Privacy statement

Article Nov. 12, 2019

Privacy statement

This General Privacy Statement is effective from November 12, 2019.
Last updated on November 12, 2019.

The protection of your personal data is important to us.

Your privacy is important to us and we want you to understand our practices with respect to the gathering and handling of your personal data.

This Privacy Statement describes how we Process the personal data which we receive from you:

  • through this Contracting and Materials Contract Lifecycle Management Platform website and through other related websites, systems and applications, all of which refer to this Privacy Statement. Collectively, these sites, applications and systems are referred to as the “Site”.

ExxonMobil provides additional privacy notices for specific uses of certain personal data. The relevant ExxonMobil affiliates will Process the personal data in accordance with the privacy notices they provide for such specific uses. When these notices apply to you, we recommend that you read them carefully. You can find links to relevant notices and more information about ExxonMobil’s privacy program here

In this Privacy Statement, we use certain defined terms. In order to understand the meaning of the defined terms, we refer you to Section 13, Defined Terms.

1. INDIVIDUALS TO WHOM THIS PRIVACY STATEMENT IS ADDRESSED

This Privacy Statement is addressed to:

  • visitors of the Site;
  • recipients of electronic or other communications which contain or refer to this Privacy Statement; and
  • individuals with whom the Data Controller(s), listed in Section 2 below, have a business relationship, such as customers, and external stakeholders. 

Information from Children

ExxonMobil does not seek through the Site to gather personal data from or about persons under the age of 17. 

ExxonMobil does not sell the personal information of minors under 16 years of age without affirmative authorization.

2. IDENTITY OF THE EXXONMOBIL AFFILIATE COLLECTING THE PERSONAL DATA AS DATA CONTROLLER

The ExxonMobil affiliate which operates the Site pertaining to its business activities is the Data Controller of the personal data collected through the Site. If you have a contractual or other business relationship with an ExxonMobil affiliate, such affiliate is the Data Controller of the personal data that it collects from you in the context of that relationship.

In case you have questions, please contact the data.privacy.office@exxonmobil.com.

The ExxonMobil affiliate(s) acting as the Data Controller of the personal data, may transfer all or some of the personal data to ExxonMobil affiliates worldwide which may be located in third countries that are not regarded as providing an adequate level of protection to the personal data. The transfers take place in accordance with Section 7 below.

3. EXXONMOBIL'S COMPLIANCE WITH DATA PROTECTION LAWS

ExxonMobil is committed to collecting and using personal data in a lawful manner.

ExxonMobil will ensure that, when it Processes personal data, the Processing is allowed under applicable data protection law. In the EEA, UK and Switzerland, this means that in particular ExxonMobil shall assess whether and which justification (legal basis) it has for the Processing of personal data, as stipulated in the EU General Data Protection Regulation and applicable law. Justification for processing can, depending on the situation, include:

  • ExxonMobil’s legitimate business interest, unless such interests are overridden by the interests or fundamental rights and freedoms of the Individual, and/or
  • The performance of a contract to which the Individual is a party, and/or
  • Compliance with a legal obligation to which ExxonMobil is subject, and/or
  • In order to protect the vital interests of the Individual, and/or
  • Your consent to the Processing of your personal data for one or more specific purposes. In that case, you may withdraw your consent at any time. 

For more information on particular data processing activities, the purposes of this processing, and a description of the specific personal data, please review the table in Section 4

Individuals may object to the Processing of their personal data and we will consider such objections carefully where required by law. For more information about your rights with respect to how we process your personal data, please refer to Section 9 and/or contact the ExxonMobil Data Privacy Office via data.privacy.office@exxonmobil.com.

4. COLLECTION OF PERSONAL DATA

In this table we describe the categories of information that we gather via the Site and in connection with our business relationship with you. We also describe the purpose and legal basis, where applicable, for using and processing the information.

When ExxonMobil relies on its legitimate interest as a legal basis to Process personal data, ExxonMobil will ensure that these interests do not disproportionately and adversely impact an individual’s rights and freedoms. 

When ExxonMobil relies on an individual’s consent as a legal basis to Process personal data, individuals can withdraw their consent at any time. Visitors wishing to withdraw their consent should notify us at data.privacy.office@exxonmobil.com and we will stop the Processing of your personal data as soon as reasonably possible.

Categories of personal data Business Purpose of Processing of personal data Legal basis, where applicable, of Processing Categories of Sources Categories of Third Parties to whom information is shared, if applicable
IP address (the Internet address assigned to your computer from your Internet Service Provider), domain type, browser type (e.g., Firefox, Chrome or Internet Explorer), device type, device screen size, display resolution, date and time of day. To enable the Site to communicate with the visitor’s computer or mobile device.  ExxonMobil’s legitimate business interest in making available relevant Site content and Site services. We collect this information automatically. We share this information with IT application vendors who may be assisting us with our business purposes. 
Access permissions, authentication information, business contact details, login/system ID, name, preferred language, title, and IP address. To identify you as an authorized user and provide appropriate access to the Site for the purposes of customer account and Site information management. ExxonMobil’s legitimate business interest in validating your identity and access permissions to ensure only approved users have access to the Site. We collect this information automatically or directly from you. We share this information with IT application vendors who may be assisting us with our business purposes.
Business contact details, name, preferred language, title, and other information provided by the user. To manage and administer our business relationship with you as a customer or vendor. This includes Processing personal data to negotiate a contract, provide products and services you request, bill you for products and services you request, ensure product supply, verify creditworthiness, enforce our rights and handle potential disputes, perform audits, and provide information about our products and services. ExxonMobil Processes the personal data in order to conclude, execute, perform and administer the relevant agreement or order with you, to comply with legal obligations to which we are subject and, where applicable, ExxonMobil’s legitimate business interest in optimizing its goods and services offering and its business organization. We collect this information directly from you. We share this information with IT application vendors who may be assisting us with our business purposes.
The information listed above.  Internet or other electronic network activity information, including the number of visits to the site; parts of the Site visited; third party sites visited immediately before and after the visit to the Site; analytics measuring user browsing behavior; unique user ID (for product license counts), general locale of your computer or mobile device, and user name (if configured for collection) to provide user-specific learning solutions. To help us administer the Site, customize your experience on the Site and to improve the Site and our products and services. ExxonMobil’s legitimate business interest in improving the relevance of Site content and the quality of Site services.
To the extent required by applicable law, we will request that you consent to our use of personal data for this purpose (e.g. through a cookie banner).
We collect this information automatically. We share this information with IT application vendors who may be assisting us with our business purposes.
Name, position title/function, business contact details (email address).  To enable IT application integration, including facilitation of electronic signature processing capability and document approval workflow for agreements and other instruments. ExxonMobil’s legitimate business interests for contract negotiation and performance.. We collect this information automatically or directly from you. We share this information with IT application vendors who may be assisting us with our business purposes.
Any of the personal data referred to in this notice, provided the information is appropriately pseudonomized or anonymized, as required under applicable law. For analytical and statistical purposes. ExxonMobil’s legitimate business interest to ensure the relevance of the Site, to improve customer experience and ExxonMobil goods and services, and to promote our products and services. We collect this information automatically or directly from you. We share this information with IT application vendors who may be assisting us with our business purposes.

5. COOKIES AND TARGETED ADVERTISING

Information placed on your computer when visiting the Site

We use cookies and other local storage technologies or files such as pixels, tags, web beacons and Local Shared Objects (sometimes called “flash cookies”) which we store on your computer or mobile device when you visit the Site. The cookies and files stored on your computer or mobile device facilitate customizing your use of the Site and help to avoid the need to re-enter your details every time you visit. You can erase or block this information from your computer.  Flash cookies may use parts of your device other than your browser, which means that you may not be able to control their use using browser tools and settings.  For more information about managing Flash cookies, please visit the Adobe Flash Player website.  Note: you will be taken to a third-party website.

To learn more about how to opt-out from cookies please click here (note: you will be taken to a third-party website).

We use third parties to monitor usage of our site and to provide site usage analytics. These third parties may not use such information for their own purposes. 

For more information about the use of third party analytics, and about the cookies and files we place on your computer or mobile device, and how to erase or block them, see the Cookie Statement on the relevant Site. 

Note that some goods or services may not be available if you choose not to provide the necessary personal data.

Targeted advertising, and our use of social media sites

We may use the information we collect through the Site to help manage our on-line advertising.  For example, we may use information collected from the Site, to show you ads for our products and services when you visit other websites, e.g. third-party social media sites, news sites and (video) search engines. We use third-party advertising technology for this purpose. To learn more about third-party ad-serving technology and how to "opt-out" from such technology, please visit YourOnlineChoices.Com.  Note: you will be taken to a third-party website.

Our Site also provides links to third party websites.  This may include social plug-ins to Facebook, Twitter, YouTube and other social media. In case we receive certain statistical information regarding the click-through via these links or social plug-in, we will treat such statistical information in accordance with applicable laws. By clicking on such links or social plug-ins, an online connection will be established between your browser and the servers of the relevant websites and as a result certain personal data may be collected by these websites. ExxonMobil does not own, control or maintain these websites. We recommend that you review the privacy policy of these other sites carefully and contact the operator if you have concerns or questions. ExxonMobil is not responsible for the way such third parties handle personal data and makes no representations or warranties about the privacy practices and accuracy of the content of those sites.

Similarly, ExxonMobil is not responsible for the policies and practices of any website from which you linked to our Site.

We may use information collected through the Site to analyze links between your usage of the Site and your usage of other applications (e.g. our mobile payment App) across the different types of devices you use to access the Site or applications, in order to improve your cross-application experiences. In doing so, we use cookie files and other storage technologies on our Site in accordance with this Privacy Statement and the cookie statement on the Site. 

6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We contract with other companies and persons to perform functions on our behalf. They have access to personal data needed to perform these business purposes. 

For example, ExxonMobil may share your personal data with third parties in order to allow ExxonMobil to fulfill orders and make deliveries, to send postal mail, and e-mail, to manage customer lists, analyze data, provide marketing assistance, host websites, process card payments, and provide and improve customer service. Furthermore, communicating via the Internet and sending information, products, and services to you by other means necessarily involves your personal data passing through or being handled by third-parties.

These service providers have access to your personal data needed to perform their business purposes, but may not use it for other purposes. 

Before any personal data is shared with service providers, we enter into a written agreement which requires them: (1) not to make any unauthorized disclosures of the personal data; (2) to use the personal data only for the specified purposes and only according to the instructions received from ExxonMobil; (3) to retain the personal data only as long as necessary or to protect company interests; and (4) to have in place adequate and appropriate security measures. 

In some circumstances, ExxonMobil will disclose personal data to third parties, including competent authorities, legal advisors, Exxon, Mobil, or Esso-branded fuel station operators, payment and loyalty card issuers, and other contracted parties. These third parties process the personal data on their own behalf, for instance: if required by law, in order to defend ExxonMobil’s rights, or to handle individuals’ complaints and requests. We may also share your information in connection with a transfer of assets, or if we are otherwise involved in a merger or transfer. Only when permitted by applicable law and with your consent as required, will we distribute personal data to third parties, such as ExxonMobil distributors, for the purpose of allowing them to market their products and services to you. 

Additionally, we permit third parties to collect information through our Sites (for example via third party cookies) in order to show advertisements for our products and services when the user visits other websites. Where required by law, we will seek your prior consent before such information is collected via our Sites. The third parties may also use the information for interest-based advertisement of other products and services. The advertisements are based on the users’ online activities over time and across different sites, services, and devices (“interest-based advertising”). Our cookie statements provide information about which third parties collect information via the Site for interest-based advertisement purposes. We recommend that you review the privacy policy of those third parties.

Furthermore, we use third party screening tools to perform due diligence and other screening activities in accordance with our legal or regulatory obligations, and in particular Thomson Reuters World Check and Thomson Reuters Enhanced Due Diligence tools (EDD), where permitted by law, to do integrity and advanced background checks that provide us with information that help us to identify and protect against any regulatory, and/or reputational risk.

For more detailed information about Thomson Reuters privacy practices with respect to gathering and handling of personal data within World-Check and EDD, please see the World-Check Privacy Statement and Thomson Reuters Privacy Statement. These statements reflect the privacy policy and practices of a third party Thomson Reuters acting as an independent data controller. We recommend that you review the privacy policy of such operator and contact the operator if you have concerns or questions.

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

7.1 Transfers between affiliates

The relevant ExxonMobil affiliate who is the Data Controller may make personal data available to other ExxonMobil affiliates and may transfer some or all of the personal data to ExxonMobil servers located worldwide in accordance with applicable law. 

The transfer of personal data from the EEA, UK and Switzerland to recipients located outside such territories is subject to restrictions. ExxonMobil has taken steps so that personal data receives an adequate level of data protection at all ExxonMobil locations. These steps include ExxonMobil affiliates entering into Inter Affiliate Agreements containing the EU “Standard Contractual Clauses”. 
The EU Standard Contractual Clauses have been approved by the European Commission and relevant European authorities as offering adequate protection for transfers of personal data outside the EEA, UK and Switzerland.

7.2 Transfers to third parties

When transferring personal data to third parties, ExxonMobil puts in place safeguards to ensure that the third party adequately protects the personal data. With respect to the transfer of personal data from the EEA, UK and Switzerland to outside such territories, ExxonMobil relies on (1.) EU “Standard Contractual Clauses”, (2.) contractual safeguards imposed on the third party which is contracted by ExxonMobil affiliates outside of EEA, UK or Switzerland (so-called onward transfers), (3.) Privacy Shield certification of the third party (established in the US), and (4.) protections available under local law for the third party established in a country deemed adequate by the EU Commission. Where permitted, and as applicable, we will rely on the individual’s consent.

For more information about specific transfer mechanisms, including information on existing safeguards implemented by ExxonMobil, please contact data.privacy.office@exxonmobil.com.

8. ACCURACY OF PERSONAL DATA

ExxonMobil endeavors to keep personal data that it collects accurate and complete. ExxonMobil relies on the individuals to maintain the accuracy and completeness of the personal data. Please inform ExxonMobil if your personal details change, including the context in which the personal data was provided, e.g. in connection with a specific product or service. 

9. INDIVIDUAL'S RIGHTS

Applicable law may give you certain rights with respect to your personal data. 

For example, in California, amongst other rights, consumers may have the right to delete their data, to access personal data held by ExxonMobil, and to exercise these rights freely from discrimination.

In order to submit a verifiable consumer request to exercise your right to know about, or delete, your personal information, please visit ExxonMobil’s privacy program landing page where you may submit your request via email, web form or via phone.

Under data privacy laws in the EEA, UK and Switzerland, applicable law gives consumers the right to: access their personal data; have inaccurate or incomplete personal data rectified; restrict the Processing of their personal data, under certain circumstances; object to the Processing operations, having regard to the given circumstances and for reasons related to their particular situation; or have personal data erased when such data is no longer necessary for the purposes for which it has been collected, in accordance with applicable law. 

In some circumstances, you also have a right to request a portable extract of your personal data, which will allow you to reuse your personal data for your own purposes. 

You also have a right to lodge a complaint to the data protection supervisory authority in your country.

For more information about the specific mechanism available to exercise these rights, please contact the data.privacy.office@exxonmobil.com

To facilitate our efforts to address your request, please let us know the circumstances in which you initially provided ExxonMobil with your personal data, e.g. in connection with a specific product or service.

Do-Not-Track Signals and Similar Mechanisms. Some mobile web browsers transmit "do-not-track" signals. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

10. AUTOMATED DECISION-MAKING

ExxonMobil does not use automated decision-making unless it is (i.) necessary for entering into, or performance of, a contract between the Individual and ExxonMobil and its affiliates, (ii.) permitted or required by law, or (iii.) based on the Individual’s explicit consent. 

Automated decision-making refers to decisions that produce legal effects concerning an Individual or significantly affect the Individual and which are based solely on automated Processing (i.e. no human intervention) of personal data. ExxonMobil shall implement suitable measures to safeguard the Individual’s rights and freedoms and legitimate interests when automated decision-making is used.

11. RECORDS RETENTION

ExxonMobil retains personal data as long as necessary to meet the purposes for which the data was collected, to exercise its legal rights and to ensure compliance with applicable law.  ExxonMobil applies the following criteria in order to determine when to retain or delete the personal data:

  • Contact details shared during the bid screening/evaluation processes are retained for the subsequent award/rejection notification.
  • For awarded contracts, contact details and other personal information will be used throughout the contract lifecycle to interact with the supplier and manage the terms and obligations of the contract.

12. QUESTIONS AND COMPLAINTS

ExxonMobil is committed to protecting your personal data as described in this Privacy Statement and as required by applicable laws. If you have any questions about this notice or our handling of your personal data, or if you would like additional information, please contact:

13. DEFINED TERMS

The term “Data Controller” means the natural or legal person (in the case of ExxonMobil, the relevant ExxonMobil affiliate) which determines the purposes and means of the Processing of personal data.

“ExxonMobil” and/or “ExxonMobil affiliates” mean (a) Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, (b) any company or partnership in which Exxon Mobil Corporation or any parent of Exxon Mobil Corporation now or hereafter, directly or indirectly (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Exxon Mobil Corporations, any parent of Exxon Mobil Corporation or an Affiliated Company has day to day operational control.

By “Processed” or “Processing” we mean any operation(s) which is performed on personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

14. CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to change this Privacy Statement at any time without notice. When we make material changes to this Privacy Statement, we will post the changes on this page and update the revision date at the top of the Privacy Statement. We encourage you to review our Privacy Statement regularly for updates.