This privacy statement will inform you as to how bp pulse ("bp", "we", "us" or "our"), as data controller, processes your personal information when you visit our websites or apps (the "Digital Asset"), make contact with us and/or use our products and services and tell you about your privacy rights and how the law protects you.
If you have any questions about this privacy statement or our privacy practices in connection with the Digital Asset, please contact us by email at: firstname.lastname@example.org If you are located in the EEA, Switzerland or the UK, you can get in touch with our Data Protection Officer (DPO) using the above information.
Personal information, or personal data, means any information about an individual from which that person can be identified, whether directly or indirectly. As part of your visit to our Digital Asset and/or your receipt of products or services provided via the Digital Asset, bp may process the following personal information relating to you.
Biographical and Contact Data such as name, telephone number and postal or email address, gender; marital status;
Account Credentials such as your username and your password;
Transaction Data such information may include details of transactions you carry out through our channels, of the fulfilment of the services we provide and payment details;
Professional Data such as job title, company name, company email address, business phone number, business address;
Preference Data such as any marketing or usage preferences you provide us or that we may infer from the other data provided to us;
Correspondence. If you contact us, we will typically keep a record of that correspondence. This may include telephone calls, which we record to assist us in training our staff and undertaking quality checks; and
You may provide this information to us or we may obtain this information from other sources, such as from third parties and publicly available data sources. We may also generate this information about you e.g. through the creation of a file with your customer records and contact history.
When we use your personal information for the purposes outlined in this privacy statement, we ensure that we have a lawful basis to do so. Under the UK and EU GDPR and where applicable in other jurisdictions, we will generally rely on one or more of the following lawful bases:
Performance of the contract we have with you for the provision of our services. [This contract is governed by our applicable Terms and Conditions;
Legitimate interest: This is relevant where we use your personal information where it is necessary for our (or a third party’s) legitimate interests and those interests do not override your rights;
Compliance with law or regulation: This is relevant where we use your personal information where it is necessary to comply with applicable laws; and
Consent: This is relevant where we need your consent to use your personal information. However, we do not usually need your consent. Where specifically identified elsewhere in this privacy statement, you may be able to withdraw your consent to certain types of processing.
Your personal information may be stored and processed by us in the following ways and for the following purposes (we have also set out the UK and EU GDPR lawful basis that apply for each): click here to view
You may choose not to provide us with your personal information. However, if you choose not to provide your personal information, we may not be able to provide you with certain of our services.
We may apply profiles to you based on the personal information set out above. Such profiles may be used to personalize the Digital Asset or services, decide what to advertise to you and/ or as part of security threat detection and prevention.
We may share your personal information with other entities within the bp Group as part of our business operations, including with our parent company bp PLC, headquartered in the United Kingdom.
Third party service providers
We may share your personal information with third-party service providers, agents and contractors for the purposes of providing services to us (for example, our accountants, professional advisors, and IT and communications providers). We may also share your personal information with our business partners that may use it for their own purposes (as permitted by applicable data protection law), such as for administering and promoting their products/services. Any third-party provider we appoint must protect your personal information in line with the contractually required security measures.
Social media platforms
We may use your personal information to undertake advertising campaigns on social media platforms such as LinkedIn, Instagram and Facebook in order to provide information about upcoming services or new products and to ensure you only receive relevant advertising about our products and services. We may share your personal information with social media platforms so that you see advertising about our, or our partners’, products and services that we think you will be interested in when you interact with the relevant social media platform. We may also share your personal information with social media platforms to help us present relevant advertising to individuals who the social media platforms determine are likely to have similar interests to you.
Legal and regulatory disclosures
We may disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and / or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on bp. We may also share your personal information in connection with legal proceedings. These bodies may be situated outside of your jurisdiction.
We may share your personal information with third parties (and their advisors) to whom we may choose to sell, transfer or merge parts of our business or our assets.
As an international company, we may store or transfer your personal information to other bp entities around the world. Where this is the case, we will ensure that the importing jurisdiction offers an adequate level of data protection, or we will provide the personal information under a comprehensive, flexible, and global compliance framework which implements appropriate measures and safeguards to ensure that your personal information is protected in accordance with applicable data protection laws.
Similarly, where we transfer personal information to a third party located in a different jurisdiction, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your personal information, such as by including appropriate clauses in our agreements with third parties.
Under certain circumstances (and subject to exemptions) you have rights under data protection laws in relation to your personal information. If you wish to exercise any of the rights set out below, please contact us. You have the right to:
Request access to your personal information. Where applicable, you are entitled to receive a copy of personal information we hold about you.
Request correction of the personal information that we hold about you. You may request that we correct any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal information we hold about you is accurate and current. Please contact us to update us in the event of any changes to your personal information.
Request erasure of your personal information. You may request that we delete or remove personal information where there is no overriding reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with applicable law.
Object to processing of your personal information. Where we are relying on legitimate interests, you have the right to object to processing of your personal data where you consider that the processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue to process your personal information and if this is the case, we will inform you.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
If you want us to establish the data's accuracy;
Where our use of the data is unlawful but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; and/or
You have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to continue to process it.
Request the transfer of certain of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to information you provided to us and which we process on the basis of consent or where it is necessary to perform a contract with you.
Withdraw consent where we are relying on consent to process your personal information. Withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Complain to the data protection regulatory authority. You have the right to complain to the relevant data protection supervisory authority (regulator) at any time. If possible, we would appreciate the chance to deal with your concerns before you approach the relevant data protection regulator, so please contact us in the first instance. Additionally, certain regulators encourage you to contact us as the data controller in the first instance, please refer to any guidance produced by the relevant regulator in this regard. If you are located in the EEA/Switzerland/UK, see below for more information about identifying the relevant regulator.
How long we will hold your personal information for will vary and will be determined by the purpose for which we are using it. We will need to keep the data for as long as is necessary for that purpose in line with our business needs, [as documented in our Global Records Retention Schedule]. These may vary between jurisdictions. [For example, if you are located in the UK and we have a contract with you, we will typically retain your personal information for a period of 6 years following termination of that contract, unless litigation is anticipated when we will keep it longer.] Additionally, there may be laws or regulation which set a minimum period for which we have to keep your personal information. We will only hold your information for the defined retention period, before anonymizing the information or deleting it. Anonymising the personal information means making it so that it can no longer be identifiable to you personally. This can be achieved either by aggregating the data (for example, to make a finding about a group of people as opposed to a specific individual) or by removing any personal identifiers (for example, contact information) so that it can still be used to identify trends and patterns but cannot be linked back to a specific individual.
If you would like further information in connection with the retention period that is applicable to your personal information held for a specific purpose, please contact us.
For retention periods relating to cookie data specifically, please refer to our Cookies statement.
If you choose to unsubscribe from a service, we may keep a ‘suppression list’ containing your details so we know you have unsubscribed and to ensure you are not contacted again. Your personal information held on a suppression list will not be used for any other purpose.
This Digital Asset may contain links to Digital Assets or content provided by other third parties which are outside our control and are not covered by our privacy statement. Interacting with that content may allow third parties to collect or share data about you. We encourage you to read those providers’ own privacy statements.
This privacy statement became effective on 19/10/2023 and was last reviewed in 10/2023