Privacy Statement
This General Privacy Statement is effective from June 1, 2023.
The Protection of your Personal Data is important to us.
ExxonMobil appreciates your interest in this web site and other related or linked ExxonMobil sites (collectively, “Site”). Your privacy is important and we want you to understand our practices with respect to gathering and handling of Personal Data.
This Privacy Statement may be further complemented by other data privacy notices provided by ExxonMobil for specific uses of certain Personal Data in specific features of the Site. As an example, when certain features of the Site request additional information from you, we may provide an additional notice to inform you about the way in which we process such additional information.
This Privacy Statement, describes the Processing of Personal Data pertaining to visitors to the Site, by ExxonMobil affiliates (collectively, “ExxonMobil”) established in the member states of the European Economic Area (EEA) or in Switzerland.
In this Privacy Statement, we use certain defined terms. In order to understand the meaning of the defined terms, we refer you to Section 14, Defined.
1. IDENTITY OF THE EXXONMOBIL AFFILIATE COLLECTING THE PERSONAL DATA AS DATA CONTROLLER
The Data Controller(s) in respect of Personal Data collected via the Site is:
Esso Italiana S.r.l. having its headquarters at Via del Serafico, 89-91 - 00142 Rome;
Capital Euro 134.464.202 int. vers .; C. F. and Register Reg. Enterprise of Rome N. 00473410587; VAT number: IT 00902231000
Sole Shareholder - Company subject to the Management and Coordination Activities of ExxonMobil Petroleum & Chemical BVBA; Telephone: 06602921
Data Privacy Officer Italy
EUUKDataProtectionOfficer@exxonmobil.com
The ExxonMobil affiliate(s) identified above as the Data Controller of the Personal Data, may transfer all or some of the Personal Data received through the Site, to ExxonMobil affiliates worldwide which are located outside the EEA and Switzerland, in third countries that may not be regarded as providing an adequate level of protection to the Personal Data. The transfers take place in accordance with Section 6 below.
2. INDIVIDUALS TO WHOM THIS PRIVACY STATEMENT IS ADDRESSED
This Privacy Statement is addressed to the visitors of this website whose Personal Data is collected by the Data Controller(s) listed in Section 1 above.
This Privacy Statement provides information about ExxonMobil’s data privacy practices generally and accordingly is of interest to the general public, our business partners and other external stakeholders, in the EEA or in Switzerland. As stated in Section 1, this Privacy Statement may be further complemented by other specific data privacy notices issued by ExxonMobil for specific uses of Personal Data.
Information from Children
The Site contains information that may be of special interest to children, but ExxonMobil does not seek through the Site to gather Personal Data from or about persons under the age of 17.
3. EXXONMOBIL’S COMPLIANCE WITH DATA PROTECTION LAWS
ExxonMobil is committed to collecting and using Personal Data in a lawful manner.
ExxonMobil will ensure that, when it Processes personal data, the Processing is allowed under applicable data protection law. In EEA and Switzerland, this means amongst others that ExxonMobil shall assess whether and which justification (legal basis) it has for the Processing of Personal Data, as stipulated in the EU General Data Protection Regulation and applicable law. Depending on the situation, ExxonMobil can justify the Processing of Personal Data on various legal bases, which include:
- ExxonMobil’s legitimate business interest to Processing the Personal Data, unless such interests are overridden by the interests or fundamental rights and freedoms of the Individual, and/or
- The Processing is necessary for the performance of a contract to which the Individual is a party, and/or
- The Processing is necessary for compliance with a legal obligation to which ExxonMobil is subject, and/or
- The Processing is necessary in order to protect the vital interests of the Individual, and/or
- The Individual has given consent to the Processing of his or her Personal Data for one or more specific purposes. When ExxonMobil obtains consent from the Individual to the processing of Personal Data, the consent can be withdrawn at any time for the future.
For more information on the particular data processing activities, the purposes sought and a description of the specific categories of Personal data concerned, please make sure to review the table in Section 4.
ExxonMobil offers the opportunity for the Individuals to object to the Processing of his/her Personal data and will consider such objections carefully where required by law. For more information about your rights in respect of how ExxonMobil processes your Personal Data, please refer to Section 9 and/or contact the ExxonMobil Data Privacy Office via data.privacy.office@exxonmobil.com.
4. CATEGORIES OF PERSONAL DATA AND PURPOSES FOR DATA COLLECTION
4.1 Personal Data collected from visitors to the Site
In this table we describe the categories of information that we gather from visitors to the Site, the purpose for which we use the information and the legal basis which justifies each processing operation.
We also track other information about your visit which we use for statistical purposes that help us design and administer the site. Furthermore, if during your visit you personalize the Site, complete an order form, enter a contest, provide survey feedback or submit other information to us, you will, as a result, provide us with Personal Data.
Purpose of Processing |
Legal basis of Processing |
Categories of Personal Data |
How long we keep your Personal Data |
To enable the Site to communicate with the visitor’s computer or mobile device during Site visits. |
ExxonMobil’s legitimate business interests to improve the relevancy of content provided through the Site, and to ensure the quality of our services during Site visits. |
IP address (the Internet address assigned to your computer from your Internet Service Provider), device type, domain type, browser type (e.g., Firefox, Chrome or Internet Explorer), and date and time of day. |
See Section 12. Record Retention |
To improve and customize your experience on our Site. |
ExxonMobil’s legitimate business interests to improve the relevancy of content provided through the Site, and to ensure the quality of our services during Site visits. |
Number of visits to the site; which parts of the Site visitors select, analytics to measure and observe user behavior, and device screen size. Contact details (names, addresses, e-mail addresses, and telephone numbers), personalization of the Site, completed order form, contest entry, survey feedback and other information you may provide us. |
See the cookie statement on the relevant website. |
To provide the products and services you request and to bill you for products and services you request. |
ExxonMobil Processes the Personal Data in order to conclude, execute, perform and administer the relevant agreement or order with you. |
Contact details (names, addresses, e-mail addresses, and telephone numbers), personalization of the Site, completed order form, contest entry, survey feedback and other information you may provide us. |
See Section 12. Record Retention |
To administer requests and feedback submitted through the Site. |
By choosing to provide information to ExxonMobil, you accept that ExxonMobil Processes the Personal data you provided, in accordance with this Privacy Statement and with any relevant notices covering the specific use of the Personal Data. We may transmit your Personal data to third parties if that is necessary for handling the request, in accordance with Section 5. |
Contact details, content of your request/ feedback and other Personal data you may provide. |
See Section 12. Record Retention |
To provide you the route to service stations. |
By registering for routing services through the Site, you agree that we provide relevant route information and Process your Personal Data for this purpose. If you do not wish us to use the geolocation information for this purposes, you can decline our request to read the geolocation; in that case, some of the services of our Site may not be delivered. By allowing us to use geolocation information, you agree that we provide the information to third parties who assist us in the provision of the services to you through the Site. |
Geolocation of your computer or mobile device. |
See Section 12. Record Retention |
To improve our marketing and promotional efforts, to tell you about ExxonMobil, and about our products and services which we think may be of interest to you, including for instance products and services suggested on the basis of weather information associated with the geolocation of your computer or mobile device. |
ExxonMobil’s legitimate business interest to market and promote and improve its products, services, content and advertising. |
Contact details; geolocation of your computer or mobile device. |
See Section 12. Record Retention |
For analytics and statistical purposes to help us design and administer the Site and to improve our products and services offering. |
ExxonMobil’s legitimate business interests to improve the relevancy of content provided through the Site, to ensure the quality of our services during Site visits, and to promote and improve its products and services offering. |
Number of visits to the site; which parts of the Site visitors select, and device screen size. |
See the cookie statement on the relevant website. |
When ExxonMobil relies on its legitimate interest as a legal basis to Process the Personal Data, ExxonMobil will ensure that its legitimate business interests to pursue the purposes stated in the table above (generally its interest to promote the ExxonMobil products and services), do not disproportionately and adversely impact the visitor’s rights and freedoms.
When ExxonMobil relies on the Individual’s consent as a legal basis to Process the Personal Data, visitors can withdraw their consent at any time, for the future. Visitors who wish to withdraw their consent, should notify us at data.privacy.office@exxonmobil.com and we will take steps to stop the Processing of your Personal Data as soon as reasonably possible.
We use cookies and other files which we store on your computer or mobile device when you visit the Site, in order to collect one or more of the categories of information listed in the table above. The cookies and files stored on your computer or mobile device facilitates customizing your use of the Site and helps to avoid the need for you to re-enter your details every time you visit it. You can erase or block this information from your computer if you want to. For more information about the cookies and files we place on your computer or mobile device, and how to erase or block them, see the Cookie Statement on the relevant website.
Note that some of the services may not be available if you fail to provide the Personal Data necessary to deliver them.
4.2 Personal data collected from visitors to third party sites.
We use third-party advertising technology to provide ads when you visit sites upon which we advertise. When you access an ad, a "cookie" file will be stored on your computer. This information is used to help manage our on-line advertising. To learn more about the third-party ad-serving technology, cookies, and how to "opt-out" please click here (note: you will be taken to a third-party website).
Furthermore, this Site has links to sites that ExxonMobil does not own, control or maintain. We cannot be responsible for their privacy policies and practices and we make no representations or warranties about the privacy practices of those sites. Similarly, we cannot be responsible for the policies and practices of any site from which you linked to our Site. We recommend that you review the privacy policy of other sites carefully and contact the operator if you have concerns or questions.
5. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We employ other companies and persons to perform functions on our behalf. They have access to Personal Data needed to perform their functions, but may not use it for other purposes. Communicating via the Internet and sending information, products, and services to you by other means necessarily involves your Personal Data passing through or being handled by third-parties.
For the purpose of the administration of the Site and the Personal Data collected through the Site, ExxonMobil shares your Personal Data with other companies and individuals to perform functions on our behalf, including fulfilling orders, deliveries, sending postal mail, and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, processing card payments and providing customers service. They have access to your Personal Data needed to perform their functions, but may not use it for other purposes.
Before any Personal Data is shared with service providers, we enter into a written agreement which requires them: (1) not to make any unauthorized further disclosures of the Personal Data; (2) to use the Personal Data only for the specified purposes and only according to the instructions received from ExxonMobil; (3) to retain the Personal Data only as long as necessary to carry out these purposes or to protect company interests (e.g. until the end of statute of limitations periods); and (4) to have in place adequate and appropriate security measures.
In some circumstances, ExxonMobil will have to disclose Personal Data to other third parties, including competent authorities, legal advisors, operators and suppliers of Esso branded fuel stations, issuers of payment and loyalty cards accepted at Esso branded fuel stations, and other business partners who process the Personal Data on their own behalf, for instance if such transfer is required by law or legal process, in order to defend ExxonMobil’s rights or to adequately handle individuals’ complaints and requests.
If Personal Data is shared with a third party or an ExxonMobil affiliate outside the EEA, the conditions regarding data transfers, see Section 6 below, apply in addition to the requirements of this section.
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA
6.1 Transfers between affiliates
The relevant ExxonMobil affiliate who is the Data Controller may transfer some or all of the Personal Data to servers of ExxonMobil located worldwide and will make that Personal Data accessible to other ExxonMobil affiliates, some of which are located in third countries that may not be regarded as providing an adequate level of protection of the Personal Data, in accordance with applicable law.
The transfer of Personal Data from the EEA to recipients located outside the EEA is subject to restrictions. ExxonMobil has taken steps so that Personal Data receives an adequate level of data protection at all ExxonMobil locations. These steps include ExxonMobil affiliates entering into Binding Corporate Rules (“BCR”) which were approved in accordance with the EU General Data Protection Regulation (please visit the link here to read our BCR.
The EU Standard Contractual Clauses have been approved by the European Commission and relevant European authorities as offering adequate protection for transfers of Personal Data outside the EEA.
6.2 Transfers to third parties
When transferring Personal Data to third parties, ExxonMobil puts in place safeguards to ensure that the third party adequately protects the Personal Data. These safeguards may include, as appropriate: (1.) the EU “Standard Contractual Clauses”, (2.) contractual safeguards imposed on the third party which is contracted by ExxonMobil affiliates outside of EEA or Switzerland (so-called onward transfers by the ExxonMobil affiliates outside of EEA or Switzerland), (3.) Privacy Shield certification of the third party (established in the US), and (4.) protections available under local law for the third party established in a country deemed adequate by the EU Commission.
For more information about specific transfer mechanisms used for transfers between affiliates and transfers to third parties, including information on and a copy of any of the existing safeguards implemented by ExxonMobil in order to ensure that Personal Data is Processed within an adequate framework across all ExxonMobil locations, please contact data.privacy.office@exxonmobil.com.
7. ACCURACY OF PERSONAL DATA
ExxonMobil endeavors to keep Personal Data that it collects as accurate, complete and current taking into account the purposes for which it was collected and is being used. ExxonMobil relies on Data Subjects to maintain the accuracy and completeness of the Personal Data and so you should inform ExxonMobil if your personal details change, including the context in which the Personal Data was provided, e.g. in connection with promotion of a specific product or service.
8. SECURITY AND CONFIDENTIALITY
ExxonMobil maintains appropriate administrative, technical and physical safeguards designed to protect Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, use, and all other unlawful forms of Processing of Personal Data in our possession.
9. RIGHTS TO ACCESS, RECTIFICATION AND ERASURE OF PERSONAL DATA, TO DATA PORTABILITY, TO THE RESTRICTION OF AND OBJECTION TO THE PROCESSING OF PERSONAL DATA
Applicable law may give you the right to know how ExxonMobil Processes your Personal Data, and to access your Personal Data held by ExxonMobil. Such rights exist under data privacy laws in EEA. Furthermore in EEA, you also have the right to: have inaccurate or incomplete Personal Data rectified; to restrict the Processing of your Personal Data, under certain circumstances; to object to the Processing operations, having regard to the given circumstances and for reasons related to their particular situation; or to have Personal Data erased when such data is no longer necessary for the purposes for which it has been collected, in accordance with applicable law.
In some circumstances, you also have a right to request the portability of your Personal Data, which will allow you to obtain and reuse your Personal Data for your own purposes across different services without hindrance to usability.
For more information about the specific mechanism available in order to exercise the aforementioned rights, please contact the data.privacy.office@exxonmobil.com.
To facilitate our efforts to meet your request, it would be helpful if you could let us know the context in which you initially provided ExxonMobil with your Personal Data, e.g. in connection with promotion of a specific product or service.
10. PROCESSING OF SENSITIVE PERSONAL DATA
Certain categories of Personal Data are considered sensitive under data privacy laws and, as such, are subject to a higher level of protection and security. Data privacy law considers as sensitive the following categories of Personal Data: (1) race or ethnic origin; (2) political opinions; (3) religious and philosophical beliefs; (4) trade union membership; (5) sex life or sexual orientation; (6) physical or mental health or conditions; and (7) genetic data and biometric data for the purpose of uniquely defining a natural person.
We kindly ask you to refrain from providing ExxonMobil with any sensitive information of the abovementioned nature, under any circumstance. However, if you do provide such information, ExxonMobil accepts your explicit consent to use that data in accordance with this Privacy Statement or in the ways described at the point where such information is disclosed.
11. AUTOMATED DECISION-MAKING
ExxonMobil does not use automated decision-making unless this is (i.) necessary for entering into, or performance of, a contract between the Individual and ExxonMobil and its affiliates, (ii.) permitted or required by law, or (iii.) based on the Individual’s explicit consent.
Automated decision-making means a decision that produces legal effects concerning an Individual or significantly affects the Individual and which is based solely on automated Processing (i.e. no human intervention in the process of decision-making) of Personal Data intended to evaluate certain personal aspects relating to the Individual. Moreover, ExxonMobil shall implement suitable measures to safeguard the Individual’s rights and freedoms and legitimate interests.
12. RECORDS RETENTION
ExxonMobil retains Personal Data as long as necessary to meet the purposes for which the data was collected, or in order to ensure compliance with applicable law or to protect legitimate company interests (e.g. statute of limitations periods).
13. QUESTIONS AND COMPLAINTS
ExxonMobil is committed to protecting your Personal Data as described in this Privacy Statement and as required by applicable national laws. If you have any questions about this notice or about ExxonMobil’s handling of your Personal Data, or if you would like to request additional information on the Personal Data ExxonMobil holds about you or learn about and exercise your rights with respect to your Personal Data, you can contact:
- Data Privacy Office
c/o ExxonMobil Business Support Center Hungary Ltd.
Váci út 81-85
Budapest
H-1139
Hungary - Data.privacy.office@exxonmobil.com
- The Data Protection Officer in countries identified in Section 1
You also have a right to lodge a complaint to the data protection supervisory authority in your country.
14. DEFINED TERMS
The term “Data Controller” means the natural or legal person (in the case of ExxonMobil, the relevant ExxonMobil affiliate) which determines the purposes and means of the Processing of Personal Data.
“ExxonMobil” and/or “ExxonMobil affiliates” mean (a) Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, (b) any company or partnership in which Exxon Mobil Corporation or any parent of Exxon Mobil Corporation now or hereafter, directly or indirectly (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Exxon Mobil Corporations, any parent of Exxon Mobil Corporation or an Affiliated Company has day to day operational control.
By “Processed” or “Processing” we mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The term “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject” or “Individual”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
15. CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to change this Privacy Statement at any time without notice. When we make material changes to this Privacy Statement, we will post the changes on this page and update the revision date at the top of the Privacy Statement. We encourage you to review our Privacy Statement regularly for updates.