When a visitor to EXP’s website is required to submit registration information as a prerequisite for accessing any content area of EXP’s website, or to use any of its interactive services, contests or newsgroups or e-Commerce applications, EXP will not share or sell that personal information about our users to any outside agency, advertiser or other third party unless the user was made aware of this possibility prior to submitting their personal information.
In most instances, EXP will collect, use or disclose personal information about clients only for the purpose of providing professional services. Each Services Agreement includes an explanation of how confidential information will be handled, what use will be made of it and with whom it may be shared in order to provide professional services.
EXP will also collect and use personal information about clients, and prospective clients for the purpose of sending news and information updates or invitations to events hosted or sponsored by EXP.
Personal Information may also be shared internally in order to allow us to offer services or products that may be of interest to clients.
EXP collects personal information about our employees in order to pay them, comply with laws, provide them with benefits, administer performance management tools, to improve on and manage programs, policies and employee relations and generally to establish, manage or terminate the employment relationship. In certain cases, EXP may also aggregate employee personal information to provide business metrics and evaluate the effectiveness of our HR programs, but this aggregated information will not allow the identification of any individual.
We may also use or disclose employee information in the course of investigating, negotiating or completing a sale, financing or other business transaction involving all or any part of our business.
We also collect personal information from individuals seeking employment with EXP.
When EXP collects personal information, we will disclose the reasons why we require such information, what use will be made of it and with whom it may be shared. Collection may occur without knowledge or consent as permitted by law, including collection in the course of an investigation.
The Terms and Conditions of every EXP professional services engagement are documented in each Services Agreement and Statements of Work. These Terms and Conditions include a discussion about how EXP may use and disclose personal information. By signing the Services Agreement, the client will be providing its consent to the collection, use and disclosure described in the Terms and Conditions.
Forms and applications used to provide human resources-related services will describe the purposes for which their personal information is required and with whom it will be shared.
Employment candidates will also be advised of the purposes for which their personal information is being collected.
EXP clients always have the option not to provide their consent to the collection, use and distribution of their personal information, or to withdraw their consent at a later stage. Where a client chooses not to provide us with permission to collect, use or disclose personal information, we may not have sufficient information to continue providing the client with our services.
Where an employee or candidate for employment chooses not to provide us with permission to collect, use or disclose personal information, we may not be able to employ them, continue to employ them or to provide them with benefits.
EXP will limit the collection of personal information to that which is reasonably required to provide our services or operate our business.
If EXP intends to use personal information for any purpose not previously identified to the individual, we will obtain their prior consent.
However, EXP may use personal information without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual, or as otherwise permitted by law including for purposes of an investigation. We may also disclose personal information without consent as permitted or required by applicable federal and state privacy laws, including:
– to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction or to comply with rules of conduct required by regulatory bodies
– to a government institution that has requested the information, identified its lawful authority, and indicates that disclosure is for the purpose of enforcing or carrying out an investigation; or gathering intelligence relating to any federal, state or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal or state law
– to an investigative body or government institution on our initiative when we believe the information concerns a breach of an agreement, or a contravention of a federal, state, or foreign law, or we suspect the information relates to national security or the conduct of international affairs
We keep a record of the work performed by EXP employees. This record may include personal information and will be retained until such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. This information is safeguarded against inappropriate access, as discussed in Principle “7” below.
EXP retains personal information about current and past employees in accordance with employment laws and standards. We will destroy human resources and other files containing employee personal information when such information is no longer reasonably required for legal, administrative, audit or regulatory purposes. Certain additional information may be retained to administer and keep former employees informed about our corporate activities. Former employees may request at any time that they not be contacted.
Personal information collected from individuals seeking employment with EXP will be retained by EXP for a period up to 60 months so that EXP may contact the applicant about other positions that may also be of interest. If a candidate is hired, the personal information collected during the application process will be retained in order to establish and manage the employment relationship.
In order to provide clients with a professional level of service, the personal information that we collect must be accurate, complete and current. From time to time, clients may be asked to update their personal information. Clients are encouraged to advise their project manager of any changes to their personal information that may be relevant to the services we are providing.
In order to establish and manage the employee relationship, the personal information that we collect must be accurate, complete and current. From time to time, employees may be asked to update their personal information. Employees are encouraged to advise HR of any changes to their personal information.
EXP will protect personal information by using physically secure facilities, industry standard security tools and practices, and clearly defined internal policies and practices.
Security measures are in place to protect the loss, misuse and alteration of the personal information under our control. Personal information is stored in secure environments that are not available to the public (e.g., restricted access premises, locked rooms and filing cabinets). To prevent unauthorized electronic access to personal information, any information that is stored in electronic form is protected in a secure electronic and physical environment.
Clients have the right to review and obtain a copy of their personal information on record in our individual offices by contacting their Project Manager.
Employees have the right to review and obtain copies of their personal information on record by contacting Human Resources.
EXP will respond to individual complaints and questions relating to privacy. We will investigate and attempt to resolve all complaints.
To challenge compliance with this Policy, individuals should forward their concerns in writing to EXP’s Privacy Officer. The Privacy Officer will ensure that a complete investigation of all complaints has been undertaken and will report their findings to the individual in most instances within 30 days.
In compliance with the Privacy Shield Principles, EXP commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Private Shield policy should first contact EXP Privacy Officer at +1-732-626-3700.
EXP has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
EXP’s failure to comply with the Privacy Shield Principles is enforceable under Section 5 of the FTC Act prohibiting unfair and deceptive acts. The FTC has committed to make enforcement of the Framework a high priority, and will work together with EU privacy authorities to protect consumer privacy on both sides of the Atlantic.
We know that protecting the privacy of our clients and employees is important. Any questions or concerns about your privacy and our role in protecting it, please contact our Privacy Officer at 1-732-626-3700.