Site traffic information and cookies

We use cookies to collect and analyse information on our site's performance and to enable the site to function. Cookies also allow us and our partners to show you relevant ads when you visit our site and other 3rd party websites, including social networks. You can choose to allow all cookies by clicking ‘Allow all’ or manage them individually by clicking ‘Manage cookie preferences,’ where you will also find more information.

Manage cookie preferences

Skip to Main Content
  1. Home
  2. Privacy statement

Privacy statement

Last updated:
10 June 2025

Introduction

 

When you visit our website Air bp or our apps (the “Digital Asset”), contact us or use our products and services in another way, a member of the bp Group ("bp", "we", "us" or "our") will collect and process your personal information. 

 

This privacy notice ("Notice") explains what personal information we collect and process about you, how we use it, who we share it with and how long we retain it. 

 

Responsible entity

 

The legal entity that is responsible for the processing of your personal information as Data Controller is: 

Air bp Limited

Registered Address:

Chertsey Road, Sunbury upon Thames,

Middlesex TW16 7LN, 

UK, 

Registered Number: 1150609.

 

In some circumstances however, the relevant local entity of the country you are located may be the Data Controller as per local legislation. Information on the local entities can be found at https://www.bp.com/en/global/air-bp/contact-us/our-offices.html

 

Information we collect

 

Personal information means any information which can be used to identify you, directly or indirectly. Air bp collect personal information directly from you. Where this isn’t the case, we may also collect personal information from sources, such as third parties and publicly available data sources. In some circumstances, we generate the information ourselves, for instance when we create your user ID.

 

When you visit Air bp, we may process the following personal information about you.

Category Typical data points Typical sources

Biographical and Contact Data

Email Address, Name, Address and Telephone Number

You

Account Credentials

Usernames, passwords.

You / generated by us

Transaction Data

 

Details of transactions you carry out through our channels, of the fulfilment of the services we provide and payment details (where necessary).

You / generated by us

Correspondence

We will typically keep a record of correspondence with you. This may include telephone calls, which we record to assist us in training our staff and undertaking quality checks.

You / Transcripts generated by us

Professional Data

Job title, company name, company email address, business phone number, business address.

You / Third party

Preference Data

Marketing or usage preferences you provide us or that we may infer from the other data provided to us.

Generated by us / Third party

Air bp Usage Data

IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Air bp (e.g. using cookies and other trackers).

Generated by us or a third party

Cookies and other online tracking technologies 

 

We use cookies and other online trackers (e.g. web beacons, pixels, tags, and JavaScript) to collect information about your use of our Digital Assets. You can set your browser to refuse all or some trackers or to alert you when Digital Assets set or access cookies. If you disable or refuse cookies or other online trackers, please note that some parts of this Digital Asset may become inaccessible or not function properly.

 

For more information about the cookies we use, please refer to the Cookies Preferences on the Air bp websites.

 

Lawful bases

 

Where required under applicable law, we ensure that we have a lawful basis to use your personal information for the purposes outlined in this statement. In general, we will rely on one or more lawful bases described below, as available in relevant local laws:

 

  • Performance of the contract we have with you for the provision of our products or services. The terms and conditions of any relevant air bp service or scheme with us will govern often govern be the governing contract;
  • Our legitimate interests to use your personal information where it is necessary for our (or a third party’s) legitimate interests. We may only rely on that lawful basis where it is available in your local law and there is no unfair impact on your rights and freedoms;
  • Our legal obligations we also use your personal information where it is necessary to comply with the law or regulations; and
  • Your consent if you consent to the processing of your personal information in specific cases. You can withdraw your consent at any time as set out below in the section on Data Protection Rights.
  • Why we collect your information and how we use it - To make it easy to understand, we have set out in the table below why we collect and how we use your information, and the legal bases we rely on to do this. 
Purpose & processing activity Information we use Lawful basis for processing
Customer management and to operate and improve our business (including our services and products). This includes:
  • Providing information and support for you when using our products and services (Via the Aviation Help Centre)
  • Managing customer queries and complaints (Via the Aviation Help Centre)
  • corresponding with you;
  • for the management and administration of our customers and business;
  • to improve and develop our business or our offerings to you (this could include training artificial intelligence systems); and/or
  • to improve the quality, content and relevance of our communications (where you have subscribed to receive our communications) by understanding how you interact with that communication, such as whether you receive, open or click on a link within an email communication.
  • Biographical and Contact Data
  • Account Credentials
  • Air bp Usage Data
  • Professional Data
  • Preference Data
  • Correspondence

Legitimate interests (to effectively manage and provide services to you and to improve our services).

 

Where legitimate interest is not available in your local law, we rely on consent on or performance of a contract.

 

 

To verify and execute transactions you make whilst using Air bp and manage your account. Including but not limited to:

  • Ordering Fuel and finding prices
  • Manage amend or cancel fuel releases
  • Access and manage invoices and your account information
  • View and manage SAF certificates and data
  • View your existing, cancelled or suspended fuel cards
  • Cancel cards which are lost, stolen or not required
  • Manage your card address and order new cards where needed
  • Biographical and Contact Data
  • Account Credentials
  • Transaction Data

Performance of a contract

To manage and maintain Air bp. This includes:

  • ongoing review and improvement of the information provided on our Air bp page to ensure they are user friendly
  • To ensure Air bp is secure and to prevent any potential disruptions or cyber-attacks;
  • to conduct troubleshooting/ analysis required to detect malicious code/ actors and understand how this may affect your IT system; and/or
  • for statistical monitoring and analysis of current attacks on devices and systems and for the on-going adaptation of the solutions provided to secure devices and systems against current attacks.
  • We may also anonymise your personal information for this purpose.
  • Biographical and Contact Data
  • Account Credentials
  • Air bp Usage Data
  • Correspondence

Legitimate interests (maintaining and managing information technology services, network and data security and fraud prevention).

 

Where legitimate interest is not available in your local law, we may rely on consent or performance of a contract.

 

 

 

 

                                 

To operate cookies and other trackers described in the cookie preference management policy.

 
  • Account Credentials
  • Preference Data
  • Digital Asset Usage Data

 

Legitimate interest (providing necessary functionality of our Digital Asset), or consent where required under your local law.

To conduct analytics, statistics, and derive insight. This includes:

  • to understand the needs and interests of our customers;
  • to conduct market insight activities; and/or

We may also anonymise your personal information for this purpose. Where this is the case, some privacy laws will not apply.
  • Biographical and Contact Data
  • Professional Data
  • Preference Data
  • Digital Asset Usage Data
  • Correspondence

 

Legitimate interest (improving and enhancing our business model and services, better understanding our customers).

Where legitimate interest is not available in your local law, we may rely on consent or contract.

 

For legal and regulatory purposes, this includes:

  • to comply with and to assess compliance with applicable laws, rules and regulations, and internal policies and procedures;
  • to conduct KYC checks, anti-money laundering checks and other due diligence checks;
  • to prevent and detect fraud and/or other criminal activity or misconduct; and/or
  • establishment and handling of legal claims.
  • Biographical and Contact Data
  • Professional Data
  • Air bp Usage Data
  • Correspondence
  • Identification/Know Your Client Data
  • Anti Money Laundering Data
  • Transaction Data

 

Legal obligations, where the processing activity is required by law or regulation.

 

In all other cases, legitimate interests (to comply with our obligations and exercise our legal rights).

Profiling

 

We may use automated processing to apply profiles to your personal information, to personalize Air bp or its services, decide what to advertise to you and/ or as part of security threat detection and prevention.

 

Security Precautions

 

We take precautions to protect data and information under our control from misuse, loss, or alteration. Our security measures include industry-standard physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your personal information.

 

Please recognize that protecting your personal information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our services.

 

Information we share 

 

We may share your personal information with other entities within the bp group as part of our business operations including with our parent entity bp p.l.c, headquartered in the UK.

 

We may share your information with third-party recipients, such as external service providers, legal or regulatory bodies. We have contracts in place with these third parties to protect the use of your information, and any service provider we appoint is contractually required to comply with privacy laws and security measures. We set out further details about the information we share with service providers and other third parties in the table below.

Bp entities/ third party recipients Purpose Information shared
  • Other bp entities

We may share your information with other bp entities or companies that we acquire in the future after they are made part of the bp group, to the extent such sharing of information is necessary to administer and manage Air bp
  • Account administration e.g. we share your information with other bp entities as part of our business operations, including with our parent company bp plc, headquartered in the UK
  • Contact information
  • Air bp Usage information
  • Data and records management

 
  • Third party partners and service providers

We may share your personal information with third-party service providers, agents and contractors to provide services to us. Any third-party provider we appoint must protect your personal information in line with the contractually required security measures embedded into our sourcing process.

 
  • IT systems and support
  • Operation and management of our business processes
  • Contact information
  • Air bp Usage information
  • Professional advisors like lawyers and accountants

 
  • Legal and accountancy advice
  • Advice from other professional advisors e.g. we share your personal information with third parties (and their advisors) to whom we may choose to sell, transfer or merge parts of our business or our assets

 
  • Contact information
  • Air bp Usage information
  • Regulatory authorities
  • Courts
  • Other public authorities

These authorities may be situated outside your country. In these instances, the legal or regulatory authority will be considered to be a data controller (not acting on our instructions) and will be primarily responsible for deciding how your information is held and used once shared by us.
  • Regulatory and compliance e.g. we disclose your information as required by applicable laws
  • Tax
  • Conduct of complaints or legal claims e.g. we disclose your information when we believe that disclosure is necessary to protect our rights or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on bp
  • Contact information
  • Air bp Usage information

Legal and regulatory disclosures

 

As highlighted above, we may disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served to us. We may also share your personal information in connection with legal proceedings. 

 

We may also share your personal information with credit reference agencies and fraud prevention agencies for the purposes of assessing creditworthiness and product suitability, checking your identity, managing your account, and preventing criminal activity.

 

International transfers

 

As an international company, we may transfer your personal information to other bp group entities around the world. For instance, our entities based in the UK, USA or India may access information for IT support purposes. Where this is the case, we ensure that the importing country offers an adequate level of data protection compliance, or we will rely on our global compliance framework which includes appropriate data transfer measures and safeguards to ensure that we protect your personal information in accordance with applicable data protection laws. 

 

Concerning transfers between group entities, we rely on our intragroup agreement which includes the EU Commission approved standard contractual clauses and the UK IDTA, as each may be amended or updated from time to time. Where we transfer personal information to a third-party outside the bp group, we ensure that appropriate measures are in place to offer an adequate level of protection for your personal information. As above, this includes the use of approved relevant standard contractual clauses as required under applicable laws.

 

You can contact us for further information about our international transfers and the contractual safeguards we implement. 

 

Retention of your information 

 

How long we will hold your personal information will vary based on the purpose for which we are using it. We will need to keep your information for as long as is necessary for each purpose in line with our business needs, as documented in our internal policies. These may vary between jurisdictions.  For example, if you are located in the UK and we have a contract with you, we will typically retain your personal information for 6 years following the termination of that contract, unless litigation is anticipated when we will keep it longer. Whereas if you are located in Germany, we may only retain your personal information for the same purposes for 3 years. 

 

We calculate the retention period based on the time the personal information is needed to: (a) fulfil the purposes described in this Notice, (b) meet the timelines required or recommended by regulatory authorities, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.

 

There may be laws or regulations which set a minimum period for which we have to keep your personal information. We will only hold your information for the defined retention period, before anonymizing the information or deleting it. We anonymise data using a mixture of measures, including aggregating the data (for example, to make a finding about a group of people as opposed to a specific individual) or by removing any personal identifiers (for example, unique IDs or contact information) so that we can still use data to see trends and patterns but cannot link this data back to you.

 

If you choose to unsubscribe from a service, we usually keep a ‘suppression list’ containing your details so we know you have unsubscribed and ensure you are not contacted again. Your personal information held on a suppression list will not be used for any other purpose.

 

Your Rights

 

The rights set out below may apply to you depending on where you are located. 

 

For instance, if you are located in the EU/EEA/UK you are afforded all of the rights below. For other countries, you may only be afforded a subset of these rights, depending on local regulations.

 

  1. Data Protection Rights
    1. Access to your personal information.  Where applicable, you are entitled to receive a copy of personal information we hold about you. 
    2. Correction of the personal information that we hold about you. You may request that we correct any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal information we hold about you is accurate and current. Please contact us using the contact details below to update us in the event of any changes to your personal information.
    3. Erasure of your personal information. You may request that we delete or remove personal information where there is no overriding reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we are required to erase your personal information to comply our legal obligations.
    4. Restriction of processing of your personal information. You may ask to suspend the processing of your personal information in the following scenarios:
      1. If you want us to establish the data's accuracy;
      2. Where our use of the data is unlawful but you do not want us to erase it;
      3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
      4. You have objected to our use of your information, but we need to verify whether we have overriding legitimate grounds to continue to process it.
    5. Transfer of certain of your personal information to you or a third party. Where this right applies, we will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to information you provided to us and which we process on the basis of consent or where it is necessary to perform a contract with you.
    6. Withdraw consent where we are relying on consent to process your personal information. Withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Where we seek consent, it can be withdrawn by a digital consent management tool, or by sending an email to the contact details set out below. 
  2. Right to object
    Where we process your personal information based on legitimate interests, you have the right to object to such processing, including profiling on grounds relating to your particular situation, at any time.
    If you exercise your right to object, we will stop processing your personal information in that context. In some cases, however, we may demonstrate that we have compelling legitimate grounds to continue to process your personal information and if this is the case, we will inform you.
  3. Right to complain to your supervisory authority
    We are committed to working with you to resolve any complaint you may have about how we use your information. If you have any concerns or wish to make a complaint, please use the Contact Us form.
    You may have the right to complain to the relevant competent supervisory authority of the country in which you are based. 

Changes to this Notice

 

This Notice was last updated on 10/06/2025. We will update it again when necessary to reflect changes in the law and our practices. If we make a material change to this Notice, you will be provided with appropriate e-mail notice in accordance with legal requirements.

 

Review this Notice to stay informed about our collection, processing and sharing of your personal information.