Effective Date of Data Privacy Statement: 10th May 2023.
1. Introduction:
This Privacy Statement provides information on the processing of your personal information by Esso Petroleum Company, Limited and its affiliated companies through your use of the Esso Application (the “App”).
The App facilitates your transaction with the operator of the Esso branded service station from which you make a purchase. By using the App, you are not purchasing products from ExxonMobil.
Your privacy is important to us and we want you to know what information we collect through the App, how we collect it, what we use it for and who we may share your personal information with. This Privacy Statement may be changed over time. You are advised to regularly review the Privacy Statement for possible changes. By using the App, you are consenting to these Privacy Terms.
Special note:
This App should not be used by anyone who is under the age of 16. If you are under 16 years old please do not use this App and do not send us your personal information (for example your name, age, address or email address).
2. Data Controller:
Esso Petroleum Company, Limited (“Esso”) is responsible as the data controller of personal information collected through the App. If you have any questions about the content of this Data Privacy Statement, please contact the Data Privacy Office at the following e-mail address: data.privacy.office@exxonmobil.com
3. What information do we collect?
The App will allow you to submit personal information, that is, information that could identify you as an individual. When you register on the App, Esso will collect and store your login data, such as your name and email address. If you are a holder of Nectar card and you wish to collect points on qualifying purchases, the App permits you to provide your Nectar card number. In that case, we will process the Nectar card number. Whenever you use the App to make payment at an Esso branded service station, we collect information in relation to the payment transaction, such as time and place of your visit, number of visits, total purchase amount per transaction, products purchased, payment method you use, including payment methods embedded in the App (such as Apple Pay , PayPal, Google Pay). For your convenience, you can also save your card in our App, where your data will be kept securely in an encrypted format. We may also collect information regarding your preferences in relation to the fuel purchase transaction, including your preferred payment method, fuel grade preference or receipt preference.
The App can collect information about your geolocation only when the App is installed and if you have given permission for location services. You are able to turn off location services in your phone or App settings, but this will mean that you lose some of the functionality of the App and as a result will need to scan the QR codes found on the pump.
If you personalise the App, participate in a promotion, or submit feedback or other information to us, you may also provide us with additional personal information.
If you wish to pay via the embedded third party payment methods, you will be required to provide certain information to this authorised third party to support security, operations and servicing of the App and your payments. These third party payment providers operate independently of ExxonMobil. Please read the privacy policies (which are different toExxonMobil’s Privacy Policy) of the respective third party providers on the following links:
so that you understand how they will process your information, including what information they collect about you and how they use it.
In this regard, also refer to paragraph 7 below.
Google Firebase data collection
Firebase is a development platform of Google LLC, 1600 Amphitheatre Parkway. Mountain View, CA 94043. USA and its affiliates that offers different technical solutions and functions for apps (hereinafter referred to as “Google“). We receive the Firebase services via our IT service provider Fiserv, Inc., 255 Fiserv Drive, Brookfield, WI 53045, USA ("Fiserv") which is Google's contractor for this App. We use Google Cloud servers in Frankfurt for processing. There is no data transfer to Google for its own purposes. To ensure an adequate level of data protection, Fiserv and Google have concluded contractual agreements using the EU standard contractual clauses.
With your consent we use the Firebase tool Crashlytics for Firebase and the feature "Event Tagging". You can consent to our use of Google Firebase upon initial setup of the App and withdraw or renew consent at anytime in your app settings. Please note, that the data collected via Firebase cannot be linked to any specific Esso-Profile and will be processed anonymously.
Crashlytics collects and analyzes some of your usage data in order to find technical errors within the App and to improve the App’s user-friendliness. It helps reconstructing events that e.g. made the App crash.
The data collected comprises, for example, a device identifier, your IP address, crash reports and data on your interaction with app buttons, including timestamps and information regarding your device
We use the feature "Event Tagging" to collect information about the performance of the App ("event") and to detect malfunctions and send the information to Firebase (together with a user ID, the time stamp of the event and the status of the App). Based on the information, we receive performance reports from Firebase in order to gain insights that help improving the App performance. The information processed for this purpose is not in any way related to a specific user account.
The data processed with Crashlytics will be stored for a period of up to 180 days.
For detailed information on the processing of your data by Google read https://firebase.google.com/terms/.
4. Why do we collect information?
We may collect, store and use your personal information to provide you with products or services, to bill you for products and services, to tell you about products and services which we think may be of interest to you, to deliver other relevant information to you such as transaction receipts, support messages, marketing messages, details of Nectar points collected and to provide vouchers or coupons.
Furthermore, we may use information collected about you:
a) To improve and personalise our services. For instance, we may enable features in
the App in order to provide you with personal deals and offers; and/or
b) To communicate with you about news and updates about our products and services
and to inform you about any promotions, incentives and rewards offered by us and/or our partners or the operators of
Esso branded service stations. We may use analytics software to track usage and behaviour on the App so that we can
tailor our communications to you.
We may also use the information collected through the App to analyse links between your usage of the App and your usage of other applications (for instance, our websites) or across the different types of devices you may use to access the App or other applications, in order to improve your cross- application experiences. In doing so, we use cookie files and other storage technologies on our App in accordance with this Privacy Statement and the Cookie Statements on ExxonMobil websites (including www.esso.co.uk).
We may use personal information to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our services.
5. Information on your mobile device or computer
When someone accesses the Esso website via the App, our web servers automatically gather information that allows the
site to communicate with the App and/or the visitor’s device during the visit. We also track information such
as the number of visits to the website, which parts of the website visitors select, IP address (the Internet address
assigned to your device from your Internet Service Provider), domain type, browser type (e.g., Firefox, Chrome or
Internet Explorer), date and time of day. We use such information only for statistical purposes that help us design
and administer the website.
We may store some information ("cookies" or other files) on your device or computer when you look at or use the App
or website. This information facilitates customizing your use of the App and website and helps to avoid the need for
you to re-enter your details every time you visit it. You can erase or block this information from your device if
you want to. The 'help' screen in your browser or computer user manual should tell you how to do this.
6. Third party advertising
We may use third party advertising technology to provide ads on the App. This technology will not provide any
information to third party advertisers that can be used to personally identify you, so it will not include your
name, address, or other personal information. When you access an ad, a "cookie" file may be stored on your mobile
device. This information is used to help manage our on-line advertising.
To learn more about the third party ad-serving technology, cookies, and how to "opt-out" you can also visit www.allaboutcookies.org
(note: you will be taken to a third-party website).
Hyperlinks & Sharing the App or content through Social Media
The App uses links to other websites or applications that Esso does not own, control or maintain. We cannot be
responsible for their privacy policies and practices and we make no representations or warranties about the privacy
practices of those websites and applications.
We recommend that you check the privacy policy of these other websites and applications and contact its operator if you have concerns or questions. For example, the App uses Google Maps. Links to the Google privacy policy and Google Maps terms of service are available here: Google Maps/Google Earth Additional Terms of Service (including the Google Privacy Policy).
If you choose to share the App or any of its content through social media such as Facebook, Linked In, Instagram and / or Twitter, your personal information (such as your name and the fact that you are interested in Esso) will also be visible to all the visitors of your personal webpage on those social media sites. On the use of such social media websites, refer to the terms and conditions (including privacy statement) of that social media site. Esso is not responsible for the processing of personal information or the privacy policy of social media websites, and Esso’s Privacy Statement is not applicable to those sites.
7. Sharing Information with Third Parties
Esso does not sell or distribute the personal information it collects via the App to third parties for the purpose of allowing those third parties to market their products and services to you. In order to process the payment transactions, Esso provides transactional data on a transaction-per-transaction basis to the service station operator where the transaction took place. Transactional data includes, but is not limited to, amount of spend, product(s) purchased, frequency of visits, whether the transaction is eligible to collect Nectar points, time of visit. Whilst we do not provide name, address or other contact details to the service station operators, the service station operator may be able to derive certain additional information from such transactional data, for instance in combination with CCTV installed by the service station operator at the service station. In addition, Esso may provide aggregated transaction data to any of the operators of Esso sites however again without reference to names, email addresses or Nectar card number.
Esso does employ other companies and individuals to perform certain functions on its behalf. Examples include hosting the App, processing payments, preventing, detecting and investigating fraud, processing Nectar card information, and sending communications (for example, e-mail and push notifications, managing customer lists, analysing data, providing marketing assistance and providing customer service). Those third parties may have access to personal information but will only have access to the information needed to perform their functions, and cannot use it for any other purpose. They must process the personal information in accordance with this Privacy Statement and as permitted by applicable data protection laws.
We have agreements in place with those third parties providing the App service obliging them to protect the security and confidentiality of the personal information consistent with applicable policies and laws.
8. Data transfers & Sharing information with Affiliates
We may transfer the personal information we collect about you to countries other than the country in which the information was originally collected. These transfers include transfers to affiliated companies around the world so that we may analyse the data in order to improve our global products and services. When we transfer the personal information to other countries, we will protect that information as described in this Privacy Statement. By using the App and submitting data to the App, you provide express consent to these transfers, including trans-border transmission of data covered by this Privacy Statement.
We comply with applicable legal requirements providing adequate protection for the transfer of personal information to countries outside of the UK, EEA or Switzerland including execution of binding corporate rules by Esso and its affiliated companies as needed.
9. Data Security
We are committed to ensuring that the information collected about you is secure. We take reasonable measures including administrative, technical and physical procedures to protect your information from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction. Your full payment card details are not stored on your mobile device and we also only show masked Nectar card numbers on the App. The level of security can only be effective if you follow certain security practices yourself including using unique and strong passwords, never sharing your account or login details with anyone and by using the available mobile device security features. If you believe that any of your account login details have been exposed, you can change your password at any time through the App.
10. Opt Out/Modify Information
If you no longer wish to use the App, you can uninstall the App. You can request the removal or modification of your personal information by sending an e- mail to the Data Privacy Office (see address in Section 2). We will delete or render anonymous any personal information that is no longer needed.
11. Your Rights
When living in a country with comprehensive data privacy laws, certain rights in relation to the information collected may apply, including:
- The right to know and see what personal information is processed;
- The right to have inaccurate personal information corrected or deleted;
- The right to withdraw consent to the processing of the personal information. In this case, you will no longer be able to use the App. In this case you should uninstall / remove the app.
12. Data Retention
Esso and its affiliated companies may retain personal information you provide for the duration of the services and for as long as is necessary to provide support related reporting and trend analysis. Individual transaction data will be securely stored according to ExxonMobil’s data retention guidelines for transactional data. Receipts that are stored in the App will be visible for 90 days and will be automatically removed after those 90 days.
13. Conditions of Use, Notices and Revisions
Use of the App. is subject to the Terms and Conditions of Esso App and this Privacy Statement. We reserve the right to change this notice at any time without notice.
We may change this Privacy Statement from time to time by posting the updated version on the App. We advise you to review this page regularly to stay informed and to make sure that you are happy with any changes. If we make material changes to this Privacy Statement, we will notify you via email or within the App. If you object to any of the changes to our terms, you are free to stop using our services, delete the App and request for your personal information to be deleted.
¹ ExxonMobil and/or ExxonMobil Affiliates mean (a) Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, (b) any company or partnership in which Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, directly or indirectly, (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Exxon Mobil Corporations, any parent of Exxon Mobil Corporation or an Affiliated Company has day to day operational control.