Article Nov. 12, 2019
Article Nov. 12, 2019
Article Nov. 12, 2019
This General Privacy Statement is effective from November 12, 2019.
Last updated on November 12, 2019.
The protection of your personal data is important to us.
Your privacy is important to us and we want you to understand our practices with respect to the gathering and handling of your personal data.
This Privacy Statement describes how we Process the personal data which we receive from you:
ExxonMobil provides additional privacy notices for specific uses of certain personal data. The relevant ExxonMobil affiliates will Process the personal data in accordance with the privacy notices they provide for such specific uses. When these notices apply to you, we recommend that you read them carefully. You can find links to relevant notices and more information about ExxonMobil’s privacy program here.
In this Privacy Statement, we use certain defined terms. In order to understand the meaning of the defined terms, we refer you to Section 13, Defined Terms.
This Privacy Statement is addressed to:
Information from Children
ExxonMobil does not seek through the Site to gather personal data from or about persons under the age of 17.
ExxonMobil does not sell the personal information of minors under 16 years of age without affirmative authorization.
The ExxonMobil affiliate which operates the Site pertaining to its business activities is the Data Controller of the personal data collected through the Site. If you have a contractual or other business relationship with an ExxonMobil affiliate, such affiliate is the Data Controller of the personal data that it collects from you in the context of that relationship.
In case you have questions, please contact the firstname.lastname@example.org.
The ExxonMobil affiliate(s) acting as the Data Controller of the personal data, may transfer all or some of the personal data to ExxonMobil affiliates worldwide which may be located in third countries that are not regarded as providing an adequate level of protection to the personal data. The transfers take place in accordance with Section 7 below.
ExxonMobil is committed to collecting and using personal data in a lawful manner.
ExxonMobil will ensure that, when it Processes personal data, the Processing is allowed under applicable data protection law. In the EEA, UK and Switzerland, this means that in particular ExxonMobil shall assess whether and which justification (legal basis) it has for the Processing of personal data, as stipulated in the EU General Data Protection Regulation and applicable law. Justification for processing can, depending on the situation, include:
For more information on particular data processing activities, the purposes of this processing, and a description of the specific personal data, please review the table in Section 4.
Individuals may object to the Processing of their personal data and we will consider such objections carefully where required by law. For more information about your rights with respect to how we process your personal data, please refer to Section 9 and/or contact the ExxonMobil Data Privacy Office via email@example.com.
In this table we describe the categories of information that we gather via the Site and in connection with our business relationship with you. We also describe the purpose and legal basis, where applicable, for using and processing the information.
When ExxonMobil relies on its legitimate interest as a legal basis to Process personal data, ExxonMobil will ensure that these interests do not disproportionately and adversely impact an individual’s rights and freedoms.
When ExxonMobil relies on an individual’s consent as a legal basis to Process personal data, individuals can withdraw their consent at any time. Visitors wishing to withdraw their consent should notify us at firstname.lastname@example.org and we will stop the Processing of your personal data as soon as reasonably possible.
|Categories of personal data||Business Purpose of Processing of personal data||Legal basis, where applicable, of Processing||Categories of Sources||Categories of Third Parties to whom information is shared, if applicable|
|IP address (the Internet address assigned to your computer from your Internet Service Provider), domain type, browser type (e.g., Firefox, Chrome or Internet Explorer), device type, device screen size, display resolution, date and time of day.||To enable the Site to communicate with the visitor’s computer or mobile device.||ExxonMobil’s legitimate business interest in making available relevant Site content and Site services.||We collect this information automatically.||We share this information with IT application vendors who may be assisting us with our business purposes.|
|Access permissions, authentication information, business contact details, login/system ID, name, preferred language, title, and IP address.||To identify you as an authorized user and provide appropriate access to the Site for the purposes of customer account and Site information management.||ExxonMobil’s legitimate business interest in validating your identity and access permissions to ensure only approved users have access to the Site.||We collect this information automatically or directly from you.||We share this information with IT application vendors who may be assisting us with our business purposes.|
|Business contact details, name, preferred language, title, and other information provided by the user.||To manage and administer our business relationship with you as a customer or vendor. This includes Processing personal data to negotiate a contract, provide products and services you request, bill you for products and services you request, ensure product supply, verify creditworthiness, enforce our rights and handle potential disputes, perform audits, and provide information about our products and services.||ExxonMobil Processes the personal data in order to conclude, execute, perform and administer the relevant agreement or order with you, to comply with legal obligations to which we are subject and, where applicable, ExxonMobil’s legitimate business interest in optimizing its goods and services offering and its business organization.||We collect this information directly from you.||We share this information with IT application vendors who may be assisting us with our business purposes.|
|The information listed above. Internet or other electronic network activity information, including the number of visits to the site; parts of the Site visited; third party sites visited immediately before and after the visit to the Site; analytics measuring user browsing behavior; unique user ID (for product license counts), general locale of your computer or mobile device, and user name (if configured for collection) to provide user-specific learning solutions.||To help us administer the Site, customize your experience on the Site and to improve the Site and our products and services.||ExxonMobil’s legitimate business interest in improving the relevance of Site content and the quality of Site services.
To the extent required by applicable law, we will request that you consent to our use of personal data for this purpose (e.g. through a cookie banner).
|We collect this information automatically.|
|Name, position title/function, business contact details (email address).||To enable IT application integration, including facilitation of electronic signature processing capability and document approval workflow for agreements and other instruments.||ExxonMobil’s legitimate business interests for contract negotiation and performance..||We collect this information automatically or directly from you.|
|Any of the personal data referred to in this notice, provided the information is appropriately pseudonomized or anonymized, as required under applicable law.||For analytical and statistical purposes.||ExxonMobil’s legitimate business interest to ensure the relevance of the Site, to improve customer experience and ExxonMobil goods and services, and to promote our products and services.||We collect this information automatically or directly from you.|
Information placed on your computer when visiting the Site
To learn more about how to opt-out from cookies please click here (note: you will be taken to a third-party website).
We use third parties to monitor usage of our site and to provide site usage analytics. These third parties may not use such information for their own purposes.
For more information about the use of third party analytics, and about the cookies and files we place on your computer or mobile device, and how to erase or block them, see the Cookie Statement on the relevant Site.
Note that some goods or services may not be available if you choose not to provide the necessary personal data.
Targeted advertising, and our use of social media sites
We may use the information we collect through the Site to help manage our on-line advertising. For example, we may use information collected from the Site, to show you ads for our products and services when you visit other websites, e.g. third-party social media sites, news sites and (video) search engines. We use third-party advertising technology for this purpose. To learn more about third-party ad-serving technology and how to "opt-out" from such technology, please visit YourOnlineChoices.Com. Note: you will be taken to a third-party website.
Similarly, ExxonMobil is not responsible for the policies and practices of any website from which you linked to our Site.
We may use information collected through the Site to analyze links between your usage of the Site and your usage of other applications (e.g. our mobile payment App) across the different types of devices you use to access the Site or applications, in order to improve your cross-application experiences. In doing so, we use cookie files and other storage technologies on our Site in accordance with this Privacy Statement and the cookie statement on the Site.
We contract with other companies and persons to perform functions on our behalf. They have access to personal data needed to perform these business purposes.
For example, ExxonMobil may share your personal data with third parties in order to allow ExxonMobil to fulfill orders and make deliveries, to send postal mail, and e-mail, to manage customer lists, analyze data, provide marketing assistance, host websites, process card payments, and provide and improve customer service. Furthermore, communicating via the Internet and sending information, products, and services to you by other means necessarily involves your personal data passing through or being handled by third-parties.
These service providers have access to your personal data needed to perform their business purposes, but may not use it for other purposes.
Before any personal data is shared with service providers, we enter into a written agreement which requires them: (1) not to make any unauthorized disclosures of the personal data; (2) to use the personal data only for the specified purposes and only according to the instructions received from ExxonMobil; (3) to retain the personal data only as long as necessary or to protect company interests; and (4) to have in place adequate and appropriate security measures.
In some circumstances, ExxonMobil will disclose personal data to third parties, including competent authorities, legal advisors, Exxon, Mobil, or Esso-branded fuel station operators, payment and loyalty card issuers, and other contracted parties. These third parties process the personal data on their own behalf, for instance: if required by law, in order to defend ExxonMobil’s rights, or to handle individuals’ complaints and requests. We may also share your information in connection with a transfer of assets, or if we are otherwise involved in a merger or transfer. Only when permitted by applicable law and with your consent as required, will we distribute personal data to third parties, such as ExxonMobil distributors, for the purpose of allowing them to market their products and services to you.
Furthermore, we use third party screening tools to perform due diligence and other screening activities in accordance with our legal or regulatory obligations, and in particular Thomson Reuters World Check and Thomson Reuters Enhanced Due Diligence tools (EDD), where permitted by law, to do integrity and advanced background checks that provide us with information that help us to identify and protect against any regulatory, and/or reputational risk.
The relevant ExxonMobil affiliate who is the Data Controller may make personal data available to other ExxonMobil affiliates and may transfer some or all of the personal data to ExxonMobil servers located worldwide in accordance with applicable law.
The transfer of personal data from the EEA, UK and Switzerland to recipients located outside such territories is subject to restrictions. ExxonMobil has taken steps so that personal data receives an adequate level of data protection at all ExxonMobil locations. These steps include ExxonMobil affiliates entering into Inter Affiliate Agreements containing the EU “Standard Contractual Clauses”.
The EU Standard Contractual Clauses have been approved by the European Commission and relevant European authorities as offering adequate protection for transfers of personal data outside the EEA, UK and Switzerland.
When transferring personal data to third parties, ExxonMobil puts in place safeguards to ensure that the third party adequately protects the personal data. With respect to the transfer of personal data from the EEA, UK and Switzerland to outside such territories, ExxonMobil relies on (1.) EU “Standard Contractual Clauses”, (2.) contractual safeguards imposed on the third party which is contracted by ExxonMobil affiliates outside of EEA, UK or Switzerland (so-called onward transfers), (3.) Privacy Shield certification of the third party (established in the US), and (4.) protections available under local law for the third party established in a country deemed adequate by the EU Commission. Where permitted, and as applicable, we will rely on the individual’s consent.
For more information about specific transfer mechanisms, including information on existing safeguards implemented by ExxonMobil, please contact email@example.com.
Applicable law may give you certain rights with respect to your personal data.
For example, in California, amongst other rights, consumers may have the right to delete their data, to access personal data held by ExxonMobil, and to exercise these rights freely from discrimination.
In order to submit a verifiable consumer request to exercise your right to know about, or delete, your personal information, please visit ExxonMobil’s privacy program landing page where you may submit your request via email, web form or via phone.
Under data privacy laws in the EEA, UK and Switzerland, applicable law gives consumers the right to: access their personal data; have inaccurate or incomplete personal data rectified; restrict the Processing of their personal data, under certain circumstances; object to the Processing operations, having regard to the given circumstances and for reasons related to their particular situation; or have personal data erased when such data is no longer necessary for the purposes for which it has been collected, in accordance with applicable law.
In some circumstances, you also have a right to request a portable extract of your personal data, which will allow you to reuse your personal data for your own purposes.
You also have a right to lodge a complaint to the data protection supervisory authority in your country.
For more information about the specific mechanism available to exercise these rights, please contact the firstname.lastname@example.org.
To facilitate our efforts to address your request, please let us know the circumstances in which you initially provided ExxonMobil with your personal data, e.g. in connection with a specific product or service.
Do-Not-Track Signals and Similar Mechanisms. Some mobile web browsers transmit "do-not-track" signals. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
ExxonMobil does not use automated decision-making unless it is (i.) necessary for entering into, or performance of, a contract between the Individual and ExxonMobil and its affiliates, (ii.) permitted or required by law, or (iii.) based on the Individual’s explicit consent.
Automated decision-making refers to decisions that produce legal effects concerning an Individual or significantly affect the Individual and which are based solely on automated Processing (i.e. no human intervention) of personal data. ExxonMobil shall implement suitable measures to safeguard the Individual’s rights and freedoms and legitimate interests when automated decision-making is used.
ExxonMobil retains personal data as long as necessary to meet the purposes for which the data was collected, to exercise its legal rights and to ensure compliance with applicable law. ExxonMobil applies the following criteria in order to determine when to retain or delete the personal data:
ExxonMobil is committed to protecting your personal data as described in this Privacy Statement and as required by applicable laws. If you have any questions about this notice or our handling of your personal data, or if you would like additional information, please contact:
The term “Data Controller” means the natural or legal person (in the case of ExxonMobil, the relevant ExxonMobil affiliate) which determines the purposes and means of the Processing of personal data.
“ExxonMobil” and/or “ExxonMobil affiliates” mean (a) Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, (b) any company or partnership in which Exxon Mobil Corporation or any parent of Exxon Mobil Corporation now or hereafter, directly or indirectly (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Exxon Mobil Corporations, any parent of Exxon Mobil Corporation or an Affiliated Company has day to day operational control.
By “Processed” or “Processing” we mean any operation(s) which is performed on personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.