Privacy Policy for third party data
1. Definitions used in this Privacy Policy
In this Privacy Policy, the following definitions shall apply:
“Data Controller” means the natural or legal person, public authority, agency or other body which,
alone or jointly with others, determines the purposes and means of the processing of personal data (see Section 2 below).
“Data Processor” means a natural or legal person, public authority, agency, or other body which
processes Personal data on behalf of the Data Controller.
“Data Subject” means the individual whose data is processed pursuant to this Privacy Policy.
“Personal Data” means any information relating to an identified or identifiable natural person (a
“Data Subject”) as further defined in the UK General Data Protection Regulation.
“you” or “your” means you, the person who provides us with personal data or the individuals whose personal data you have provided to us.
2. Data Controller
The Data Controller in respect of your Personal Data will in most instances be the Petroineos group
company you are dealing with. The details of these entities are set out below.
Legal Entity | Registered Details |
Petroineos Trading Limited | 3rd Floor, 44 Esplanade, St Helier, Jersey, Channel Islands JE4 9WG |
Petroineos Refining Limited | 3rd Floor, 44 Esplanade, St Helier, Jersey, Channel Islands JE4 9WG |
Petroineos Manufacturing Scotland Limited | Bo’Ness Road, Grangemouth, Stirlingshire, FK3 9XH |
Petroineos Fuels Limited | The Adelphi, 1-11 John Adam Street, London, United Kingdom WC2N 6HT |
Petroineos Fuels Assets Limited | The Adelphi, 1-11 John Adam Street, London, United Kingdom WC2N 6HT |
Petroineos Europe Limited | The Adelphi, 1-11 John Adam Street, London, United Kingdom WC2N 6HT |
PetroChina International (London) Co., Ltd | The Adelphi, 1-11 John Adam Street, London, United Kingdom WC2N 6HT |
3. The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes your name, username or similar identifier, marital status, title, date of birth, gender, your image and voice, national ID number, copies of your ID and proof of address.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Professional Data includes your professional work experience, qualifications, curriculum vitae, details of past and former directorships and criminal background checks
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or sold to us.
4. How is the information collected?
Most of the personal data we process is provided to us directly by through your business communications with us, including via mail, email, instant messaging services and telephone.
We also receive personal data indirectly, in the following scenarios:
- We undertake “know-your-customer” checks on directors, shareholders and ultimate beneficial owners in your organisation, which involves the use of third party databases
What is the purpose of the Personal Data processing and what is the lawful basis?
We process the Personal Data for the following purposes:
- For general business communications and other administrative purposes
- To enter into and perform contracts with you
- To satisfy money-laundering, anti-bribery and other regulatory obligations
- To process payments from you or process payments to you
- To monitor trading activity for compliance purposes
- To make decisions on our willingness and ability to do business with you and/or the terms of such
- To assess the capabilities of your staff as part of tendering processes
- For building security purposes when you attend our premises
We will rely on the following lawful bases for the processing activity described above:
- To enter into or perform a contract with you
- To comply with our legal obligations
- Our legitimate interests
6. How long will we keep your Personal Data for?
We will not retain your Personal Data for longer than is necessary. We keep information collected for “know-your-customer” checks throughout the course of our relationship with you plus an appropriate period afterwards for the purposes of regulatory audit. Other information is generally retained throughout the course of our relationship with you plus an additional period afterward to cover any outstanding issues or queries that may arise.
7. Who do we disclose your Personal Data to?
Service providers: we disclose information to service providers who provide services on our behalf, such as:
- Providers of cloud storage systems, IT infrastructure and support services,
- Providers of invoicing and other contract administration databases
- Credit reference and fraud prevention agencies
- Professional advisors such as accountants, auditors, legal and tax advisors
Other market participants: we also disclose data to other participants in the market we operate, which may include regulators and other official bodies.
Other third parties: from time to time we may disclose your Personal Data to other members in our group, which includes those set out in Section 2 as well as those in the PetroChina group of companies.
8. Transfers of Personal Data outside of the UK
A small number of our service providers are based outside of the UK and the European Economic Area (the “EEA”). Where we send your Personal Data to a territory outside of the UK and the EEA, which doesn’t have an adequacy ruling, we will ensure that suitable safeguards are in place to ensure that your Personal Data transferred to and processed within such territory is treated securely. Generally speaking, we use the Standard Contract Clauses approved by the EU Commission for such purpose.
Transfers of Personal Data to PetroChina companies based in China are subject to a Data Transfer Agreement incorporating the Standard Contractual Clauses.
9. Your rights
Data Subjects may exercise certain rights regarding their Personal Data processed by Petroineos.
In particular, Data Subjects have the right to do the following:
- Withdraw their consent at any time. Data Subjects have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Data Subjects have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Data Subjects have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Data Subjects have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another Data Controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.