ConocoPhillips Privacy Statement
Effective – December 30, 2019
ConocoPhillips is committed to protecting your privacy. This Privacy Statement provides information regarding how we treat your personal data collected and your associated rights when using websites, platforms and other services that link to this Privacy Statement, or when purchasing products from, conducting business with, or otherwise interacting with ConocoPhillips and various affiliates and subsidiaries of ConocoPhillips. When referring to these entities, the terms “ConocoPhillips”, “company”, “we”, “us”, and “our” are used only for convenience and are not intended to be an accurate description of ownership, operation or corporate/legal relationship.
This Privacy Statement applies to our practices, both online and offline, regarding the collection, use, and disclosure of personal information and of the rights of individuals regarding their own personal information. This includes job applicants and visitors to ConocoPhillips website, recipients of electronic communications from us, individuals that interact with us through social media websites and other platforms or website applications. By accessing our services linked to this Privacy Statement, you consent to these terms described herein.
If you are an employee, contractor, spouse/dependent of an employee of ConocoPhillips, please refer to the ConocoPhillips Employee Information Privacy Policy or the ConocoPhillips Non-Employee Information Privacy Policy posted on our policy portal for information regarding your privacy with respect to personal data collected pursuant to your relationship with ConocoPhillips.
Please note that under some laws including those of the European Union, certain types of collected information may be personally identifiable information, and in such cases, we will treat it as personal information. For more information specifically related to residents of the European Union or the United Kingdom, see Notice to EU/UK Residents below.
Personal Data Collection
The types of information we collect depends on which product or service you use.
Categories of Data You May Provide to Us or Our Service Providers
- Identifiers, such as real name, alias or display/username, password, social security number, driver’s license number, postal address, telephone number, email address, telephone number, and company name. See below under “Categories of Data Collected Automatically by Us or Our Service Providers” for more information.
- Internet or Other Electronic Network Activity Information, such as browsing history. See below under “Categories of Data Collected Automatically by Us or Our Service Providers” for more information.
- Professional or Employment Information, such as your job title, job function, skills company/organization name and information, and other information about yourself.
- Education information, such as highest education level, degree attained, and institution attended.
- Demographic Information/Characteristics of Protected Classifications under California or Federal Law, such as your nationality and country of residence.
You are not required to provide information we may request, but if you choose not to provide it, we may not be able to provide you the requested service or to complete your application
Categories of Data Collected Automatically by Us or Our Service Providers (more information on Identifiers and Internet or Other Electronic Network Activity Information)
- Information about your browsing behavior on our websites, platforms or applications, such as the date and time you visit, the areas or pages you visit, the amount of time you spend viewing or using our site, platform or application, and the number of times you return. We may connect this information with your identity to determine your potential interests in our products and services.
- We also collect certain standard information that your browser sends to every website you visit, such as your internet protocol (IP) address, your browser type and capabilities, your preferred language, your operating system, software version, the date and time you access the site, and the website from which you linked to our site(s) or application(s), if any.
Categories of Data We Collect About You from Third Parties
- If you link to us through a third-party service, we may receive information about you for example from an internet service provider (subject to your privacy settings on those third-party services), such as the above-listed Identifiers.
Cookies and Other Tracking
Cookies are small amounts of data generated by a website and saved by your web browser. Their purpose is to remember information about you. Our websites may use cookies to track the number of times you have visited our website, to track the number of visitors to our site, to analyze visitors’ experience with our site, to store data that you may provide (such as preferences), and to store technical information related to your interactions with our websites, platforms and applications. We may also use session cookies, which are deleted when you close your browser to facilitate movement around our site, and other information useful in administering the session on our site.
Tracking Options and “Do Not Track” Signals
Most internet browsers automatically accept cookies, but you may adjust your browser, operating system, or mobile device settings to limit certain tracking, decline cookies, or notify you when a cookie is being placed on your computer or device. If you choose not to accept cookies, you may not be able to experience all the features of our website(s), platforms or application(s). You can typically delete existing cookies, although this means that your existing settings will be lost, such as stored preferences.
Our Use of Personal Data
We use your personal data for the following purposes only (broken out by categories of personal data):
- Identifiers, Internet or Other Electronic Network Activity Information, Professional or Employment Information, & Demographic Information/Characteristics of Protected Classifications under California or Federal Law are used for performing services on behalf of the business or service provider, including answering your questions and responding to your requests made through our websites, call centers, job applications, or through third-party websites (including social media).
- Identifiers & Internet or Other Electronic Network Activity Information are used to improve/develop products or services (including websites, platforms and applications). We use your personal data to develop or improve our services; to determine how to best provide services to you; and to improve our websites, platforms, and applications to make them easier to use.
- Identifiers & Internet or Other Electronic Network Activity Information are used for fraud and security purposes. We use your personal data to protect the security and integrity of our services and our business, as well as to safeguard your personal data.
We may also use your personal data in other ways as required or permitted by law or with your consent prior to the point of collection, or in an aggregated and non-specific format (where you cannot be reasonably identified) for analytical and demographic purposes.
We use your personal data in a lawful manner only because it is necessary for the performance of an agreement with you, for our or a third party’s legitimate interests, or with your consent.
With Whom We Share Your Personal Data
We have disclosed to other parties, for business purposes, all categories of personal data collected in the last 12 months as described below. We do not and will not sell personal information and therefore do not sell the personal information of minors under 16 years of age without affirmative authorization.
Service Providers. We may disclose your personal data to our service providers for legitimate business purposes to provide services to us or on our behalf, such as data hosting, cloud services, sending out information and communications, processing transactions, analyzing data, technical support, and other business and professional services. We provide these companies with only those elements of personal data they need to provide their services to us.
To Third Parties for Transactions. We may also disclose personal data in connection with certain transactions, such as to, government entities, and to other third parties to whom you or your agents authorize us to disclose your personal data in connection with products or services we provide to you.
Required Disclosures. We may disclose your personal data if required to do so by law or in our good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, and to protect our or others’ rights, property, or safety.
Business Transfers. If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, or other business transfer event, then we may sell, transfer, or share some or all our assets, including your personal data, in connection with such transaction or in contemplation of such transaction, e.g., due diligence. We will make reasonable efforts to notify you before your personal data is transferred and becomes subject to a different privacy policy.
Operating Globally and International Transfers
We may transfer personal data to and store personal data in countries other than the country where it was collected or where you accessed our websites, platforms or applications. Those countries may have different data privacy and protection laws than the countries from which the personal data was collected or from which you accessed our websites, platforms or applications. To the extent required by applicable law, we will take measures to protect personal data so transferred or stored. For example, we implement standard contractual clauses approved by the European Union and use similar contractual obligations to comply with applicable laws of other jurisdictions. By choosing to use our services, including our websites, platforms and applications, and submitting personal data to us, you consent to the transfer of such personal data outside of your country of residence.
Personal Data Retention
To the extent permitted by applicable law and in accordance with the provisions of this Privacy Statement, we keep personal data for so long as (1) it is needed for the purpose for which we obtained it originally, or (2) we have another lawful basis for retaining it beyond the purpose for which it was originally obtained.
Security Measures
We use, and we require our service providers to use, industry standard security measures for securing and protecting personal data, including without limitation encrypting data in transit and at rest, as well as limiting access to personal data on a least privilege basis, i.e., giving each user access only to personal data needed to perform their specific job duties.
Linked Websites
Our websites, platforms and applications may contain links to other websites, including those of other companies, organizations, and publications. These websites operate independently from our websites, platforms and applications, and we do not control and are not responsible for the content, security, or data privacy practices used by other entities. You should review the privacy statements of those websites to determine how they protect and use your personal data.
Children
Our services, including our websites, platforms and applications, are not directed to children and we do not knowingly collect any personal data from children. If we learn that we collected the personal data of a child under the age of 13, we will use reasonable efforts to delete such information from our systems promptly.
Your Rights
Depending upon the laws applicable where you reside, you may have any or all the below described rights. We are committed to protecting your privacy and will make reasonable efforts to honor your exercise of the below rights as permitted by law.
Residents of California have the following rights (some may not be effective until January 1, 2021):
Right to Access
You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive your verifiable request, we will disclose to you:
- the categories of personal data we collected about you;
- the categories of sources for the personal data we collected about you;
- our business or commercial purpose for collecting or selling your personal data; the categories of third parties with whom we share that personal data;
- the specific pieces of personal data we collected about you; and
- if we sold or disclosed your personal data for a business purpose, two separate lists:
- identifying the categories of personal data sold to which categories of third-party purchasers; and
- identifying the categories of personal data disclosed to which categories of third parties.
Right to Delete
You have the right to request that we delete any of your personal data we collected from or about you, subject to certain below-listed exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal data from our records unless an exception applies.
Exceptions
We may deny your deletion request if retaining the personal data is necessary for us or our service providers to:
- complete the transaction for which we collected the personal data, provide a product or service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- debug products to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided by law;
- comply with the California Electronic Communications Privacy Act or other applicable laws;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- comply with a legal obligation; or
- make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Non-Discrimination
We will not discriminate against you for exercising any of your rights. Unless permitted by applicable law, we will not do any of the following should you choose to exercise your rights:
- deny you goods or services;
- charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- provide you a different level or quality of goods or services; or
- suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
How to Exercise Your Rights
To exercise these rights, please contact us via one of the means specified in the Contact Us section of this Privacy Statement.
Only you or a person you authorize to act on your behalf may make a request related to your personal data. Please note that you must verify your identity and request before we take further action. As a part of this process, government identification may be required. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.
You may submit a request only twice within a 12-month period. Your request must provide information which sufficiently allows us to reasonably verify you are the person about whom we collected the personal data and must describe your request with enough detail to sufficiently allow us to properly understand, evaluate, and respond to it.
Our Response Process
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If applicable, our response will explain the reasons we cannot comply with your request. For access requests, we will select a format to provide your personal data that is readily usable and should allow you to transmit the personal data without hindrance.
We will not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine your request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to Privacy Statement
We reserve the right to amend this Privacy Statement at any time at our discretion and will review and update it as may be necessary but will do so at least annually. When we do, we will revise the effective date at the top of this Privacy Statement. Please revisit this page periodically to become aware of the most recent privacy terms - your use of our services linked to this Privacy Statement after such changes have been posted constitutes your agreement to such terms.
Contact Us
If you have questions regarding this Privacy Statement or our handling of personal data, or to exercise your rights herein, please submit a request here or call us at 866-887-7217.
Notice to EU/UK Residents
If you are a resident of the UK or European Union ("EU"), you may have additional rights, as detailed below. Furthermore, you are entitled to know the processing bases upon which we rely for the collection, processing and use of your Personal Data. For purposes of this Notice to EU/UK Residents, the term "Personal Data" shall mean personally identifiable information.
Processing Bases and Consequences
We rely on the following legal grounds for the collection, processing and use of your Personal Data:
- the processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
- the processing is necessary for compliance with a legal obligation to which we are subject;
- the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of which you require protection of Personal Data, such as legitimate interests are the fulfilment of the processing purposes described in this Privacy Statement that are not necessary for the performance of a contract or for our compliance with a legal obligation to which we are subject; or
- other applicable legal basis for data processing, especially provisions set out by member state law.
To the extent that a legal ground described above would not apply to specific purpose of processing of your Personal Data by us, we will seek your consent for such specific purpose(s) in accordance with applicable law.
If you do not provide us with certain Personal Data, we may not be able to fulfill the requested purpose of collection, such as to respond to your queries or provide our website to you. However, unless otherwise specified, not providing your Personal Data will not result in legal consequences for you.
Your Rights
Right to withdraw your consent: To the extent a specific element of our processing of your Personal Data relies upon your consent, you may withdraw such consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
Additional data privacy rights: Pursuant to applicable data protection law, you may have the right to (i) request access to your Personal Data; (ii) request rectification of your Personal Data; (iii) request erasure of your Personal Data; (iv) request restriction of processing of your Personal Data; (v) request data portability; and/or (vi) object to the processing of your Personal Data (including objection to profiling).
Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the EU General Data Protection Regulation applies:
Right to request access to your Personal Data: You may have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. This access information includes - inter alia - the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of the Personal Data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to request rectification: You may have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal Data completed, including by means of providing a supplementary statement.
Right to request erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of Personal Data concerning you and we may be obliged to erase such Personal Data.
Right to request restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your Personal Data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
Right to request data portability: Under certain circumstances, you may have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
Right to object: Under certain circumstances, you may have the right to object, on grounds of relating to your particular situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. Such right to object may especially apply if we collect and process your Personal Data for profiling purposes in order to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated at the end of the Privacy Statement. Such a right to object may, in particular, not exist if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
To exercise your rights, please contact us as stated at the end of the Privacy Statement. You also have the right to lodge a complaint with the competent data protection supervisory authority.
International Transfers
The Personal Data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area ("EEA"). For recipients located outside of the EEA, some may be certified under the EU-U.S. Privacy Shield and others may be located in countries with adequacy decisions, and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not provide an adequate level of protection from a European data protection law perspective. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard contractual clauses adopted by the European Union. You may request a copy of such appropriate safeguards by contacting us as set out at the end of the Privacy Statement.
Contact Details of ConocoPhillips EU Representative
Contact our representative within the EU at the following email address: Espen.Soerskaar@conocophillips.com.