What is personal information
“Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is in a material form or not. The types of Personal Information that BP collects from an individual will depend on the circumstances in which the information is collected. Generally, the types of Personal Information that BP collects include name, date of birth, gender, financial details (such as credit card details) and contact details. If an individual applies for employment at BP or is a BP contractor, BP may also collect information relevant to the application or engagement including qualifications, resume, bank details, tax information, family details and reference information.
What is not personal information
Information where BP has removed any reference to an individual will not be Personal Information, provided that the identity of the individual can no longer be ascertained.
Personal information BP collects and holds
BP collects Personal Information through various avenues in the course of conducting its businesses, including:
- directly from individuals when they provide Personal Information to BP or its agents or contractors, for example when the individual is involved in acquiring goods or services from BP or supplying goods or services to BP;
- directly from individuals via BP websites (including social media pages), service centres or call centres;
- directly from individuals when they enter a trade promotion or competition;
- from publically available sources;
- from related companies;
- from third parties, for example service providers who assist BP to manage consumer relationships; and
- via security video surveillance at BP sites.
Where reasonable and practical, BP will collect Personal Information directly from the individual and inform the individual that this is being done. BP does not generally require individuals to disclose “Sensitive Information”, for example information about an individual’s race, religion, sexual orientation or beliefs. If an individual discloses sensitive information to BP for any reason, that individual consents to BP collecting the information and using and disclosing it for the purpose for which it was disclosed and as permitted by the Privacy Act and other relevant laws.
Unsolicited personal information
If BP receives Personal Information where it has taken no steps to collect the information, then within a reasonable time it will decide whether it could, under the APPs, have solicited that Personal Information itself. If BP determines that it would not, under the APPs, have been permitted to solicit the Personal Information, BP will as soon as practical (where lawful and reasonable to do so) destroy or de-identify that unsolicited Personal Information. If BP could, under the APPs, have solicited the Personal Information then BP may use and disclose the Personal Information for the purpose for which it was disclosed and as permitted by the Privacy Act and other relevant laws.
Use and disclosure of personal information
The purpose for which BP uses and discloses Personal Information will depend on the circumstances in which it is collected. Generally, BP may use or disclose Personal Information:
- for the purposes for which it was collected;
- for a related secondary purpose, if the use or disclosure could be reasonably expected (e.g. disclosure to a delivery contractor for the purpose of delivering goods ordered from BP);
- for other purposes to which an individual has consented; and
- as otherwise authorised or required by law.
Specific purposes for which BP may use or disclose Personal Information include the purposes of:
- supplying good or services to, or acquiring good or services from, an individual or organisation;
- to improve BP’s products and services;
- contacting individuals for marketing purposes;
- considering an individual for a position (e.g. as an employee or contractor) at BP;
- responding to an enquiry by an individual;
- to administer a trade promotion or competition; and
- to maintain security over BP premises and systems.
BP may disclose Personal Information locally and overseas to other parties including its related companies and to any agent, contractor or third party who provides administrative or other services to BP or its related companies. BP will, where commercially practical, require that any third party to whom Personal Information is disclosed will treat the Personal Information in a manner that is consistent with the APPs. BP may disclose Personal Information to third parties, such as law enforcement agencies or government authorities, without authorisation in some circumstances, in accordance with the APPs. BP will not sell Personal Information to a third party without the consent of the individuals to whom the Personal Information applies. BP may sell de-identified, aggregated data to third parties that cannot be used to specifically identify an individual.
Disclosure outside Australia
In the ordinary course of business, BP may disclose Personal Information to third parties for use in the following countries: New Zealand, United States, United Kingdom, Malaysia, the Philippines, India. Personal Information held by BP may also be disclosed to companies in the global BP group for specific purposes on particular occasions. Those companies may be in any of a large number of countries around the world.
BP may send marketing communications in line with an individual’s previously expressed marketing preferences or as otherwise permitted under the Privacy Act and other relevant laws. Individuals who do not wish to receive such communications, can contact BP at firstname.lastname@example.org to modify their preferences, or follow the opt-out instructions contained in each marketing communication.
Where you have subscribed to receive our newsletter(s), we are able to ensure you receive further relative and informative communications by following your interactions with that communication, such as whether you receive, open or click on a link within an email communication. We offer you an unsubscribe in all our further communications.
Security of personal information
Accessing & seeking correction of your personal information
An individual may request access to, or correction of, their Personal Information held by BP by sending a written request to the BP Privacy Officer – see the “Contact BP” section below. If an individual makes a written request for access to Personal Information held by BP, BP will respond to such request within 30 days and, where reasonable and practical, give access to the Personal Information in the manner requested by the individual. However, BP may refuse a request for access to Personal Information where it is legally entitled to do so and, where reasonable, it will provide the reasons for this. BP may require the person requesting access to provide suitable identification and, where permitted by law, may charge a fee for giving access to Personal Information in response to an individual’s request. The fee (if any) will be disclosed prior to providing the requested information and the costs being incurred. Any such fee will not be excessive and will relate to the reasonable costs incurred in responding to the request, not to making the request itself. BP will take reasonable steps to ensure that the Personal Information it collects is accurate, up-to-date and complete. Correction of Personal Information may be requested by contacting the BP Privacy Officer at the address set out in the “Contact BP” section below. If BP refuses to correct Personal Information in response to a request it will, where reasonable, provide a written notice setting out the reasons for refusal. In this situation an individual may request BP to append a statement to their Personal Information that there is a dispute as to its accuracy.
Complaining about a breach of the APPs