Effective 5th May 2020

Privacy Statement


Your privacy and trust are very important to us.  Expolink Group Limited, on behalf of itself and its affiliates and subsidiaries, (“Expolink”), provides technology solutions to our commercial customers to further their ethics and compliance goals.  We help by providing services such as whistle-blowing hotlines and incident management systems.  Expolink was acquired by NAVEX Global UK Limited (“NAVEX Global”) on 3 June 2019 and is now a NAVEX Global company. Expolink has partnered with NAVEX Global to manage your rights to your personal information, as further detailed in this Privacy Statement.  As a result of the foregoing, Expolink is integrating its internal corporate systems with NAVEX Global and its affiliated partners. For example, email, customer relationship management software, contract management software, and electronic file systems may be merged in order to support our shared business operations.

When you visit our website, or use our online services, we may receive information about you.  Our Privacy Statement provides more detail about how we collect personal information, how we use it, and how we support your rights to your data.  This introduction is intended to provide you with a summary of the topics we cover in our Privacy Statement.

Specifically, we collect information from our corporate website at https://www.expolink.co.uk and use information for our own internal business and marketing purposes.  We determine the purposes and institute the practices and requirements by which this personal information is collected, used, shared and destroyed. Expolink does not publish text, images, or multimedia content on our website that portray nudity, foul language, violence or other information not aligned with our commercial goals.

Please read this Privacy Statement carefully to understand our policies and practices regarding how we collect, store, use, and share your personal information.  If you do not agree with our policies and practices, your choice is not to access our website. By accessing or using our website, you agree to the terms of this Privacy Statement. Any personal information provided to us will never be sold, rented, traded, shared or leased other than as outlined in this Privacy Statement.


We provide services like whistle-blowing hotlines and incident management systems (the “Application”).  We collect information through our Application on behalf of our customers.  Our customers are organisations that engage us to deliver certain services available on our Application.

We process this information in connection with delivery of our services as contracted by a customer in our role as a data processor.  Our customers determine the purpose and the nature of the personal information collected, used, stored, or deleted within our Application.


We use personal information to provide our services, deliver information, improve our website, and to fulfill other requests you may have (like answering support questions).  We use measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. Additional details can be found below, but we want to be sure you know that we safeguard the information we hold.


If you decide not to receive marketing or promotional information from us you can unsubscribe at any time – either through the unsubscribe link in the message or by emailing us at privacy@navexglobal.comPlease include “Opt-out” in the subject line.  For any additional rights that may be associated with your personal information, please refer to our full Privacy Statement below for more details.


If you have questions about this Privacy Statement you can contact us directly.

Attention: Data Protection Officer
6 Greenways Business Park, Bellinger Close, Chippenham, SN15 1BN


Website Privacy Practices


How we process your personal information depends upon how you use and interact with our website.  Some information is provided directly by you, while other information may be collected through automated technologies.

Legal Basis for Processing. When accessing our website, we process personal information from you where 1) we have your consent, 2) where your personal information is necessary for us to provide a service, or 3) where we have a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to process your personal information, or to process your personal information in order to exercise, establish or defend legal claims.

Website Access.  More specifically, we may collect information when you provide it directly to us through the website in webforms or when you download white papers, articles or other collateral.  The type of information collected on these forms includes the following:

  • First Name / Last Name
  • Email Address
  • Work Location
  • Job Title
  • Department

Automated Processing Mechanisms and Cookie Notice. In addition to the direct procession practices detailed above, we and our service providers use automated processing technologies to process information within some areas of our website. We use cookies to store content and preferences which enables us to process standard information your browser sends to certain websites you visit such as your IP address, browser type and language, and the site you came from as well as pages you visit and links you click on within our website. Having technical information like this helps us to improve the website. We aim to be transparent about the automated technologies we use, and in order to communicate the type, provider, and name of automated technologies employed to accomplish that, we have made additional resources available to provide more detail around automatic information processing technologies available at https://www.expolink.co.uk/cookie-policy/


We use personal information processed from the website to respond to requests for information, including marketing and advertising communications, and to continue developing and improving the website.

When you make requests on the website. We use information processed from the website to respond to visitors’ requests. Expolink does not sell, rent, lease, trade or share visitors’ personal information other than as outlined in this Privacy Statement. When you provide us with your personal information or otherwise choose to sign up to receive email communications from us, we will use that information to send those communications to you. Individuals may “opt-out” of receiving e-mail communications through links available on e-mails received.

Social Media Links.  Our website includes social media plug-ins (“Features”), such as the Facebook “Like” or “Share” buttons or widgets which allow us to show you third party content within our site, like YouTube videos (“Widgets”). These Features or Widgets may collect your IP address, which page you are visiting on our site, the activity you took associated with the Feature or Widget, and may set a cookie in order to function properly. These Features and Widgets are either hosted by a third party or hosted directly on our site and may send your information to the third party owner of the Feature or Widget. Your interactions with Features and Widgets are governed by the privacy policy of the company providing the Feature or Widget and when you use them, you consent to use of your information in accordance with their terms.

Data Retention. Where Expolink serves as the controller of the data, such as where we use personal information for our own independent business purpose, we will retain your information in accordance with our data retention practices as follows:  We will retain your information for the necessary period of time that it serves the purpose for which it was originally processed or subsequently authorised and in accordance with applicable law. For example, we will retain your information for as long as your account is active, as necessary to comply with our legal obligations and rights, to resolve disputes, and to enforce our agreements.


Where we share personal information with third parties, we do so as set forth below.  Any information we collect will never be sold, rented, traded, shared or leased other than as outlined in this Privacy Statement.

Service Providers and Analytics.  Expolink contracts with select third parties to provide us with web-based services that include e-mail delivery, customer relationship management, and content streaming; these services may collect certain visitor data and click-through data, including IP address, referring page, pages visited on our website and whether you opened an email, and clicked on any content within that email. These third parties may only use directly identifying data, for example, e-mail addresses, for the service requested in accordance with Expolink’s privacy practices and not for their own marketing purposes unless you separately consent to receive such marketing under the terms provided by that third party.


Expolink acknowledges that you may have the right to access your personal information. Expolink and NAVEX Global work together to manage your inquiries as applicable.

Application Users Note.  Please note that where personal information is collected within the software applications we offer, we do so on behalf of customer organisations and those customer organisations manage the data in accordance with their own internal policies and procedures. Any questions related to how that customer organisation may process, use or share your information should be directed to that customer organisation by contacting them directly. We will respond to any requests from the customer organisation to remove or edit data within a reasonable timeframe.

Rights provided under the Privacy Shield Frameworks to personal information transferred from European Union (EU) member countries and Switzerland to the United States. Expolink and NAVEX Global respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have processed from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation.  In order to make such a request of us, please use this web form, powered by NAVEX Global. NAVEX Global and Expolink will respond to and manage your request with respect to the personal information Expolink holds.

European Economic Area, Switzerland or United Kingdom Citizen Data Subject Rights. Individuals who reside in the European Economic Area (EEA), including Switzerland and the United Kingdom (UK) have additional rights reserved under the General Data Protection Regulation (GDPR), the UK Data Protection Act and/or ePrivacy Directive, as applicable. This section details those additional rights and information on how to exercise them:

  • You may request to access, correct, update or request deletion of your personal information based on information collected from accessing our website or participating in our Webinars.
  • You may request additional information related to the purposes for which we process your personal information, the categories of personal information we process, where we originally collected the information, who we share it with, and how long we will retain it.
  • You may object to our processing of your personal information, request that we restrict the processing of your personal information or request portability.
  • You have the right to opt-out of marketing communications we sent you at any time. You can do so by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send to you, including our newsletter. You may also opt-out of other forms of marketing (such as postal or telemarketing).
  • Where we have collected and processed your personal information with your consent, you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • Upon your request, and where it is technically feasible, Expolink will provide you with a copy of your personal information or transmit it directly to another controller.
  • You have the right to submit a complaint to a data protection authority about our collection and use of your personal information.  For more information, please contact your local data protection authorities. Contact details are available here.

To make a request please use this web form, powered by NAVEX Global or email us at privacy@navexglobal.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant. Expolink and NAVEX Global will provide a response to an access request within 30 days of receiving such a request with respect to the personal information Expolink holds or if we cannot, we will notify you and provide you with the reason for the delay.

Identity Verification Requirement. We are required by law to verify that any request submitted was made by someone with the legal right to access the data.  Therefore, prior to accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information in order for us to verify your identity and legal authority.

Under certain circumstances we may not be able to fulfill your request, such as where doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort; in any event, we will respond to your request within a reasonable time frame and as required by law, and provide you an explanation.


If personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to appropriate safeguards necessary to ensure an adequate level of protection in accordance with this Privacy Statement.


Expolink’s affiliated company, NAVEX Global, Inc. (and its subsidiary companies, The Network, Inc. and Lockpath, Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss- U.S. Privacy Shield Framework. NAVEX Global, Inc. is committed to subjecting all personal information received from the European Economic Area, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Frameworks’ applicable Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. Any transfers of data from Expolink to NAVEX Global shall be legitimised utilising NAVEX Global’s EU-US Privacy Shield certification.

NAVEX Global, Inc. is responsible for the processing of personal information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. NAVEX Global, Inc. complies with the Privacy Shield Principles for all onward transfers of personal information from the European Economic Area, United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, NAVEX Global, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, NAVEX Global may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the following U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.


Security. Expolink prohibits any unauthorised access or use of any information stored on our servers. Unauthorised access to this information is a violation of law. In the event of a breach of security or a reasonably suspected breach of security, Expolink will properly investigate and press charges to the fullest extent possible against any party it determines has illegally accessed information within our systems.

We follow generally accepted industry standards to protect the personal information submitted to us, both when transmitted and when stored. Expolink has placed security measures and firewalls on all network servers in an attempt to prevent outside parties from accessing private information. These precautions are designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure.  However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our website, you can e-mail us at privacy@navexglobal.com  with “Questions about Website Security” in the subject line.

Legal Disclosures. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We reserve the right to disclose your personal information as required by law and when we believe in good faith that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on us.

Business Transfer. In the event we undergo a legal business restructuring, business transition, merger, acquisition by another company, or sale of all or a portion of its assets, your personal information will likely be among the assets transferred. You will be notified via prominent notice on our website for 30 days of any such change in ownership or control of your personal information.


If you have received unwanted, unsolicited e-mail sent by Expolink or purporting to be sent via Expolink, please forward a copy of that e-mail with your comments to privacy@navexglobal.com for review.

If you have questions or complaints regarding our privacy statement or practices, please contact us at privacy@navexglobal.com with “Privacy Enquiry” in the subject line and provide detail on your question or complaint so that we may adequately respond.

Expolink (Data Controller)

Attention: Data Protection Officer
6 Greenways Business Park, Bellinger Close, Chippenham, SN15 1BN



Any updates or changes to this Privacy Statement will be posted to this Privacy Statement, the home page, or other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this Privacy Statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by e-mail, or by means of a notice on our home page prior to the change becoming effective.