The Vitol Group is committed to protecting and respecting your privacy.
When we mention “Vitol”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Vitol Group responsible for processing your personal data (sometimes referred to in this notice as “personal information”).
This privacy notice explains how and why Vitol uses personal data when you visit our website (www.vitol.com ), regardless of where you visit from, purchase goods or services from us or otherwise communicate or engage with us.
Vitol collects and uses limited personal data about individuals save for its employees. Where it does use such personal data, this will normally be incidental to a corporate relationship with a customer or supplier or where we work with nominated contacts at such organisations who hold relevant positions, such as a contract manager, counterparty contact or key decision makers in respect of our business relationship. In this case we will use work based contact information about you to liaise and keep in touch with you, as a representative of your employer or organisation in relation to our business relationship with them.
Vitol cannot identify you personally as a user of its website and save for dealing with any cyber security incident investigation, will not try to identify you from any online identifiers like your IP address.
Vitol may obtain personal data about you otherwise where:
The relationship we have with you will dictate what, if any, personal data we collect about you and why we use it.
We will sometimes obtain personal data from other sources, such as from your employer, other third parties or publicly available online sources or official records. Detailed information about the sources of your personal information are set out here.
We process your personal data for many different purposes when you visit our website (www.vitol.com ), purchase goods or services from us, supply goods or services to us or otherwise communicate or engage with us.
We are required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal data. You can read more about what we process your data for, and the lawful bases on which we rely for such processing, in the table below.
For some processing activities, we consider that more than one lawful basis may be relevant depending on the circumstances. Use on the basis of “legal obligation” means to comply with a legal obligation to which we are subject. Use on the basis of our legitimate interests means where we have a fair, proportionate and overriding lawful business reason to use your details. This will primarily be where by using the information, we learn about you or develop our relationship, so we can work together more closely and better, or make sound business decisions involving or affecting you.
We may convert your personal data into statistical or aggregated form, or de-identify it, to better protect your privacy, or so that you are not identified or identifiable from it. We may use it to conduct research and analysis, including to produce statistical research and reports.
We are required by law to treat certain categories of personal data with even more care than usual. These are called sensitive or special categories of personal data and additional different lawful bases apply to them. This is rarely relevant but unusually may arise where we handle your passport and visa details and they reveal information about your race or ethnicity, or where KYC/AML checks reveal any criminal issues, or where we learn health related information about you when organising events in which you wish to participate and where we need details to ensure you can take part.
Detailed information is available here.
We take our security obligations seriously and we take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
We will keep your personal data during the period of your relationship with us and then, after that period ends, for as long as is necessary in connection with both our and your legal rights and obligations. This may mean that we keep some types of personal data for longer than others but we will only retain your personal data for a limited period of time. This period will depend on a number of factors, including:
Inside the Vitol group
The Vitol Group includes companies and operations around the world. We may need to share your personal data with other companies in the Vitol group:
Access rights between members of the Vitol group are limited and granted only on a need to know basis, depending on job functions and roles.
Where any Vitol group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to protect your personal data. In addition, we will enter into a written contract imposing appropriate security standards on them and, if your personal data is transferred to a Vitol group company outside the EEA, we will put in place appropriate safeguards to ensure the protection of such data.
Outside the Vitol group
From time to time we may ask third parties to carry out certain business functions for us, such as helping to organise our events. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them. Examples of these third party service providers include service providers and/or sub-contractors, such as our IT support, back up and server hosting providers.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, in particular:
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
We may also share your personal data with third parties, as directed by you.
If any of our processing activities require your personal data to be transferred outside the EEA, we will only make that transfer if:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have certain legal rights, which are summarised in the table below, in relation to any personal data about you which we hold. Your ability to exercise these rights will naturally be limited where we incidentally use limited business-related personal data in business records and business communications which we need to retain.
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
You can exercise these rights at any time by contacting us at firstname.lastname@example.org.
Detailed information regarding your rights can be found here.
If any of the personal information you give us changes, or something is incorrect (e.g. your contact details), please inform us without delay.
If you are based in the European Union, you also have the right to lodge a complaint with your local data protection regulator. We would, however, appreciate the chance to deal with your concerns before you approach them so please contact us in the first instance at email@example.com.
If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any issues or concerns with us, please contact us on firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Click here to read our glossary.