Privacy policy

EXP respects the privacy rights of our clients and employees and has always been committed to protecting all personal information in our possession or control. We have adopted this Privacy Policy to guide how we collect, use and disclose the personal information we require in the course of operating our business. This Privacy Policy applies to all subsidiaries and affiliates of EXP References to “EXP”, “we” or “us” in this Policy include all such subsidiaries and affiliates.

EXP takes the privacy and confidentiality of our clients and employees very seriously. We have developed this Privacy Policy to clearly define our ongoing commitment to protecting privacy rights. EXP’s policy is to, at all times, adhere to the requirements of the law and to be responsive to our clients and employees who expect us to respect their privacy and protect their personal information.

Website Visitors

When a visitor to EXP’s website is required to submit registration information as a prerequisite for accessing any content area of EXP’s website, or to use any of its interactive services, contests or newsgroups or e-Commerce applications, EXP will not share or sell that personal information about our users to any outside agency, advertiser or other third party unless the user was made aware of this possibility prior to submitting their personal information.

Although EXP will use “cookies” to track user patterns on its Web site, EXP will not use cookies to learn the identity of its users, nor will we attempt to track users after they leave the EXP site. Further, cookies will not be used by EXP to gather specific personal information about individual users. EXP will not send unsolicited e-mail to its users, nor will the use of cookies by EXP result in an EXP user receiving unsolicited e-mail from EXP or its advertisers. EXP will not supply e-mail addresses to any third party without having first obtained the consent of a user. EXP tracks user IP addresses for the purposes of systems administration, demographic profiling and traffic logging, but EXP will not use IP addresses to try to identify individual users of the EXP Web site.

Principles of Accountability

1 – We Are Accountable For The Personal Information In Our Possession.

EXP is accountable for all personal information in our possession or control. This includes any personal information that we receive directly (for example, from individual clients and employees), or indirectly (for example, through corporate and government clients). We have established policies and procedures aimed at protecting personal information. We have a Privacy Officer to oversee privacy issues for EXP. We have also educated our employees about our Privacy Policy and their role in protecting personal information.

 2 – EXP will disclose why we are collecting personal information when the information is collected.

Client Information

In most instances, EXP will collect, use or disclose personal information about clients only for the purpose of providing professional services. Each Services Agreement includes an explanation of how confidential information will be handled, what use will be made of it and with whom it may be shared in order to provide professional services.

EXP will also collect and use personal information about clients, and prospective clients for the purpose of sending news and information updates or invitations to events hosted or sponsored by EXP.

Personal Information may also be shared internally in order to allow us to offer services or products that may be of interest to clients.

Employee Information

EXP collects personal information about our employees in order to pay them, comply with laws, provide them with benefits, administer performance management tools, to improve on and manage programs, policies and employee relations and generally to establish, manage or terminate the employment relationship. In certain cases, EXP may also aggregate employee personal information to provide business metrics and evaluate the effectiveness of our HR programs, but this aggregated information will not allow the identification of any individual.

We may also use or disclose employee information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.

We also collect personal information from individuals seeking employment with EXP.

When EXP collects personal information, we will disclose the reasons why we require such information, what use will be made of it and with whom it may be shared. Collection may occur without knowledge or consent as permitted by law, including collection in the course of an investigation.

3 – EXP will not collect, use or disclose personal information without informed consent.

Client Personal Information

 The Terms and Conditions of every EXP professional services engagement are documented in each Services Agreement and Statements of Work. These Terms and Conditions include a discussion about how EXP may use and disclose personal information. By signing the Services Agreement, the client will be providing its consent to the collection, use and disclosure described in the Terms and Conditions.

Employee Information

Forms and applications used to provide human resources-related services will describe the purposes for which their personal information is required and with whom it will be shared.

Employment candidates will also be advised of the purposes for which their personal information is being collected.

EXP clients always have the option not to provide their consent to the collection, use and distribution of their personal information, or to withdraw their consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to continue providing the client with our services.

Where an employee or candidate for employment chooses not to provide us with permission to collect, use or disclose personal information, we may not be able to employ them, continue to employ them or to provide them with benefits.

4 – EXP limits the amount and type of personal information we collect.

EXP will limit the collection of personal information to that which is reasonably required to provide our services or operate our business.

5 – EXP will use and disclose personal information only for the purposes for which we have received consent. We will keep personal information only as long as necessary to accomplish these purposes.

Use of Personal Information

If EXP intends to use personal information for any purpose not previously identified to the individual, we will obtain their prior consent.

However, EXP may use personal information without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, or as otherwise permitted by law including for purposes of an investigation. We may also disclose personal information without consent as permitted or required by applicable federal and state privacy laws, including:

– to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies

– to a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing or carrying out an investigation; or gathering intelligence relating to any federal, state or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or state law

– to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, state, or foreign law, or we suspect the information relates to national security or the conduct of international affairs

Retention of Personal Information

We keep a record of the work performed by EXP employees. This record may include personal information and will be retained until such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. This information is safeguarded against inappropriate access, as discussed in Principle “7” below.

EXP retains personal information about current and past employees in accordance with employment laws and standards. We will destroy human resources and other files containing employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. Certain additional information may be retained to administer and keep former employees informed about our corporate activities. Former employees may request at any time that they not be contacted.

Personal information collected from individuals seeking employment with EXP will be retained by EXP for a period up to 60 months so that EXP may contact the applicant about other positions that may also be of interest. If a candidate is hired, the personal information collected during the application process will be retained in order to establish and manage the employment relationship.

6 – EXP will endeavor to keep accurate the personal information in our possession or control.

In order to provide clients with a professional level of service, the personal information that we collect must be accurate, complete and current. From time to time, clients may be asked to update their personal information. Clients are encouraged to advise their project manager of any changes to their personal information that may be relevant to the services we are providing.

In order to establish and manage the employee relationship, the personal information that we collect must be accurate, complete and current. From time to time, employees may be asked to update their personal information. Employees are encouraged to advise HR of any changes to their personal information.

7 – EXP protects personal information with safeguards appropriate to the sensitivity of the information.

EXP will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices.

Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment.

We are responsible for all personal information transferred to third parties for processing. We require third party processors to respect the confidentiality of personal information and all legal requirements under applicable federal and state privacy legislation, and to agree to contractual requirements that are consistent with this Privacy Policy. These third party processors are prohibited from using personal information, except for the specific purpose(s) for which we supply it to them.

8 – At their request, EXP will advise individuals of what personal information we have in our possession or control about them, what it is being used for, and to whom and why it has been disclosed.

Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their Project Manager.

Employees have the right to review and obtain copies of their personal information on record by contacting Human Resources.

9 – Individuals may challenge EXP’s compliance with this Privacy Policy.

EXP will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.

To challenge compliance with this Policy, individuals should forward their concerns in writing to EXP’s Privacy Officer. The Privacy Officer will ensure that a complete investigation of all complaints has been undertaken and will report their findings to the individual in most instances within 30 days.

10 – Compliance with EU-US Privacy Shield Framework.

EXP complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  EXP has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the PrivacyShield program, and to view our certification, please visit

In compliance with the Privacy Shield Principles, EXP commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Private Shield policy should first contact EXP Privacy Officer at +1-732-626-3700.

EXP has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint.  The services of EU DPAs are provided at no cost to you.

11 – Federal Trade Commission (FTC).

EXP’s failure to comply with the Privacy Shield Principles is enforceable under Section 5 of the FTC Act prohibiting unfair and deceptive acts. The FTC has committed to make enforcement of the Framework a high priority, and will work together with EU privacy authorities to protect consumer privacy on both sides of the Atlantic.

We know that protecting the privacy of our clients and employees is important. Any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at 1-732-626-3700.

EXP delivers award-winning Enterprise Quality, Health, Safety and Environment (QHSE) management systems. Since 1999, EXP has deployed software platforms for clients in over 100 countries, including some of the most admired global companies. EXP’s customers are consistently recognized globally for their world-class QHSE programs. EXP partners with world-class language translation experts, incident investigation and root cause analysis experts, and the most powerful and flexible learning technology platform on the market.

Request A Demo

Subscribe For Newsletter

EXP Integrated Compliance Management Systems provide all of the necessary tools to implement comprehensive world-class QEHS and GRC programs.