Privacy

Introduction

Personal Information held by BP Australia Pty Limited (ABN 53 004 085 616) and its related companies in Australia (“BP”) will be collected, secured, maintained, used and disclosed in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APPs”) and this Privacy Policy.

This Privacy Policy broadly outlines how BP will collect and manage Personal Information (as defined below), the steps it will take to protect it, how you can access or correct Personal Information that BP holds about you and what you can do if you are unhappy with BP’s management of Personal Information.

Acknowledgement

This Privacy Policy is published on BP’s website and may be updated from time to time at BP’s discretion.  By continuing to use the website, or otherwise continuing to deal with BP, you accept this Privacy Policy as it applies from time to time.

What is personal information

“Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is in a material form or not.

The types of Personal Information that BP collects from an individual will depend on the circumstances in which the information is collected.  Generally, the types of Personal Information that BP collects include name, date of birth, gender, financial details (such as credit card details) and contact details.  If an individual applies for employment at BP or is a BP contractor, BP may also collect information relevant to the application or engagement including qualifications, resume, bank details, tax information, family details and reference information.

What is not personal information

Information where BP has removed any reference to an individual will not be Personal Information, provided that the identity of the individual can no longer be ascertained.

Personal information covered by this privacy policy

This Privacy Policy applies to all Personal Information that BP now holds or may in the future collect.  This includes information that you provide when you visit BP’s websites or third party platforms on which BP has a presence (such as social media), order products or services, enter a competition or promotion or otherwise submit information to BP (such as by filling in a form or responding to a survey).

Dealer owned and operated BP branded service stations are responsible for their own privacy practices.  Use of Personal Information by those dealers will be governed by the respective privacy policies of those dealers.

Where applicable, BP will handle Personal Information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.  This Privacy Policy generally does not apply to BP employees.

Personal information BP collects and holds

BP collects Personal Information through various avenues in the course of conducting its businesses, including:
  • directly from you when you provide Personal Information to BP or its agents or contractors, for example when you are involved in acquiring goods or services from BP or supplying goods or services to BP;
  • directly from you via BP websites and third party websites that BP has a presence on (including social media pages and other social media applications), service centres or call centres;
  • directly from you when you enter a trade promotion or competition;
  • from publically available sources (including social media pages and third parties who host or analyse data relating to social media applications);
  • from related companies;
  • from third parties, for example service providers who assist BP to manage consumer relationships;
  • from our commercial partners and third parties who are involved in providing any benefit, reward or service to you (either directly or on our behalf); and
  • via security video and audio surveillance at BP sites.
Where reasonable and practical, BP will collect Personal Information directly from the individual and inform the individual that this is being done.

BP does not generally require individuals to disclose “Sensitive Information”, which includes health information about individuals and information about an individual’s race, religion, criminal record, sexual orientation or beliefs.  In some limited circumstances, BP may ask for your consent to collect sensitive information about you, such as if BP requests that you agree to a background check or national police check in connection with applying for employment at BP.

If you disclose sensitive information to BP for any reason, you consent to BP collecting the information and using and disclosing it for the purpose for which it was disclosed and as permitted by the Privacy Act and other relevant laws.

Unsolicited personal information

If BP receives Personal Information where it has taken no steps to collect the information, then within a reasonable time it will decide whether it could, under the APPs, have solicited that Personal Information itself.

If BP determines that it would not, under the APPs, have been permitted to solicit the Personal Information, BP will as soon as practical (where lawful and reasonable to do so) destroy or de-identify that unsolicited Personal Information. If BP could, under the APPs, have solicited the Personal Information then BP may use and disclose the Personal Information for the purpose for which it was disclosed and as permitted by the Privacy Act and other relevant laws.

Use and disclosure of personal information

The purpose for which BP uses and discloses Personal Information will depend on the circumstances in which it is collected.  Generally, BP may use or disclose Personal Information:
  • for the purposes for which it was collected;
  • for a related secondary purpose, if the use or disclosure could be reasonably expected (e.g. disclosure to a delivery contractor for the purpose of delivering goods ordered from BP);
  • for other purposes to which an individual has consented; and
  • as otherwise authorised or required by law.
Specific purposes for which BP may use or disclose Personal Information include the purposes of:
  • supplying good or services to, or acquiring good or services from, an individual or organisation;
  • to improve BP’s products and services;
  • contacting individuals for marketing purposes;
  • considering you for a position (e.g. as an employee or contractor) at BP and, if applicable, subsequently administering and managing BP’s engagement or employment of you (including in relation to training, performance management and disciplinary action if required);
  • for individuals that are an employee or contractor of any of our dealers, distributors, suppliers or customers, to transact with you, your employer or the party that is engaging you as a contractor and to manage our relationship with you, your employer or the party that is engaging you as a contractor;
  • responding to an enquiry by an individual;
  • to administer a trade promotion or competition; and
  • to maintain security over BP premises and systems.
BP may disclose Personal Information locally and overseas to other parties including its related companies and to any agent, contractor or third party who provides administrative or other services to BP or its related companies.

BP will, where commercially practical, require that any third party to whom Personal Information is disclosed will treat the Personal Information in a manner that is consistent with the APPs.

BP may disclose Personal Information to third parties, such as law enforcement agencies or government authorities, without authorisation in some circumstances, in accordance with the APPs.  This may include disclosing your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on BP.  In the event that BP (or one of its businesses) is subject to a takeover, divestment or acquisition, BP may disclose your Personal Information to the new owner of the business.

BP will not sell your Personal Information to a third party without your consent.  BP may sell de-identified, aggregated data to third parties that cannot be used to specifically identify an individual.

BP programs and initiatives

BP or its related companies may, from time to time, offer or make available specific programs, initiatives, schemes or mobile applications to its customers (or to certain types of customers, such as BP’s business, corporate and government customers).  Examples of BP’s programs include the BP Plus card, the BP Regional card and the BPme mobile application.  Details of these programs can be found on BP’s website.

Where you (or your employer on your behalf, if applicable) elect to participate in such programs, BP will collect additional Personal Information about you as a result of your participation.  This may include details of your transactions (including the value, number and types of products and services purchased), the time and location of each transaction and details of any BP locations that you mark as a favourite or nearby location.  BP will use and disclose this additional Personal Information in accordance with this Privacy Policy.

Other specific collections, uses and disclosures

Where BP holds Personal Information about you that it has collected from different sources, BP may combine this personal information into a single record or collection of linked records.  BP may also combine or share any information that we collect from you with information collected by any of our related bodies corporate (whether within Australia or overseas).

BP may then use and disclose this combined set of information to:
  • assess and determine your likely preferences and needs and to develop other insights about you;
  • tailor or personalise our products and services for you; and
  • deliver communications and information and provide you with offers that BP thinks are relevant and may be of interest to you.
We may disclose this information to our service providers so that they can conduct customer and data analytics on our behalf.

Where you are a member of a customer loyalty program that BP participates in, BP may also collect additional Personal Information about you from the operator or manager of, or other participants in, these customer loyalty programs.  BP may then combine this additional personal information with the Personal Information that BP already holds about you and use and disclose this combined set of Personal Information to:
  • send you additional personalised or tailored offers and other communications that are relevant to your membership of that customer loyalty program; and
  • provide you with rewards, bonus points and other benefits in connection with your membership of that customer loyalty program.
We may also disclose Personal Information about you to the operator or manager of, or other participants in, these customer loyalty programs, who may use this information to send marketing or other communications to you (including on BP’s behalf) and to personalise or tailor their own offers, rewards, bonus points or other benefits for you.

Disclosure outside Australia

In the ordinary course of business, BP may disclose Personal Information to third parties for use in the following countries: New Zealand, the United States, the United Kingdom, the European Union, Malaysia, Singapore, the Philippines and India.

Personal Information held by BP may also be disclosed to companies in the global BP group for specific purposes on particular occasions.  Those companies may be in any of a large number of countries around the world.

Direct marketing

BP may send marketing communications in line with your previously expressed marketing preferences or as otherwise permitted under the Privacy Act and other relevant laws, such as the Spam Act 2003 (Cth).  These marketing communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws.

If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.  Individuals who do not wish to receive such communications can contact BP at privacyofficer@bp.com to modify their preferences, or follow the opt-out instructions contained in each marketing communication.

If you have consented to receiving marketing materials from the operator or manager of, or other participants in, any customer loyalty programs that BP participates in or from other third parties who provide any benefit, reward or service to you, then these parties may use the personal information that we disclose to them (together with any other personal information held by those third parties about you) to send personalised offers directly to you in relation to their own products and services and/or in relation to our products and services (when those offers are sent to you by those third parties on our behalf).

Newsletters

Where you have subscribed to receive our newsletter(s), we are able to ensure you receive further relative and informative communications by following your interactions with that communication, such as whether you receive, open or click on a link within an email communication. We offer you an ability to unsubscribe in all our further communications.

BP websites

BP’s privacy policy also applies to its websites, including the Australian section of our main website at www.bp.com/en_au/australia.html and BP’s careers page https://www.bp.com/en/global/bp-careers/professionals/locations/australia-2017.html.

As the internet is not always a secure environment, BP cannot provide any assurance regarding the security of transmission of information you communicate to us online.  BP also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet.  Accordingly, any personal information or other information which you send or transmit to BP online is transmitted at your own risk.

However, once BP has received your Personal Information, BP will take appropriate security measures to prevent unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss of Personal Information once it is under BP’s control.

Cookies

BP uses, accesses and stores “cookies” and similar technology on its websites and in other technology applications.  These cookies involve ‘first party’ cookies created by or on behalf of BP as well as ‘third party’ cookies created by other websites and third parties including advertisers. The use of such technologies is an industry standard, and helps BP monitor the effectiveness of its advertising and how visitors use its websites/applications.  BP uses such technologies to generate statistics, measure activity, improve the usefulness of its websites/applications and enhance the user experience.

Individuals who prefer not to receive cookies can adjust their Internet browser to refuse cookies or warn when cookies are used.  However, BP websites may not function optimally without cookies.

When BP websites are accessed, BP may deliver customised information, including ads, to individuals based on the data stored in a cookie.  Third party vendors may serve BP ads on Internet sites based on a user’s prior visits to BP websites and other Internet activity.  BP may also use analytics data supplied by third party vendors to inform and optimise its ad campaigns.

Links

Our website may contain links to content or other functionality provided by third parties which are outside our control and are not covered by BP’s privacy policy.  If you access other websites using links or use other functionality provided by third parties, the operators of those websites may collect information from or about you which will be used by them in accordance with their respective privacy policies, which may differ from ours.  Third party websites are responsible for informing you about their own privacy practices.  We encourage you to read those providers’ privacy policies on their websites.  BP makes no representations or warranties in relation to the privacy practices of any third party website and BP is not responsible or liable for the privacy policies and practices or the content of any third party website

Security of personal information

The security of Personal Information is important to BP and it takes reasonable steps to ensure that the Personal Information it holds is secure.  However, except to the extent liability cannot be excluded due to the operation of statute, BP excludes all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of Personal Information.  Nothing in this Privacy Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law including the Competition and Consumer Act 2010 (Cth).

Individuals should notify BP immediately if they become aware of any breach of security.

Where Personal Information is no longer needed for any purpose for which BP is authorised to use it and there is no legal requirement for BP to keep it, BP will take reasonable steps to destroy or de-identify Personal Information.

Accessing & seeking correction of your personal information

You may request access to, or correction of, your Personal Information held by BP by sending a written request to the BP Privacy Officer – see the “Contact BP” section below.

If you make a written request for access to Personal Information held by BP, BP will respond to such request within 30 days and, where reasonable and practical, give access to the Personal Information in the manner requested by you.  However, BP may refuse a request for access to Personal Information where it is legally entitled to do so and, where reasonable, it will provide the reasons for this.  For example, we may need to refuse access if granting access would interfere with the privacy of others.

BP may require the person requesting access to provide suitable identification and, where permitted by law, may charge a fee for giving access to Personal Information in response to an individual’s request.  The fee (if any) will be disclosed prior to providing the requested information and the costs being incurred.  Any such fee will not be excessive and will relate to the reasonable costs incurred in responding to the request, not to making the request itself.

BP will take reasonable steps to ensure that the Personal Information it collects is accurate, up-to-date and complete.  BP is committed to ensuring that your Personal Information is kept accurate and up to date.  However, BP can only make changes to your Personal Information if you notify us of any inaccuracies or changes, or if BP otherwise becomes aware that your Personal Information is no longer accurate.  While BP takes reasonable steps to ensure the Personal Information that it uses or discloses is accurate, up-to-date, complete and relevant, it is also your responsibility to let us know if there are inaccuracies in or changes to your Personal Information. 

Correction of Personal Information may be requested by contacting the BP Privacy Officer at the address set out in the “Contact BP” section below.  If BP refuses to correct Personal Information in response to a request it will, where reasonable, provide a written notice setting out the reasons for refusal and what mechanisms are available for you to complain about BP’s refusal to correct your Personal Information.  In this situation an individual may request BP to append a statement to their Personal Information that there is a dispute as to its accuracy.

Complaining about a breach of the APPs

Complaints regarding a breach of the Privacy Act, the APPs or this Privacy Policy should be directed to the BP Privacy Officer – see the “Contact BP” section below.  BP is entitled to verify the identity of the complainant and will reply to the enquiry within 30 days.  If the complaint is not resolved in a manner acceptable to the individual the complaint may be submitted to the Office of the Australian Information Commissioner.  For more information please refer to the Office of the Australian Information Commissioner website.

Contact BP

Please contact the BP Privacy Officer in relation to privacy matters:
Email: privacyofficer@bp.com
Mail: BP Privacy Officer, BP Australia Pty Ltd, GPO Box 5222, Melbourne VIC 3000
Phone: 1300 130 027

Changes to & date of privacy policy

BP reserves the right to review and update this Privacy Policy from time to time.  BP will place any updates on this webpage.  By continuing to use this website after such changes have been made, you acknowledge and agree you have read, understood and accept the changes.

This Privacy Policy was last updated on 16 November 2017.

BP data privacy rules

In addition to the commitments set out in this privacy statement BP has created a set of global data privacy rules which apply to the processing of all Personal Information by BP.