Privacy Policy

Effective Date: November 6, 2025
Last Updated: November 6, 2025

This Privacy Notice for Expedium Consulting, LLC (“Company,” “we,” “us,” or “our”) explains how and why we collect, store, use, and share (“process”) your personal information when you interact with our services (“Services”). This includes when you visit our website at expediumconsulting.com or any other website we own or operate that links to this Privacy Notice.

SUMMARY OF KEY POINTS

  • What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services.
  • Do we process any sensitive personal information? We do not process sensitive personal information.
  • Do we receive any information from third parties? We do not receive any information from third parties.
  • How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, and for security and spam prevention. We process your information only when we have a valid legal reason to do so.
  • In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, specifically for email campaign management if you opt into receiving updates from us.
  • How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.


TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  7. HOW LONG DO WE KEEP YOUR INFORMATION?
  8. HOW DO WE KEEP YOUR INFORMATION SAFE?
  9. DO WE COLLECT INFORMATION FROM MINORS?
  10. WHAT ARE YOUR PRIVACY RIGHTS?
  11. CONTROLS FOR DO-NOT-TRACK FEATURES?
  12. DO WE MAKE UPDATES TO THIS NOTICE?


1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us. We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You 

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • Names
  • Email Addresses
  • Company Names
  • Job Titles
  • Contact preferences


Sensitive Information 

We do not process sensitive information unless you disclose it voluntarily when contacting us, which is not recommended.

Device Information

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics (“Device Information”) — is collected automatically when you use our Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for website functionality.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information to provide, improve, and administer our Services, communicate with you, and for security and spam prevention. We may also process your information for other purposes with your consent. We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including spam monitoring and prevention. 
  • To save or protect an individual’s vital interest, we may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.


3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to diagnose problems and/or prevent fraudulent activities
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.


If you are located in Canada, this section applies to you.

We process your personal information in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA). We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose. In limited cases, your permission may be inferred (i.e., implied consent), but only where permitted by law and where the context clearly supports such inference. In certain exceptional circumstances, we may be legally permitted to process your information without your consent, including:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.
  • For investigations, fraud detection, and prevention.
  • For business transactions, provided legal conditions are met.
  • If contained in a witness statement and necessary for insurance claim processing.
  • For identifying injured, ill, or deceased persons and communicating with next of kin.
  • If we reasonably believe an individual is or may be a victim of financial abuse.
  • If obtaining consent would compromise the availability or accuracy of the information and the collection is reasonable for investigating a breach of law or agreement.
  • If disclosure is required to comply with a subpoena, warrant, court order, or legal rules.
  • If the information was produced in the course of employment and its collection aligns with the original purpose.
  • If the collection is solely for journalistic, artistic, or literary purposes.
  • If the information is publicly available and specified by regulation.


Your Rights
Depending on your province, you may have the right to:

  • Access and correct your personal data.
  • Request deletion or data portability.
  • Be informed of automated decision-making that affects you.
  • Withdraw consent at any time, subject to legal or contractual restrictions.


4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share information in specific situations described in this section
and/or with the following third parties.

  • We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.


5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use basic cookies to collect and store some Device Information (defined above) for basic website functionality and to reduce spam activity. Cookie Policy

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

We may transfer, store, and process your personal information in countries other than your own. Our servers are located in the United States. If you are accessing our Services from outside the United States, including from the European Economic Area (EEA) or the United Kingdom (UK), please be aware that your information may be transferred to, stored, and processed in the United States and other countries.

For residents of the EEA or UK, such transfers may be considered “restricted transfers” under applicable data protection laws. Where required, we implement appropriate safeguards to ensure that your personal data is protected in accordance with applicable law. These safeguards may include:

  • Transfers to countries deemed to provide an adequate level of data protection by the European Commission or UK government;
  • Use of Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Use of the UK’s International Data Transfer Agreement (IDTA) or Addendum to the SCCs;
  • Participation in the EU-U.S. Data Privacy Framework, where applicable.


We also conduct Transfer Impact Assessments (TIAs) where necessary to evaluate the legal risks associated with international transfers and implement supplementary measures to protect your data.

By using our Services, you acknowledge that your personal information may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement appropriate and reasonable technical and organizational measures designed to protect the security and confidentiality of the personal information we process. These measures may include encryption, access controls, secure servers, and regular security assessments.

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. While we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to or from our Services. You are responsible for ensuring that you access our Services from a secure environment.

In the event of a data breach involving your personal information, we will take appropriate steps to investigate, mitigate, and notify affected individuals in accordance with applicable laws and regulations.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect, solicit, or market personal information from children under the age of 13, in compliance with the Children’s Online Privacy Protection Act (COPPA). If you are under 13, please do not use our Services or provide any personal information through the Site.

If you are under 18, you may only use the Services with the involvement and consent of a parent or legal guardian. By using the Services, you represent that you are at least 18 years old or that you are the parent or guardian of a minor and consent to their use of the Services.

If we learn that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will take reasonable steps to delete such information promptly. If you believe we may have collected information from a child under 13, please contact us via the appropriate page on our website.

10. WHAT ARE YOUR PRIVACY RIGHTS?

International Data Protection Rights

If you are located in regions such as the European Economic Area (EEA), United Kingdom (UK), Canada, or other jurisdictions with comprehensive data protection laws, you may have the following rights under applicable law:

  • Access: Request access to and obtain a copy of your personal information.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal information.
  • Restriction: Request limitation of processing under certain conditions.
  • Portability: Receive your data in a structured, commonly used format and transmit it to another controller.
  • Objection: Object to processing based on legitimate interests or direct marketing.


If you are located in the EEA, UK, or Switzerland and believe we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection authority:

  • EEA Supervisory Authorities
  • UK Information Commissioner’s Office
  • Swiss Federal Data Protection and Information Commissioner


U.S. State Privacy Rights

As of 2025, over 20 U.S. states have enacted comprehensive consumer privacy laws, including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Minnesota, Maryland, and others. Depending on your state of residence, you may have rights such as:

  • Right to Know: What personal data is collected, used, shared, or sold.
  • Right to Access: Obtain a copy of your personal data.
  • Right to Delete: Request deletion of personal data.
  • Right to Correct: Fix inaccuracies in your data.
  • Right to Opt-Out: Prevent the sale or sharing of personal data, including for targeted advertising or profiling.
  • Right to Limit Use of Sensitive Data: Restrict how sensitive personal information is used.


Some states also recognize universal opt-out mechanisms (e.g., browser-based signals) and require data protection impact assessments for high-risk processing.

To exercise your rights, please contact us via the Contact Us page. We will respond in accordance with applicable laws and within the legally required timeframes.

Withdrawing Consent

Where we rely on your consent to process personal information, you may withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing prior to withdrawal or processing based on other lawful grounds.

Marketing Communications

You may opt out of receiving marketing and promotional communications by clicking the “unsubscribe” link in our emails. This will remove you from our marketing list, though we may still contact you for service-related purposes.

Cookies and Similar Technologies

Our website uses only essential cookies required for basic functionality. Most browsers accept cookies by default, but you can modify your settings to reject or remove them. Doing so may affect the performance or availability of certain features. Please review our Cookies Policy here for more information.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Some web browsers, mobile operating systems, and applications include a Do-Not-Track (“DNT”) feature or setting that signals your preference not to be tracked online. Our Site recognizes and responds to DNT signals by limiting certain tracking activities, in accordance with applicable privacy standards.

In addition, certain jurisdictions—such as California and Colorado—recognize Global Privacy Control (GPC) signals as valid mechanisms for opting out of the sale or sharing of personal information. If you are a resident of one of these states and your browser or extension sends a GPC signal, we will honor it as required by law.

12. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this privacy notice from time to time to reflect changes in our Services, applicable laws, industry standards, or our internal practices. When we make changes, we will revise the “Last Updated” date at the top of this page. The updated version will become effective as soon as it is published on this page, unless otherwise stated.

We encourage you to review this privacy notice periodically to stay informed about how we are protecting your information and to understand your rights and obligations.