This General Privacy Statement is effective from June 21, 2018.
The Protection of your Personal Data is important to us.
ExxonMobil appreciates your interest in this DBoxx Website, where distributors and creative agencies can access our branding guidelines and repository of marketing collateral (brochures, Technical topics, Proof of Performance leaflets, website banners, logo, etc.) and pack shots (pictures of our oil bottles) (“Site”).Your privacy is important and we want you to understand our practices with respect to our handling of Personal Data.
This Privacy Statement may be further complemented by other data privacy notices provided by ExxonMobil for specific uses of certain Personal Data in specific features of the Site. As an example, when certain features of the Site request additional information from you, we may provide an additional notice to inform you about the way in which we process such additional information.
This Privacy Statement, describes the Processing of Personal Data pertaining to visitors to the Site, by ExxonMobil affiliates (collectively, “ExxonMobil”) established in the member states of the European Economic Area (EEA) or in Switzerland.
In this Privacy Statement, we use certain defined terms. In order to understand the meaning of the defined terms, we refer you to Section 14, Defined Terms.
The Data Controller(s) in respect of Personal Data collected via the Site is the ExxonMobil affiliate in EEA with whom you have, or seek to have (for prospective business associates) a contractual relationship. For more information contact the ExxonMobil Data Privacy Office via data.privacy.office@exxonmobil.com.
The ExxonMobil affiliate(s) acting as the Data Controller of the Personal Data, may transfer all or some of the Personal Data received through the Site, to ExxonMobil affiliates worldwide which are located outside the EEA and Switzerland, in third countries that may not be regarded as providing an adequate level of protection to the Personal Data. The transfers take place in accordance with Section 6 below.
This Privacy Statement is addressed to the users of the Site whose Personal Data is collected by the Data Controller(s).
Information from Children
The Site contains information that may be of special interest to children, but ExxonMobil does not seek through the Site to gather Personal Data from or about persons under the age of 17.
ExxonMobil is committed to collecting and using Personal Data in a lawful manner.
ExxonMobil will ensure that, when it Processes Personal data, the Processing is allowed under applicable data protection law. In EEA and Switzerland, this means amongst others that ExxonMobil shall assess whether and which justification (legal basis) it has for the Processing of Personal Data, as stipulated in the EU General Data Protection Regulation and applicable law. Depending on the situation, ExxonMobil can justify the Processing of Personal Data on various legal bases, which include:
For more information on the particular data processing activities, the purposes sought and a description of the specific categories of Personal data concerned, please make sure to review the table in Section 4.
ExxonMobil offers the opportunity for the Individuals to object to the Processing of his/her Personal data and will consider such objections carefully where required by law. For more information about your rights in respect of how ExxonMobil processes your Personal Data, please refer to Section 9 and/or contact the ExxonMobil Data Privacy Office via data.privacy.office@exxonmobil.com.
4.1 Personal Data collected from visitors of the Site
When someone visits the Site, our web servers automatically gather information that allows the Site to communicate with the visitor's computer or mobile device during the visit. We also track other information about your visit which we use for statistical purposes that help us design and administer the Site. Furthermore, if during your visit you personalize the Site, complete a survey, enter a contest or submit other information to us, you will, as a result, provide us with Personal Data.
In this table we describe the categories of information that we gather from users of the Site, the purpose for which we use the information and the legal basis which justifies each processing operation.
|
Purpose of Processing of Personal Data |
Legal basis of Processing |
Categories of Personal Data |
How long we keep your Personal Data |
|
Distributor and Marketing Management To provide distributors and creative agencies our branding guidelines and access to our repository of marketing collateral (brochures, Technical topics, Proof of Performance leaflets, website banners, logo, etc.) and pack shots (pictures of our oil bottles) and for the purposes of invoicing. |
ExxonMobil’s legitimate business interest to improve our marketing and promotional efforts, enable the delivery of services provided on DBoxx, and of any changes in the provision thereof.
|
Personal data including, but not limited to, contact details (name, telephone, address, email address, distributor’s company name, job title and country), and password. |
See Section 12. |
|
Access Management To identify you as an authorized user for the purposes of distributor account and Site information management.
|
ExxonMobil’s legitimate interest to validate your identity and access permissions to ensure only approved users have access to the Site. ExxonMobil’s legitimate interest in relation to distributor account and Site information management. |
Personal data including, but not limited to, access permissions, authentication information, business contact details, device ID, name, country, and job title. |
See Section 12. |
|
Communication To enable the Site to communicate with the visitor’s computer or mobile device during Site visits. |
ExxonMobil’s legitimate business interests to improve the relevancy of content provided through the Site, ensure the quality of our services during Site visits, keep you informed of new products and services provided on DBoxx and send you information corresponding with your queries. Your use of the ExxonMobil App constitutes your consent to allow ExxonMobil to record and use your Device Information. |
Personal data including, but not limited to, your geographic location and exact positioning, your MAC address, the operating system of your device, IP address (the Internet address assigned to your computer from your Internet Service Provider), your device’s unique ID, the IP address of your device, session start and stop times, your time zone your network status your International Mobile Equipment Identity, information about the way you use the ExxonMobil App, domain type, browser type (e.g., Firefox, Chrome or Internet Explorer), device type, device screen size, date and time of day, and any other information tied directly or indirectly to your device (“Device Information”). |
See Section 12. |
|
Product Improvement For analytical and statistical purposes to help us design and administer the Site and improve our products and services offering. |
ExxonMobil’s legitimate business interests to improve the relevancy of content provided through the Site, to ensure the quality of our services during Site visits, and to promote and improve its products and services offering and marketing collateral. |
Any of the personal data referred to in this notice, including, but not limited to, number of times a marketing collateral was viewed, number of times collateral was used to close a sale, which parts of the App are used, how long each document was viewed, date, time, etc. provided the information is appropriately pseudonomized or anonymized, as required under applicable law. |
See the cookie statement on the relevant website.
|
When ExxonMobil relies on its legitimate interest as a legal basis to Process the Personal Data, ExxonMobil will ensure that its legitimate business interests to pursue the purposes stated in the table above (generally its interest to promote the ExxonMobil products and services), do not disproportionately and adversely impact the visitor’s rights and freedoms.
When ExxonMobil relies on the Individual’s consent as a legal basis to Process the Personal Data, visitors can withdraw their consent at any time, for the future. Visitors who wish to withdraw their consent, should notify us at data.privacy.office@exxonmobil.com and we will take steps to stop the Processing of your Personal Data as soon as reasonably possible.
We use cookies and other files which we store on your computer or mobile device when you visit the Site, in order to collect one or more of the categories of information listed in the table above. The cookies and files stored on your computer or mobile device facilitates customizing your use of the Site and helps to avoid the need for you to re-enter your details every time you visit it. You can erase or block this information from your computer. For more information about the cookies and files we place on your computer or mobile device, and how to erase or block them, see the Cookie Statement on the relevant website.
Note that some of the services may not be available if you fail to provide the Personal Data necessary to deliver them.
4.2 Personal data collected from visitors to third party sites.
We use third-party advertising technology to provide ads when you visit sites upon which we advertise. When you access an ad, a "cookie" file will be stored on your computer. This information is used to help manage our on-line advertising. To learn more about the third-party ad-serving technology, cookies, and how to "opt-out" please click here (note: you will be taken to a third-party website).
Furthermore, this Site has links to sites that ExxonMobil does not own, control or maintain. We cannot be responsible for their privacy policies and practices and we make no representations or warranties about the privacy practices of those sites. Similarly, we cannot be responsible for the policies and practices of any site from which you linked to our Site. We recommend that you review the privacy policy of other sites carefully and contact the operator if you have concerns or questions.
We employ other companies and persons to perform functions on our behalf. They have access to Personal Data needed to perform their functions, but may not use it for other purposes. Communicating via the Internet and sending information, products, and services to you by other means necessarily involves your Personal Data passing through or being handled by third-parties.
For the purpose of the administration of the Site and the Personal Data collected through the Site, ExxonMobil shares your Personal Data with service providers to fulfill orders, deliveries, send postal mail and e-mail, remove repetitive information from customer lists, analyze data, provide marketing assistance, process credit card payments and provide customer service.
Before any Personal Data is shared with service providers, we enter into a written agreement which requires them: (1) not to make any unauthorized further disclosures of the Personal Data; (2) to use the Personal Data only for the specified purposes and only according to the instructions received from ExxonMobil; (3) to retain the Personal Data only as long as necessary to carry out these purposes or to protect company interests (e.g. until the end of statute of limitations periods); and (4) to have in place adequate and appropriate security measures.
In some circumstances, for instance if required by law or legal process or in order to defend its rights, ExxonMobil will have to disclose Personal Data to other third parties, including competent authorities.
If Personal Data is shared with a third party or an ExxonMobil affiliate outside the EEA, the conditions regarding data transfers, see Section 6 below, apply in addition to the requirements of this section.
6.1 Transfers between affiliates
The relevant ExxonMobil affiliate who is the Data Controller may transfer some or all of the Personal Data to servers of ExxonMobil located worldwide and will make that Personal Data accessible to other ExxonMobil affiliates, some of which are located in third countries that may not be regarded as providing an adequate level of protection of the Personal Data in accordance with applicable law.
The transfer of Personal Data from the EEA to recipients located outside the EEA is subject to restrictions. ExxonMobil has taken steps so that Personal Data receives an adequate level of data protection at all ExxonMobil locations. These steps include ExxonMobil affiliates entering into Inter Affiliate Agreements containing the EU “Standard Contractual Clauses”.
The EU Standard Contractual Clauses have been approved by the European Commission and relevant European authorities as offering adequate protection for transfers of Personal Data outside the EEA.
6.2 Transfers to third parties
When transferring Personal Data to third parties, ExxonMobil puts in place safeguards to ensure that the third party adequately protects the Personal Data.
For more information about specific transfer mechanisms used for transfers between affiliates and transfers to third parties, including information on and a copy of any of the existing safeguards implemented by ExxonMobil in order to ensure that Personal Data is Processed within an adequate framework across all ExxonMobil locations, please contact data.privacy.office@exxonmobil.com.
ExxonMobil endeavors to keep Personal Data that it collects as accurate, complete and current taking into account the purposes for which it was collected and is being used. ExxonMobil relies on Data Subjects to maintain the accuracy and completeness of the Personal Data and so the Data Subjects should inform ExxonMobil if their personal details change.
ExxonMobil maintains appropriate administrative, technical and physical safeguards designed to protect Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, use, and all other unlawful forms of Processing of Personal Data in our possession.
Applicable law may give Data Subjects the right to know how ExxonMobil Processes their Personal Data, and to access their Personal Data held by ExxonMobil. Such rights exist under data privacy laws in EEA. Furthermore in EEA, Data Subjects also have the right to: have inaccurate or incomplete Personal Data rectified; to restrict the Processing of their Personal Data, under certain circumstances; to object to the Processing operations, having regard to the given circumstances and for reasons related to their particular situation; or to have Personal Data erased when such data is no longer necessary for the purposes for which it has been collected, in accordance with applicable law.
In some circumstances, the Data Subjects also have a right to request the portability of their Personal Data, which will allow them to obtain and reuse their Personal Data for their own purposes across different services without hindrance to usability.
For more information about the specific mechanism available in order to exercise the aforementioned rights, please contact the data.privacy.office@exxonmobil.com.
To facilitate our efforts to meet your request, it would be helpful if you could let us know the context in which you initially provided ExxonMobil with your Personal Data, e.g. in connection with promotion of a specific product or service.
Certain categories of Personal Data are considered sensitive under data privacy laws and, as such, are subject to a higher level of protection and security. Data privacy law considers as sensitive the following categories of Personal Data: (1) race or ethnic origin; (2) political opinions; (3) religious and philosophical beliefs; (4) trade union membership; (5) sex life or sexual orientation; (6) physical or mental health or conditions; and (7) genetic data and biometric data for the purpose of uniquely defining a natural person.
We kindly ask you to refrain from providing ExxonMobil with any sensitive information of the abovementioned nature, under any circumstance. However, if you do provide such information, ExxonMobil accepts your explicit consent to use that data in accordance with this Privacy Statement or in the ways described at the point where such information is disclosed.
ExxonMobil does not use automated decision-making unless this is (i.) necessary for entering into, or performance of, a contract between the Individual and ExxonMobil and its affiliates, (ii.) permitted or required by law, or (iii.) based on the Individual’s explicit consent.
Automated decision-making means a decision that produces legal effects concerning an Individual or significantly affects the Individual and which is based solely on automated Processing (i.e. no human intervention in the process of decision-making) of Personal Data intended to evaluate certain personal aspects relating to the Individual. Moreover, ExxonMobil shall implement suitable measures to safeguard the Individual’s rights and freedoms and legitimate interests.
ExxonMobil retains Personal Data to meet the purposes for which the data was collected or in order to ensure compliance with applicable law or to protect legitimate company interests (e.g. statute of limitations periods).
ExxonMobil applies the following criteria in order to determine when to retain or delete the Personal Data: Periodic access reviews are performed on an annual basis. Users who have not accessed the Site for 6 months are removed from the system.
ExxonMobil is committed to protecting your Personal Data as described in this Privacy Statement and as required by applicable national laws. If you have any questions about this notice or about ExxonMobil’s handling of your Personal Data, or if you would like to request additional information on the Personal Data ExxonMobil holds about you or learn about and exercise your rights with respect to your Personal Data, you can contact:
c/o ExxonMobil Business Support Center Hungary Ltd.
Váci út 81-85
Budapest
H-1139
Hungary
You also have a right to lodge a complaint to the data protection supervisory authority in your country.
The term “Data Controller” means the natural or legal person (in the case of ExxonMobil, the relevant ExxonMobil affiliate) which determines the purposes and means of the Processing of Personal Data.
“ExxonMobil” and/or “ExxonMobil affiliates” mean (a) Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, (b) any company or partnership in which Exxon Mobil Corporation or any parent of Exxon Mobil Corporation now or hereafter, directly or indirectly (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Exxon Mobil Corporations, any parent of Exxon Mobil Corporation or an Affiliated Company has day to day operational control.
By “Processed” or “Processing” we mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The term “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject” or “Individual”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We reserve the right to change this Privacy Statement at any time without notice. When we make material changes to this Privacy Statement, we will post the changes on this page and update the revision date at the top of the Privacy Statement. We encourage you to review our Privacy Statement regularly for updates.