Privacy and data protection laws protect the integrity and confidentiality of a person’s private information. Equinor is committed to protecting the privacy rights of our employees and everyone with whom we do business. We will only use personal data for appropriate purposes, and personal data will be processed in accordance with applicable data protection regulation and Equinor's binding corporate rules.
Equinor’s processing of Personal Data
Equinor processes personal data about employees and external consultants working from Equinor premises or in Equinor systems. Equinor also processes personal data about data subjects who are not employed or engaged by Equinor (see more information below).
Equinor will always process personal data fairly and lawfully, and only for a specified, explicit and legitimate purpose or as required by law.
Equinor will ensure appropriate information security related to confidentiality, integrity and availability. Personal data will be retained only for the period that is required to serve the legitimate purpose.
Third party service providers may process personal data on behalf of Equinor within various areas. Equinor will implement adequate safeguards in accordance with applicable law to protect your personal data processed by third party service providers.
Equinor also processes personal data about data subjects that are not employed or engaged by Equinor for these purposes:
- Procurement Related Matters
Equinor processes personal data necessary in order to procure goods and services from suppliers and contractors.
- Integrity Due Diligence
Equinor has established an extensive Integrity Due Diligence (IDD) process. The IDD process includes collecting information to help us understand who our counterparties are, their values and how their business is conducted. In some instances, the IDD may also include the processing of personal data. More information about IDD can be found here.
- Ethics Helpline
Equinor has set up an Ethics Helpline where employees and external third parties interacting with us can raise concerns or report any suspected or potential breaches of law or company policies. More information about the Ethics Helpline can be found here.
- Local Grievance Mechanisms
In some countries, Equinor has established local grievance mechanisms in order to receive, investigate and respond to grievances from individuals, communities, or their representatives about Equinor or its contractors’ activities adverse impact on communities or individuals.
To ensure regulatory compliance with Norwegian and international regulations on sanctions, as well as ensuring compliance with anti-money-laundering regulation, Equinor may perform a screening of external third parties with whom Equinor has relations.
COLLECTION OF PERSONAL DATA
The personal data Equinor may collect and hold about data subjects includes:
- contact information such as name and address, telephone numbers and email address;
- details about an individual’s work experience and qualifications, date of birth, driver’s licence details;
- screening-related information; and
- business details, including the names of relevant office holders of a company and business numbers.
Personal data may be collected in a number of ways, including:
- directly by Equinor staff when establishing a business relationship or through operational dealings;
- from a third party service provider or agent, from a source of publicly available information (e.g. websites) or from an employer (e.g. where a supplier or contractor provides personal data about their employees); or
- through use of Equinor's website
Transfer of Personal Data
Equinor has established Binding Corporate rules (BCR) to provide Equinor with a legal basis for transfer of personal data within the Equinor group to Equinor companies outside of EU/EEA. The BCRs will apply to all personal data, within the Equinor group, which are protected by applicable EU data protection law. You can find a summary of the BCRs here.
Equinor will ensure that the European rules on trans-border data flows are complied with when personal data are transferred to external processors (outside of the Equinor group) located outside of EU/EEA or located in a country that is not recognised by the EU Commission as ensuring an adequate level of protection.
How to exercise your rights as a data subject.
National and international data protection gives rights to data subjects. Please refer to these regulations for further information about your rights.
If you have questions or want to exercise your rights as a data subject, please contact the Data Protection Officer in Equinor (email address: email@example.com )