Effective Date: January 1, 2020
This Policy applies to all Personal Information collected during any written, electronic, and oral communications or collected online (collectively, the “Services”), which include: the website located https://www.bp.com/ and all corresponding webpages and websites that link to this Policy ("Site"); BP mobile, web, console, desktop and other applications, including BPme Rewards (e.g., Apple iOS Apps, etc.) (collectively and individually, "BP App"); and any other content, applications, features, functionality, information and services offered by us though the Site and/or the BP Apps.
Use of our Services is subject to our Conditions of Use, which you can view here: https://www.bp.com/en_us/united-states/home/legal-notice.html (“Conditions of Use”) and this Policy. Please read the Conditions of Use and this Policy carefully before you use our Services. By using our Services, you accept the Conditions of Use and accept our privacy practices described in this Policy. If you cannot accept the Conditions of Use and the practices outlined in this Policy, you must not use or access our Services.
We may modify this Policy at any time, without prior notice, and changes may apply to any Personal Information we already hold about you, as well as any new Personal Information collected after the Policy is modified. If we make changes, we will notify you by revising the date at the top of this Policy. We will provide you with advanced notice if we make any material changes to how we collect, use or disclose your Personal Information that impact your rights under this Policy. If you continue to access or use our Services after receiving the notice of changes, you acknowledge your acceptance of the updated Policy.
In addition, we may provide you with real time disclosures or additional information about the Personal Information handling practices of specific parts of our Services. Such notices may supplement this Policy or provide you with additional choices about how we process your Personal Information.
1. Personal Information We Collect
We collect Personal Information when you use our Services, create an account with us or submit Personal Information to us. Personal Information is any information that relates to you, identifies you personally or could be used to identify you, such as your user ID, name, email address, phone number, address and payment account number. The types of Personal Information that we may collect about you include, but are not limited to:
a. Information You Voluntarily Provide to Us on Our Services
If you decide to contact us or make use of personalized services (e.g. by filling in a form on our Site), then you will be asked to submit limited Personal Information which is necessary for us to provide applicable Services to you. Providing Personal Information this way is voluntary. If any form which collects your Personal Information allows you to voluntarily provide additional information, we seek this information because we think it will help us to give you a better-quality service. You do not have to provide such information if you do not wish to do so.
b. Information You Provide to Us Through the BPme Rewards Program
When you first register for the BPme Rewards app, BP must collect Personal Information so that you can participate in our loyalty program. We require your name, email address and a mobile phone number to operate the program. This information will be used to establish an account for you and to email you a unique password so that you can access your BPme Rewards account. Once you have received your password and access to your account, you have the choice to provide your mailing address to help us deliver more relevant and personalized offers and marketing communications. You will also be asked whether you would like to receive email or text message marketing communications from BP. When you use BPme Rewards app we will collect information relating to the purchases and transactions you undertake at BP locations to operate the loyalty program.
c. Information You Provide to Our Affiliates and Subsidiaries
We may get your Personal Information from a company controlled by or under common control with BP.
d. Site Traffic Information and Cookies
When you use the Services online or through our mobile app, we automatically collect information about the Services you use and how you use them by using cookies, tags, and similar technologies to automatically collect information in connection with our Services. To learn more about our usage of the cookies and other tracking technologies, please see section 2 below.
2. Cookies and Other Tracking Technologies
The cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s system to recognize your browser and remember certain information.
Generally, we use first-party and third-party cookies for the following purposes: to make our Services function properly; to provide a secure browsing experience during your use of our Services; to collect passive information about your use of our Services; to measure how you interact with our marketing campaigns; to help us improve our Services; and to remember your preferences for your convenience.
We use the following types of cookies on our Services:
- Strictly Necessary Cookies – These cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, some services cannot be provided. These cookies do not gather information about you for marketing purposes. This category of cookies is essential for our Services to work and they cannot be disabled.
- Functional Cookies – We use functional cookies to remember your choices so we can tailor our Services to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name or preferences on our Services. We do not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of our Services.
- Performance or Analytic Cookies – These cookies collect passive information about how you use our Services, including webpages you visit and links you click. We use the information collected by such cookies to improve and optimize our Services. We do not use these cookies to target you with online marketing. You can disable these cookies.
- Advertising or Targeting Cookies – These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. Our third-party advertising partners may use these cookies to build a profile of your interests and deliver relevant advertising on other sites. You may disable the use of these cookies as set forth below.
b. Other Tracking Technologies
To see how successfully our marketing campaigns or other Site goals are performing we sometimes use conversion pixels, which fire a short line of code to tell us when you have clicked on a particular button or reached a particular page (e.g. a thank you page once you have completed the procedure for subscribing to one of our services or have completed one of our forms). We also use web pixels to analyze usage patterns on our Site. The use of a pixel allows BP to record that a particular device, browser, or application has visited a particular webpage.
c. Your Choices - Depending on whether you would like to manage a first-party or third-party cookie, you will need to take the following steps:
- First-Party Cookies. You can use the browser with which you are viewing this Site to enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” settings). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of the Site. Also, if you disable cookies other parts of the Services may not work properly. You can find more information about how to change your browser cookie settings at www.allaboutcookies.org.
- Mobile Advertising. You can opt out of having your mobile advertising identifiers used for certain types of advertising by accessing the settings in mobile device and following the instructions. If you opt-out, we will remove all data about you and will not collect any further data. The random ID previously assigned to you will be removed. Thus, if at a later stage, you decide to opt-in, we will be unable to continue and track you using the prior ID and you will for all practical purposes be a new user.
- Third-Party Cookies. To opt-out of third-party advertising networks and similar entities that use advertising cookies go to http://www.aboutads.info/choices. Once you click the link you may choose to opt-out of such advertising from all participating advertising companies or only advertising provided by specific advertising entities. For more information about third-party advertising networks and similar entities that use these technologies, please see http://www.aboutads.info/consumers.
- Do Not Track. Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT" signals have not been adopted, our Sites do not currently process or respond to “DNT” signals.
3. How We Use Your Personal Information
We will only use your Personal Information as described in this Policy or as disclosed to you prior to such processing taking place.
a. To Provide You Our Services
We will use your Personal Information to provide information or perform Services that you request. If the applicable information is to be provided or Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing applicable Services. All third parties that we work with are contractually obligated to protect your information as disclosed in this Policy.
b. For Internal Use
We use your Personal Information for the purposes of furthering our business, including improving our Site's content and functionality by analyzing where, on which types of devices and how our Site is used, how many visitors we receive, and where they click through to the Site from. We also use it to remember you in case you re-visit our Site, so we will know if you have already been served with surveys, or (where Site content is undergoing testing) which version of the content you were served.
c. To Provide You with Service-Related Communications
We will send you administrative or account-related information to keep you updated about your account and the Services. Such communications may include information about Policy updates, confirmations of your account actions or transactions, security updates or tips or other relevant transaction-related information. We process your contact information to send you such communications. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.
d. To Provide Customer Support or Respond to You
We collect any information that you provide to us when you contact us. Without your Personal Information, we cannot respond to you or ensure your continued use and enjoyment of the Services.
e. To Ensure the Security of the Services
We care about keeping you secure and safe while using our Services. Keeping you safe requires us to process your Personal Information, such as your device information, activity information and other relevant information. We use such information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not gain access to your information. We cannot ensure the security of our Services if we do not process your Personal Information for security purposes.
f. To Enforce Compliance with Our Terms and Agreements or Policies
When you access or use our Services, you are bound to our Conditions of Use and this Policy. To ensure you comply with them, we process your Personal Information by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to: investigate, prevent or mitigate violations of our internal terms, agreements or policies and enforce our agreements with third parties and business partners.
g. To Maintain Legal and Regulatory Compliance
Our Services are subject to certain laws and regulations which may require us to process your Personal Information. For example, we process your Personal Information to pay our taxes, to fulfill our business obligations, ensure compliance with employment and recruitment laws or as necessary to manage risk as required under applicable law. Without processing your Personal Information for such purposes, we cannot perform the Services in accordance with our legal and regulatory requirements.
h. To Operate the BPme Rewards Loyalty Program
We use your information to operate the BPme Rewards loyalty program, for example to track your progress toward meeting the monthly fuel spend threshold, provide other services related to the program and ensure that the applicable Conditions of Use are observed. We also use your Personal Information related to the BPme Rewards loyalty program for the following purposes:
- To Send You Relevant Direct Marketing Communications – As part of the registration process, you will be asked to indicate your preferences for receiving BP marketing communications containing information and offers about BP products, promotions and services and those of our partners in the program. These communications may, depending on your selected preferences, be sent from BP by email, text and mail. You can opt out of receiving these direct marketing communications at any time by following the instructions set out in each marketing communication or by changing your preferences within your account settings on the app or by contacting firstname.lastname@example.org.
- To Provide You Personalized Offers – BP will use your information to analyze and understand your shopping behavior based on your purchases at BP or Amoco locations so that we can provide you with personalized BP offers and marketing communications which we think will be of interest to you. To help us better understand you as a customer, we will also analyze how you use the loyalty program and how you interact with our app and other marketing channels, including assessing the effectiveness of our offers and marketing communications. As part of this, we can show or send you tailored BP offers and advertisements when you are browsing the internet using cookies. Please visit section 2 of this Policy to find out more about our cookie usage.
- To Conduct Customer Research and Surveys – We will use your BPme Rewards data to send you invitations by email to participate in voluntary surveys so that we can improve the BPme Rewards program, our offers and customer communications.
We will also analyze and use your data (on an anonymized, aggregate level which does not identify any specific information, to carry out research into how customers are interacting with BP and the loyalty program so that we can improve our products, services, and customer communications.
4. Sharing of Your Personal Information
We may disclose your Personal Information as described below.
a. Within Our Corporate Organization
BP is a part of a corporate organization that has many legal entities, business processes, management structures and technical systems. BP may share your Personal Information within this organization to provide you with the Services and take actions based on your request. Any transfer of Personal Information within our corporate organization is done under our group-wide Binding Corporate Rules, which guarantee an adequate level of data protection wherever your data is physically kept.
b. Third Parties
We may share your Personal Information with third-party service providers acting on our behalf to help us operate our Services. These third parties can only use your data in accordance with our written instructions and must comply with the information security protections we have put in place.
c. To Maintain Legal and Regulatory Compliance
We have the right to disclose your Personal Information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on BP. If there is a takeover, sale or purchase of our business, we may disclose your Personal Information to the new (or prospective) owner of the business.
5. Security Precautions
We take precautions to protect data and information under our control from misuse, loss or alteration. Our security measures include industry-standard physical, technical and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.
Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers and other authentication information you use to access our Services.
6. International Transfers
Since BP operates globally, BP may require your Personal Information to be transferred to other countries where necessary to provide the service. Where we transfer Personal Information to other wholly-owned BP entities we have Binding Corporate Rules (BCRs) in place, which have been approved by various national regulators, in order to ensure an adequate level of protection wherever these BP entities are based.
7. Our Retention Periods
We will retain your Personal Information only for as long as is necessary in order to fulfill the purposes for which it was collected. We may retain some of your Personal Information for a longer period insofar as it may be necessary to defend or prosecute any legal claim(s).
a. Commercial Transaction Data
We are legally obliged to retain commercial transaction data for a period of 6 years. We may also continue to use the aggregated form of the data (i.e. where the data of numerous individuals is combined to prevent identification of a single person) for statistical purposes.
b. BPme Rewards Loyalty Program Data
As a general rule, we retain the information you provide when you register, together with information we collect about you and your use of the program, for the duration of your membership of the program.
8. Third-Party Websites We Link to
Our Site may contain links to third-party sites. This privacy statement does not apply to those third-party sites. We recommend that you read the privacy statements of any other sites that you visit as we cannot accept responsibility for the privacy practices of these sites which may be different to ours.
Our Services are not directed to, and we do not knowingly collect Personal Information from, children under the age of 16. If you are under 16, please do not attempt to fill out our forms or send any Personal Information about yourself to us. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information from our files.
10. Keeping Your Personal Information Accurate
We are committed to ensuring that your Personal Information is kept accurate and up to date. However, it is up to you to update it with any changes. You can update your contact details and other data via your account settings in the BPme app. Please notify us at email@example.com if there are any further changes that you would like our assistance on, providing us with sufficient information to enable us to identify you, so that any changes can be made.
11. Notice for California Residents
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), below is a summary of the Personal Information categories, as identified and defined by the CCPA (see California Civil Code section 1798.140 (o)), that we collect, the reason we collect your Personal Information, where we obtain the Personal Information, and the third parties that we share your Personal Information.
Personal Information Categories We Collect
We generally collect the following categories of Personal Information about your when you use our Services:
- identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- commercial information such as records of products or services purchased, obtained, or considered by you;
- Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our Site, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- your geolocation, to the extent you have configured your device to permit us to collect such information;
- audio recordings of your voice to the extent you call us, as permitted under applicable law; and
- inferences about your preferences, characteristics, behavior and attitudes.
We generally do not collect protected classifications about our users, biometric information, professional or employment-related information, or education-related information. For more information about the Personal Information we collect and how we collect it, please refer to sections 1 and 2 above.
Purposes for Processing Personal Information Under the CCPA
We collect your Personal Information for the business purposes described in section 3. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The following activities are considered “business purposes” under the CCPA: auditing related to a current interaction with the consumer and concurrent transactions, and auditing compliance with laws and other standards; detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, verifying customer information; repairing errors that impair existing intended functionality; Internal research for technological development; verifying or maintaining the quality or safety of, and improving, upgrading, or enhancing, a service or device that is owned, manufactured by, manufactured for, or controlled by the company.
Third Party Sharing
The categories of third parties with whom we may share your Personal Information are listed above in section 4, above.
If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, BP cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.
- Rights Against Discrimination – You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete or opt-out of sales.
- Rights to Know – You have the right to request in writing: (i) a list of the categories of personal information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties' direct marketing purposes, and (ii) the names and addresses of all such third parties. In addition, you have the right to request: (i) the categories of personal information we have collected about you, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared personal information, and (v) the specific pieces of personal information we hold about an individual. You have the right to request a copy of the specific Personal Information we collected about you during the 12 months before your request.
- Right to Delete – You have the right to request us delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
To assert your right to know or your right to delete your Personal Information, please contact us as firstname.lastname@example.org or by phone at 1-800-333-3991. To verify your identity, we may ask you to verify Personal Information we already have on file for you. If we cannot verify your identity from the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
- Rights to Opt-Out of Selling - The CCPA broadly defines “personal information” and “selling” such that sharing identifiers in a way that benefits us may be considered a sale. You have the right to opt-out of having your Personal Information sold. We do not sell your Personal Information.
Shine the Light Law
California’s “Shine the Light” law (Civil Code section 1798.83) also permits California residents once per calendar year to request and receive information about a business’ disclosure of certain categories of Personal Information to other companies for direct marketing purposes. If you are a California resident and a user of our Site, you can request a copy of this information from BP by sending an email to email@example.com.
12. How to Contact Us
If you have questions or concerns relating to the handling of your Personal Information, you can contact us by email at firstname.lastname@example.org or use the "Contact us" functionality in the Site's footer. You can also contact us by mail at BP America, Inc., Attn: Privacy Matters, 4101 Winfield Road, Warrenville, IL 60555, USA.