Privacy Statement

Article Jan. 14, 2019

Privacy Statement

This General Privacy Statement is effective from from January 14, 2019.

The Protection of your Personal Data is important to us.

This Privacy Statement describes the processing by ExxonMobil of Personal Data received from prospective and existing suppliers (suppliers) in the context of ExxonMobil’s procurement activities. The procurement activities include the handling and evaluation of bids and quotations, agreement administration and supplier management.

ExxonMobil collects information through the SMART by GEP site, which serves as the global Procurement Platform for ExxonMobil Procurement activities, and through other forms, systems, sites and applications which refer to this Privacy Statement (collectively, “Site”).

Your privacy is important and we want you to understand our practices with respect to gathering and handling of Personal Data.

This Privacy Statement may be further complemented by other data privacy notices provided by ExxonMobil for specific uses of certain Personal Data in specific features of the Site. As an example, when certain features of the Site request additional information from you, we may provide an additional notice to inform you about the way in which we process such additional information.

To the extent the Personal Data provided through this Site is handled by an ExxonMobil affiliate established in the EEA, UK or Switzerland, we refer you to the EU Privacy Statement.

1. PERSONAL INFORMATION AND PURPOSES

In this table we describe the categories of information that we gather in the context of the procurement activities and the purpose for which we use the information.

Purpose of Processing Categories of Personal Data How long we keep your Personal Data
For bids submitted electronically, to identify you as an authorized user and grant you access to the procurement Platform in order to permit electronic bidding. Access permissions, supplier’s banking details, logon/system ID, user name (first and last name), system activity log, supplier’s contact details (including business contact details of its staff involved in the procurement process). 10 years
Bid evaluation, administration of the agreement, document repository and supplier management. All Personal Data related to individuals involved in the performance of the contract and/or in the procurement procedures either as supplier or subcontractor.
The information includes: image, name and surname, address, telephone, e-mail address, signature, academic and professional training, qualifications and accreditations, work experience, education and membership of professional bodies, as incorporated in CVs, copy of various documents submitted as supporting documents, or in forms pre-established by ExxonMobil. Vendor classification status, vendor performance scorecards and vendor bidding evaluations.
10 years
Due diligence of suppliers and third parties. Name and business contact details, positions held, principal lines of business and length of time in each line of business, locations of business activities, citizenship, country of residence, shareholdership and ownership interests, relationships with government officials and public international organizations, position as a government official, details regarding whether the individual is subject to trade sanctions regulations, details regarding certain investigations or offenses if permitted under applicable law, and other information on the basis of (i.) publicly available sources, and/or (ii.) information provided by the supplier for instance via the ExxonMobil Prospective Business Associate Questionnaire (PBAQ) and/or (iii.) information obtained through Thomson Reuters WorldCheck or other tools or service providers. 10 years
For statistical purposes to help us design and administer the Site and to improve our procurement process. Number of visits to the site; which parts of the Site visitors select and any other personal data referred to in this notice, provided the information is appropriately pseudonimyzed or anonymized, as required under applicable law. 10 years

For bids submitted via SMART or via other online sites, systems and applications, we use cookies and other files which we store on your computer or mobile device when you visit the Site, in order to collect one or more of the categories of information listed in the table above. The cookies and files stored on your computer or mobile device facilitates customizing your use of the Site and helps to avoid the need for you to re-enter your details every time you visit it. You can erase or block this information from your computer if you want to.  For more information about the cookies and files we place on your computer or mobile device, and how to erase or block them, see the Cookie Statement of the Site. 

Note that some of the services or procurement activities may not be available if you fail to provide the Personal Data necessary to deliver them.

2. DISCLOSURES

We employ other companies and persons to perform functions on our behalf. They have access to Personal Data needed to perform their functions, but may not use it for other purposes. Communicating via the Internet and sending information, products, and services to you by other means necessarily involves your Personal Data passing through or being handled by third-parties.
For the purpose of the administration of the Site and the Personal Data collected through the Site, your Personal Data may be processed by IT service providers (e.g. GEP), which host and support the Site on behalf of ExxonMobil.

Before any Personal Data is shared with service providers, we enter into a written agreement which requires them: (1) not to make any unauthorized further disclosures of the Personal Data; (2) to use the Personal Data only for the specified purposes and only according to the instructions received from ExxonMobil; (3) to retain the Personal Data only as long as necessary to carry out these purposes or to protect company interests (e.g. until the end of statute of limitations periods); and (4) to have in place adequate and appropriate security measures.

In some circumstances, ExxonMobil will have to disclose Personal Data to other third parties, including competent authorities, legal advisors and other business partners who process the Personal Data on their own behalf, for instance if such transfer is required by law or legal process, in order to defend ExxonMobil’s rights or to adequately handle individuals’ complaints and requests. Furthermore, we use third party screening tools to perform due diligence and other screening activities in accordance with our legal or regulatory obligations and risk management procedures, in particular Thomson Reuters World-Check and Thomson Reuters Enhanced Due Diligence tools, where permitted by law, to do integrity and advanced background checks that provide us with information that help us to identify and protect against any regulatory, and/or reputational risk.

For more detailed information about Thomson Reuters privacy practices with respect to gathering and handling of Personal Data within World-Check and EDD, please see the World-Check Privacy Statement and Thomson Reuters Privacy Statement. These statements reflect the privacy policy and practices of a third party Thomson Reuters acting as an independent data controller of Personal Data. We recommend that you review the privacy policy of such operator and contact the operator if you have concerns or questions.

The relevant ExxonMobil affiliates may transfer some or all of the Personal Data to servers of ExxonMobil located worldwide and will make that Personal Data accessible in accordance with applicable law to other ExxonMobil affiliates, some of which are located in third countries that may not be regarded as providing an adequate level of protection of the Personal Data. 

3. YOUR CHOICES

By submitting your information to ExxonMobil and/or participating in the ExxonMobil procurement activities, you accept that ExxonMobil processes the Personal Data in accordance with the Privacy Statement, including that the collection, storing or other processing may be conducted by a third party or may occur in a country that may not have been deemed by your country to provide adequate data privacy protection.

4. YOUR RIGHTS

When living in a country with comprehensive data privacy laws, certain rights in relation to the information collected may apply, including:

  • the right to know and see what personal information is processed;
  • the right to have inaccurate personal information corrected or deleted;
  • the right to withdraw consent to the processing of the personal information.

For more information about the specific mechanism available in order to exercise the aforementioned rights, please contact the data.privacy.office@exxonmobil.com

To facilitate our efforts to meet your request, it would be helpful if you could let us know the context in which you initially provided ExxonMobil with your Personal Data.

5. RECORDS RETENTION

ExxonMobil retains Personal Data to meet the purposes for which the data was collected or in order to ensure compliance with applicable law or to protect legitimate company interests (e.g. statute of limitations periods).  ExxonMobil will keep the Personal data for the period state in Section 1.

6. REFERENCES

ExxonMobil is committed to protecting your Personal Data as described in this Privacy Statement and as required by applicable national laws. If you have any questions about this notice or about ExxonMobil’s handling of your Personal Data, or if you would like to request additional information on the Personal Data ExxonMobil holds about you or learn about and exercise your rights with respect to your Personal Data, you can contact: