Privacy and data protection laws protect the integrity and confidentiality of a person’s private information. Statoil is committed to protecting the privacy rights of our employees and everyone with whom we do business. We will only use personal data for appropriate purposes, and personal data will be processed in accordance with applicable data protection regulation and Statoil’s binding corporate rules.
Statoil’s processing of Personal Data
Statoil processes personal data about employees, external consultants and employees of contractors working from Statoil premises or in Statoil systems. Statoil also processes personal data about data subjects who are not employed or engaged by Statoil (see more information below).
Statoil will always process personal data fairly and lawfully, and only for a specified, explicit and legitimate purpose or as required by law.
Statoil will ensure appropriate information security related to confidentiality, integrity and availability. Personal data will be retained only for the period that is required to serve the legitimate purpose.
Third party service providers may process personal data on behalf of Statoil within various areas. Statoil will implement adequate safeguards in accordance with applicable law to protect your personal data processed by third party service providers.
Statoil also processes personal data about data subjects that are not employed or engaged by Statoil, for these purposes:
- Integrity Due Diligence
Statoil has established an extensive Integrity Due Diligence (IDD) process. The IDD process includes collecting information to help us understand who our counterparties are, their values and how their business is conducted. In some instances, the IDD may also include the processing of personal data. More information about IDD can be found here.
- Ethics Helpline
Statoil has set up an Ethics Helpline where employees and external third parties interacting with us can raise concerns or report any suspected or potential breaches of law or company policies. More information about the Ethics Helpline can be found here.
- Local Grievance Mechanisms
In some countries, Statoil has established local grievance mechanisms in order to receive, investigate and respond to grievances from individuals, communities, or their representatives about Statoil or its contractors’ activities adverse impact on communities or individuals.
To ensure regulatory compliance with Norwegian and international regulations on sanctions, as well as ensuring compliance with anti-money-laundering regulation, Statoil may perform a screening of external third parties with whom Statoil has relations.
Transfer of Personal Data
Statoil has established Binding Corporate rules (BCR) to provide Statoil with a legal basis for transfer of personal data within the Statoil group to Statoil companies outside of EU/EEA. The BCRs will apply to all personal data, within the Statoil group, which are protected by applicable EU data protection law. You can find a summary of the BCRs here.
Statoil will ensure that the European rules on trans-border data flows are complied with when personal data are transferred to external processors (outside of the Statoil group) located outside of EU/EEA or located in a country that is not recognised by the EU Commission as ensuring an adequate level of protection.
How to exercise your rights as a data subject.
National and international data protection gives rights to data subjects. Please refer to these regulations for further information about your rights.
If you have questions or want to exercise your rights as a data subject, please contact the Data Protection Officer in Statoil (email address: firstname.lastname@example.org )