Sites or in connection with the Services, which provide dedicated non-browser-based interaction between you and the Sites.
From third parties, whether they are partners or vendors.
Children Under the Age of 13
Our Sites are not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Sites. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Sites or on or through any of its features/register on the Sites, make any purchases through the Sites, use any of the interactive or public comment features of the Sites, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
GDPR Lawful Bases for Processing Personal Data of Data Subjects
In order to perform pursuant to one or more legal agreements (contracts) with you,
With your consent, and
Pursuant to a Legitimate Interest, in which Expio considers the purpose it has for Processing your Personal Data, whether the Processing is necessary for that Purpose, and whether your own personal interests as a Data Subject outweigh Expio’s purpose in Processing your Personal Data.
(As a reminder, if you are not a Data Subject providing your Personal Data to Expio from within the European Union, GDPR does not apply to you.)
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Sites and Services, including information:
By which you may be personally identified, such as name, postal address, email address, or telephone number (“personal information”);
That is about you but individually does not identify you, such as your company name and job title; and/or
About your Internet connection, the equipment you use to access our Sites, and usage details.
(Under GDPR, Expio collects Personal Data from Data Subjects from within the EU, and Personal Data is considered to be broader and to include more categories of information than how we generally refer to “personal information” in this policy. We will be specific when we are discussing GDPR and activities we undertake related to Personal Data under GDPR.)
We collect this information:
Directly from you when you provide it to us.
Automatically as you navigate through the site using cookies and other tracking technologies defined and discussed with more detail below. Information collected automatically may include usage details, email address, IP addresses, and information collected through cookies and other tracking technologies.
From third parties, for example, our business partners and third-party service providers who we believe in good faith are providing or sharing with us data in compliance with applicable laws or with whom you have authorized either these third parties or us or both to collect and use the data.
Information You Provide to Us
The information we collect on or through our Sites or Services may include:
Information that you provide by filling in forms on our Sites. This includes without limitation information provided at the time of subscribing to the Services, and when you report a problem with our Sites.
Records and copies of your correspondence (including email addresses), if you contact us.
Your responses to surveys that we might ask you to complete for research purposes.
Details of transactions you carry out through our Sites and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Sites.
Your search queries on the Sites.
Information you enter into our Sites about your marketing activities so that we can provide Services to you.
You also may provide information to be published, displayed, or transmitted (hereinafter “posted”) on public areas of the Sites, or transmitted to other users of the Sites or third parties (collectively, “Interactive Content”). Your Interactive Content is posted on and transmitted to others at your own risk; we cannot control the actions of other users of the Sites with whom you may choose to share your Interactive Content. Therefore, we cannot and do not guarantee that Interactive Content will not be viewed by unauthorized persons.
Usage Details, IP Addresses, Cookies, and Other Technologies
As you navigate through and interact with our Sites and Services, we may automatically collect certain information about your equipment, browsing actions, and patterns, including without limitation:
Details of your visits to our Sites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Sites.
Information about your computer and Internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and does not identify any individual*. It helps us to improve our Sites and Services and to deliver better and more personalized future services by enabling us to do things such as:
Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Sites according to your individual interests.
Speed up user searches.
Recognize you when you return to our Sites.
Provide better services in the future.
(*The information referred to above may still constitute Personal Data under GDPR even though more generally Expio does not try to identify any individuals beyond recognizing them when they return to the Sites in order to provide and/or to enhance the experience described in ii. to v. above; however, to the extent this information is not anonymized or pseudonymized to the extent that it no longer qualifies as Personal Data, Expio will comply with GDPR with respect to Processing any such Personal Data.)
The technologies we use for this automatic data collection may include:
Flash cookies. Certain features of our Sites may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Sites. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
Web beacons. Pages of our the Sites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us. However, to the extent the information we collect by automatic means constitutes Personal Data under GDPR either before or after we collect it, our processing of that Personal Data will comply with GDPR.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
To present our Sites and their content to you.
To provide you with information, products, or services that you request from us.
To fulfill any other purpose for which you provide it.
To provide you with notices about your subscriptions to the Services, including expiration and renewal notices.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
To notify you about changes to our Sites or any products or services we offer or provide though it.
To allow you to participate in interactive features on our Sites.
In any other way we may describe when you provide the information.
For any other purpose with your consent.
We never sell your personal information or provide it to others for their own and exclusive marketing purposes.
Disclosure of Your Information
We may collect and disclose anonymous and aggregated information about our users and subscribers, and other information that does not identify any individual without restriction for the purposes of product research, to improve our Services and for other commercial purposes.
We share your personal information with trusted third parties who are our technology suppliers and partners where we have agreements to provide services with or in conjunction with Expio Services that our marketing research indicates you have sought if not actually requested, such as Google Analytics, worldwide business location map and other location-specific software as a service offerings, and reliable keyword data services for SEO. Expio is committed to working with suppliers and partners who comply with similar and equally protective undertakings of privacy and confidentiality.
We share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems, research and mailing houses and function coordinators, including software systems for customer relationship management (customer relationship management/sales force automation, e.g. Salesforce.com), customer service and support solutions (e.g. Intercom), email campaign marketing (e.g. Marketo and HubSpot). These third parties comply with similar and equally protective undertakings of privacy and confidentiality.
We do not currently have very limited affiliated companies. However, as we grow our business, we will likely share your personal information with our other affiliated (“Group”) companies for internal reasons, primarily for business and operational purposes. As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity. Also, should any bankruptcy or reorganization proceeding ever be brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be sold or transferred to third parties.
To fulfill the purpose for which you provide it. For example, if you give us an email address to use the “email a friend” feature of our Sites, we will transmit the contents of that email and your email address to the recipients.
For any other purpose disclosed by us when you provide the information.
With your consent.
When we share Personal Data under GDPR with our partners, we will do so pursuant to GDPR appropriate Data Processing Addendum or Data Sharing Agreements as appropriate given the nature of the parties’ respective roles under GDPR (i.e. Data Controllers to Data Processors versus co-Data Controllers).
We may also disclose your personal information:
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Expio, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us.
For those users of our Services and Sites Outside of the European Union and for which GDPR does not apply, we have created the following mechanisms and practice to provide you with the following control over your information:
Promotional offers from the company. If you do not wish to have your contact information used by the Company to promote our own or third parties’ products or services, as an account holder or subscriber at any other time you can make changes by logging into the Sites and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes. For forms on which we collect information or data from non-account holders, we will switch our practice to the extent applicable law requires (e.g. GDPR) so that by default you are opted-out and can opt-in only by checking the relevant box located on the form on which we collect your information or data. If you find that you are receiving communications that you do not believe you have provided consent, please contact us. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience, or other transactions.
Accessing and Correcting Your Information
You can review and change some of your personal information by logging into the Sites and visiting your account profile page.
You may contact us to request access to, correct, or delete any personal information that you have provided to us. In some cases, we cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
GDPR Process for Exercising Data Subject’s Rights in Personal Data
For those users of our Services and Sites from within the European Union and for which GDPR applies, we have created the following mechanisms and practices to provide you with the following control over your personal information that comprises GDPR Personal Data:
What are your rights?
By law, if any of your personal information/Personal Data provided to Expio is subject to GDPR in the European Union, you have a number of rights when it comes to your personal information/Personal Data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
IMPORTANT: When you contact Expio to exercise your rights described below, it is very important for security verification and other purposes that you use any email address that you know is associated with the personal information/Personal Data about which you are contacting Expio.
1. The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
HOW TO EXERCISE YOUR RIGHT: If you want to object to certain types of processing, please contact us providing specific and detailed information regarding your objection and requested action.
2. The right to be informed
and please be specific and detailed about your questions and Expio will promptly address those questions.
3. The right of access
This is so you are aware and can check that we are using your information in accordance with GDPR or any other applicable data protection laws.
HOW TO EXERCISE YOUR RIGHT: If you have questions specific to your personal information/Personal Data and how Expio is using it in accordance with GDPR or other applicable laws, please direct your communication to email@example.com and please be specific and detailed about your questions and Expio will promptly address those questions.
4. The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
HOW TO EXERCISE YOUR RIGHT: If you believe your personal information/Personal Data processed by Expio is incorrect and needs to be updated or otherwise corrected, please check your settings with respect to your account, and if you still believe your Personal Data is inaccurate, direct your communication to firstname.lastname@example.org
5. The right to erasure
This is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your personal information/Personal Data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
HOW TO EXERCISE YOUR RIGHT: If you no longer want Expio to have and process your personal information/Personal Data, please direct your communication to email@example.com
(NOTE: Consistent with GDPR, Expio may retain a trivial amount of information to keep a record of its compliance with your request.)
6. The right to restrict processing
You have rights to “block” or suppress further use of your personal information/Personal Data that Expio processes. When processing is restricted, we can still store your personal information/Personal Data, but may not use it further. We keep lists of people who have asked for further use of their information to be “blocked” to make sure the restriction is respected in future.
For clarity, if you do make these requests, it does not mean that anything we have done with your personal information/Personal Data with your consent up to that point is unlawful.
HOW TO EXERCISE YOUR RIGHT: If you no longer want to restrict Expio from processing your personal information/Personal Data, please direct your communication to firstname.lastname@example.org
7. The right to data portability
You have rights to obtain and reuse your personal information/Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider of services like the Services from Expio that you subscribed to, this enables you to move, copy, or transfer your personal information/Personal Data easily between our IT systems and theirs safely and securely, without affecting its usability.
HOW TO EXERCISE YOUR RIGHT: If you want Expio to export your personal information/Personal Data for portability, please direct your communication to email@example.com
(NOTE: Expio will retain and continue to process your personal information/Personal Data unless you also request to be forgotten or request restricted or blocked processing.)
8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information/Personal Data with your national data protection regulator. However, we hope you will contact Expio first so Expio can try to address your complaint directly.
HOW TO EXERCISE YOUR RIGHT: If you want to lodge a complaint with Expio, please direct your communication to firstname.lastname@example.org
9. The right to withdraw consent
If you have given your consent to anything we do with your personal information/Personal Data, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your personal information/Personal Data for marketing purposes.
HOW TO EXERCISE YOUR RIGHT: If you want Expio to withdraw your consent to process your personal information/Personal Data, please direct your communication to email@example.com
We usually act on requests and provide personal information/Personal Data free of charge, but may charge a reasonable fee to cover our administrative costs of providing the personal information/Personal Data for:
Baseless or excessive/repeated requests, or
Further copies of the same personal information/Personal Data.Alternatively, we also may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
Most importantly, PLEASE UNDERSTAND that if you are a paid/unpaid subscriber to a Expio Service, many types of personal information/Personal Data are necessary for Expio to maintain and continue your account, along with the subscription to any Services which that personal information/Personal Data is associated. If the personal information/Personal Data can no longer be used by Expio for that purpose, it may necessitate terminating the account and/or subscription (without any refund) and discontinuing access to and the use of the Service and/or Sites to which the personal information/Personal Data is associated. We will use reasonable efforts to advise you of any such adverse consequences of restricting or removing our ability to maintain accounts and subscriptions by requests related to Personal Data, e.g. removal, restriction, blocking, etc.
Expio’s Retention of Personal Data Under GDPR and Other Applicable Laws
We only retain your personal information/Personal Data for as long as is necessary for us to use your information as described above or to comply with our legal obligations and legitimate interests. Please be advised that this means that we may retain some of your personal information/Personal Data after you cease to use our Services. For instance, we may retain your data as necessary to meet our legal obligations, such as for tax and accounting purposes.
When determining the relevant period in which we retain or establish/revise periods for retaining personal information/Personal Data, we will take the following factors into account:
Our contractual obligations and rights in relation to the information involved;
Legal obligation(s) under applicable law to retain data for a certain period of time or with respect to pending or anticipated legal actions;
Our legitimate interest where we weigh your interest in controlling your Personal Data and against our lawful purpose in processing your Personal Data;
Statutes of limitations under applicable law(s);
If you have made a request to have your information deleted; and
Guidelines issued by relevant data protection authorities.
Otherwise, pursuant to GDPR, we will securely erase your personal information/Personal Data once there is no lawful basis or legal obligation to store or process it.
Your Rights Under California Privacy Statutes
California Civil Code Section § 1798.83 permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Sites like message boards. The information you share in public areas may be viewed by any user of the Sites.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Sites or via our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or via the Services.
Updated May 25, 2018