Expertly Cross-Border
Data Privacy Framework

Updated: January 1, 2025

Effective: February 1, 2025

Update Notice: Update Notice: This document has been revised and completely replaces any previous version. Please refer to the “Updated” and “Effective” dates above. Your continued use of the Site or Services after the Effective Date constitutes your acceptance of the revised terms.

Purpose

This policy outlines how Expertly, LLC handles personal data transferred from the European Union (EU), United Kingdom (UK), and Switzerland to the United States. While Expertly is not currently self-certified under the EU-U.S. Data Privacy Framework (DPF), we are committed to handling cross-border personal data in a manner consistent with recognized privacy principles and applicable laws, including the General Data Protection Regulation (GDPR).

This policy applies to personal data received via:

• Our Chrome extension (the “AI Toolbar”)
• The Expertly desktop helper application/service
• Hosted software solutions (the “Subscription Service”)
• Customer support and expert services such as training or consulting
• Other applications, tools, or interfaces provided by Expertly that facilitate use of our Services

Types of Personal Data Collected

As a Processor:

• Expertly processes customer-submitted data, which may include personal data, based on instructions from our customers (the Controllers).

As a Controller, we may collect:

• Communications and requests from customers and users
• Data arising from product usage and interactions with our team
• Device-related information (e.g., OS type, geolocation, credentials)
• General business contact details (e.g., billing contacts, payment methods)

Purpose of Collection and Use

We process personal data to:

• Provide, support, and improve our services and applications
• Fulfill contractual and legal obligations
• Ensure security, system integrity, and regulatory compliance
  

We retain data per our internal data retention policy unless a longer period is required by law or contract.

Third-Party Disclosures

We may share personal data with:

• Authorized service providers and business partners
• Acquirers or successors in case of mergers, acquisitions, or asset transfers
• Legal authorities when required by law
• Our U.S.-based affiliates, where applicable

All third-party access to personal data is governed by appropriate contractual safeguards.

Data Subject Rights

Individuals in the EU, UK, and Switzerland may:

• Request access to their personal data
• Request corrections or deletions where applicable
• Object to certain types of processing
  

If we process your data on behalf of a customer, we will direct your request to that customer. For direct inquiries, contact our Privacy Team at privacy@expertly.com.

Choices & Controls

Where applicable and required by law, individuals may:

• Limit disclosure to third parties
• Withdraw consent for non-essential processing
• Opt out of processing for different purposes than initially collected

Sensitive data is only processed when necessary and with appropriate safeguards, including consent where legally required.

International Transfers

Expertly takes commercially reasonable steps to ensure that any transfer of personal data from the EU, UK, or Switzerland to the U.S. is protected. We use safeguards such as:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• Vendor due diligence and risk assessments

Dispute Resolution

Questions or complaints regarding our privacy practices can be directed to:
privacy@expertly.com

 U.S. HQ Mailing Address:
Expertly, LLC
Attn: Privacy
31 NE 17th Street
Miami, FL 33132

 EU Representative for GDPR-related matters: Jose Garcia
privacy@expertly.com

Governance & Compliance

Expertly’s Privacy Team oversees privacy-related governance, including:

• Annual policy review
• Vendor privacy assessments
• Contractual reviews and DPIAs (as applicable)

Definitions

• Controller: Determines the purpose/method of processing
• Processor: Processes data on behalf of a controller
• Customer Data: Data submitted by or for a customer into our services
• Sensitive Data: Includes data on health, race, politics, religion, etc.
• User: Authorized individual accessing our service