This Policy applies to all Personal Information collected during any written, electronic, and oral communications or collected online (collectively, the “Services”), which include: the website located https://www.bp.com and all corresponding webpages and websites that link to this Policy ("Site"); bp mobile, web, console, desktop and other applications, including BPme Rewards (e.g., Apple iOS Apps, etc.) (collectively and individually, "BP App"); and any other content, applications, features, functionality, information and services offered by us though the Site and/or the bp Apps.
Use of our Services is subject to our Conditions of Use, which you can view here: https://www.bp.com/en_us/united-states/home/legal-notice.html (“Conditions of Use”) and this Policy. Please read the Conditions of Use and this Policy carefully before you use our Services. By using our Services, you accept the Conditions of Use and accept our privacy practices described in this Policy. If you cannot accept the Conditions of Use and the practices outlined in this Policy, you must not use or access our Services.
We may modify this Policy at any time, without prior notice, and changes may apply to any Personal Information we already hold about you, as well as any new Personal Information collected after the Policy is modified. If we make changes, we will notify you by revising the date at the top of this Policy. We will provide you with advanced notice if we make any material changes to how we collect, use or disclose your Personal Information that impact your rights under this Policy. If you continue to access or use our Services after receiving the notice of changes, you acknowledge your acceptance of the updated Policy.
In addition, we may provide you with real time disclosures or additional information about the Personal Information handling practices of specific parts of our Services. Such notices may supplement this Policy or provide you with additional choices about how we process your Personal Information.
We collect Personal Information when you use our Services, create an account with us or submit Personal Information to us. Personal Information is any information that relates to you, identifies you personally or could be used to identify you, such as your user ID, name, email address, phone number, address and payment account number. The types of Personal Information that we may collect about you include, but are not limited to:
a. Information You Voluntarily Provide to Us on Our Services
If you decide to contact us or make use of personalized services (e.g. by filling in a form on our Site), then you will be asked to submit limited Personal Information which is necessary for us to provide applicable Services to you. Providing Personal Information this way is voluntary. If any form which collects your Personal Information allows you to voluntarily provide additional information, we seek this information because we think it will help us to give you a better-quality service. You do not have to provide such information if you do not wish to do so.
b. Information You Provide to Us Through the BPme Rewards Program
When you first register for BPme Rewards, BP must collect Personal Information so that you can participate in our loyalty program. We require your name, email address and a mobile phone number to operate the program. This information will be used to establish an account for you and to email you a unique password so that you can access your BPme Rewards account. Once you have received your password and access to your account, you have the choice to provide your mailing address to help us deliver more relevant and personalized offers and marketing communications. You will also be asked whether you would like to receive email or text message marketing communications from BP. When you use BPme Rewards we will collect information relating to the purchases and transactions you undertake at BP locations to operate the loyalty program.
c. Information You Provide to Our Affiliates and Subsidiaries
We may get your Personal Information from a company controlled by or under common control with BP.
d. Site Traffic Information and Cookies
When you use the Services online or through our mobile app, we automatically collect information about the Services you use and how you use them by using cookies, tags, and similar technologies to automatically collect information in connection with our Services. To learn more about our usage of the cookies and other tracking technologies, please see section 2 below.
The cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s system to recognize your browser and remember certain information.
Generally, we use first-party and third-party cookies for the following purposes: to make our Services function properly; to provide a secure browsing experience during your use of our Services; to collect passive information about your use of our Services; to measure how you interact with our marketing campaigns; to help us improve our Services; and to remember your preferences for your convenience.
We use the following types of cookies on our Services:
b. Other Tracking Technologies
To see how successfully our marketing campaigns or other Site goals are performing we sometimes use conversion pixels, which fire a short line of code to tell us when you have clicked on a particular button or reached a particular page (e.g. a thank you page once you have completed the procedure for subscribing to one of our services or have completed one of our forms). We also use web pixels to analyze usage patterns on our Site. The use of a pixel allows BP to record that a particular device, browser, or application has visited a particular webpage.
c. Your Choices – Depending on whether you would like to manage a first-party or third-party cookie, you will need to take the following steps:
We will only use your Personal Information as described in this Policy or as disclosed to you prior to such processing taking place.
a. To Provide You Our Services
We will use your Personal Information to provide information or perform Services that you request. If the applicable information is to be provided or Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing applicable Services. All third parties that we work with are contractually obligated to protect your information as disclosed in this Policy.
b. For Internal Use
We use your Personal Information for the purposes of furthering our business, including improving our Site's content and functionality by analyzing where, on which types of devices and how our Site is used, how many visitors we receive, and where they click through to the Site from. We also use it to remember you in case you re-visit our Site, so we will know if you have already been served with surveys, or (where Site content is undergoing testing) which version of the content you were served.
c. To Provide You with Service-Related Communications
We will send you administrative or account-related information to keep you updated about your account and the Services. Such communications may include information about Policy updates, confirmations of your account actions or transactions, security updates or tips or other relevant transaction-related information. We process your contact information to send you such communications. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.
d. To Provide Customer Support or Respond to You
We collect any information that you provide to us when you contact us. Without your Personal Information, we cannot respond to you or ensure your continued use and enjoyment of the Services.
e. To Ensure the Security of the Services
We care about keeping you secure and safe while using our Services. Keeping you safe requires us to process your Personal Information, such as your device information, activity information and other relevant information. We use such information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not gain access to your information. We cannot ensure the security of our Services if we do not process your Personal Information for security purposes.
f. To Enforce Compliance with Our Terms and Agreements or Policies
When you access or use our Services, you are bound to our Conditions of Use and this Policy. To ensure you comply with them, we process your Personal Information by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to: investigate, prevent or mitigate violations of our internal terms, agreements or policies and enforce our agreements with third parties and business partners.
g. To Maintain Legal and Regulatory Compliance
Our Services are subject to certain laws and regulations which may require us to process your Personal Information. For example, we process your Personal Information to pay our taxes, to fulfill our business obligations, ensure compliance with employment and recruitment laws or as necessary to manage risk as required under applicable law. Without processing your Personal Information for such purposes, we cannot perform the Services in accordance with our legal and regulatory requirements.
h. To Operate the BPme Rewards Loyalty Program
We use your information to operate the BPme Rewards loyalty program, for example to track your progress toward meeting the monthly fuel spend threshold, provide other services related to the program and ensure that the applicable Conditions of Use are observed. We also use your Personal Information related to the BPme Rewards loyalty program for the following purposes:
We will also analyze and use your data (on an anonymized, aggregate level which does not identify any specific information, to carry out research into how customers are interacting with BP and the loyalty program so that we can improve our products, services, and customer communications.
We may disclose your Personal Information as described below.
a. Within Our Corporate Organization
BP is a part of a corporate organization that has many legal entities, business processes, management structures and technical systems. BP may share your Personal Information within this organization to provide you with the Services and take actions based on your request. Any transfer of Personal Information within our corporate organization is done under our group-wide Binding Corporate Rules, which guarantee an adequate level of data protection wherever your data is physically kept.
b. Third Parties
We may share your Personal Information with third-party service providers acting on our behalf to help us operate our Services. These third parties can only use your data in accordance with our written instructions and must comply with the information security protections we have put in place.
c. To Maintain Legal and Regulatory Compliance
We have the right to disclose your Personal Information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on BP. If there is a takeover, sale or purchase of our business, we may disclose your Personal Information to the new (or prospective) owner of the business.
We take precautions to protect data and information under our control from misuse, loss or alteration. Our security measures include industry-standard physical, technical and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.
Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers and other authentication information you use to access our Services.
We will retain your Personal Information only for as long as is necessary to fulfill the purposes for which it was collected. We may retain some of your Personal Information for a longer period insofar as it may be necessary to defend or prosecute any legal claim(s).
a. Commercial Transaction Data
We are legally obliged to retain commercial transaction data for a period of 6 years. We may also continue to use the aggregated form of the data (i.e. where the data of numerous individuals is combined to prevent identification of a single person) for statistical purposes.
b. BPme Rewards Loyalty Program Data
As a general rule, we retain the information you provide when you register, together with information we collect about you and your use of the program, for the duration of your membership of the program.
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), below is a summary of the Personal Information categories, as identified and defined by the CCPA (see California Civil Code section 1798.140 (o)), that we collect, the reason we collect your Personal Information, where we obtain the Personal Information, and the third parties that we share your Personal Information.
Personal Information Categories We Collect
We generally collect the following categories of Personal Information about your when you use our Services:
We generally do not collect protected classifications about our users, biometric information, professional or employment-related information, or education-related information. For more information about the Personal Information we collect and how we collect it, please refer to sections 1 and 2 above.
Purposes for Processing Personal Information Under the CCPA
We collect your Personal Information for the business purposes described in section 3. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The following activities are considered “business purposes” under the CCPA: auditing related to a current interaction with the consumer and concurrent transactions, and auditing compliance with laws and other standards; detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, verifying customer information; repairing errors that impair existing intended functionality; Internal research for technological development; verifying or maintaining the quality or safety of, and improving, upgrading, or enhancing, a service or device that is owned, manufactured by, manufactured for, or controlled by the company.
Third Party Sharing
The categories of third parties with whom we may share your Personal Information are listed above in section 4, above.
If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, BP cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.
To assert your right to know or your right to delete your Personal Information, please contact us as firstname.lastname@example.org or by phone at 1-800-333-3991. To verify your identity, we may ask you to verify Personal Information we already have on file for you. If we cannot verify your identity from the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
Shine the Light Law
California’s “Shine the Light” law (Civil Code section 1798.83) also permits California residents once per calendar year to request and receive information about a business’ disclosure of certain categories of Personal Information to other companies for direct marketing purposes. If you are a California resident and a user of our Site, you can request a copy of this information from BP by sending an email to email@example.com.