OilX Limited ("OilX", "we", "us") collect data when you use OilX’s services or interact with us. Here we describe how we collect, use, and handle your personal information.
What does this notice cover?
This notice applies to OilX’s online oil analytics platform (our “Service”), OilX’s corporate website at oilx.co (the “Website”) and other interactions (e.g. providing customer support) you may have with OilX.
What information do we collect?
We collect and process the following information:
Information you provide to us.
Account information. We collect the information you provide to us when you do things such as sign up for your account or update your user profile. This may include your name, email address, phone number, your organisation and your professional role.
Interactions with us. We collect information when you interact with us, such as to provide us with feedback, contact us for user support or request a demo of the Services. This may include name, address, email, telephone number, company/employer, job function, team size, the date, time and reason for contacting us, transcripts of any conversations, and if you call us, your phone number and call recordings.
We store your marketing preferences, including any consent you have given us.
Information we collect automatically.
How do we use this information?
Under UK data protection law, we need a legal reason (known as a lawful basis) for holding, collecting and using your personal data. There are 6 main legal reasons which organisations can rely on. The most relevant are:• to enter into and perform our contract with you;
• pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by by your other rights and freedoms (e.g. your right to privacy);
• to comply with a legal obligation that we have;
• where you have consented to us using your personal data in a certain way.
We process your information for the following purposes (and under the following lawful bases):
To fulfil a contract, or take steps linked to a contract including:
• To provide our Services, including ancillary services such as customer support.
• To take payment for the Services.
• To send you service, technical and other administrative emails relating to our Services, messages and other types of communications, like two factor authentication and resetting your password.
As required by OilX to conduct our business and pursue our legitimate interests, in particular:
• To ensure our Services are working as intended, such as tracking outages or troubleshooting issues that you report to us.
• To make improvements to our Services, to help us develop new ones, and improve our Website.
• to send you direct marketing in relation to our relevant Services (if you are an existing or prospective client).
• To measure performance. We use data for analytics and measurement to understand how our Services are used. For example, we analyse data about your use of our Services to do things like optimise product design. We may also combine information collected through the Service with information about our customers collected by other means.
• To conduct surveys and other market research to ensure our services are relevant to your needs.
Where you give us consent:
• to send you direct marketing in relation to our relevant Services (unless you are an existing or prospective client);
• on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
For purposes which are required by law:
• In response to requests by government or law enforcement authorities conducting an investigation.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above.
In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication within an electronic message, or by contacting us at firstname.lastname@example.org.
Who will we share this data with, where and when
Vendors and service providers. We will share your personal data with third party service providers who support our business, who will process it on behalf of OilX for the purposes identified above. Such third parties include providers of hosting services and technical infrastructure (e.g. Amazon Web Services), CRM services, customer support services, and marketing services. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations.
OilX group companies. We may share your information with our group of companies for the purposes of business administration, maintaining security and regulatory compliance, providing support services to end users (including IT support, where relevant), marketing and analytics.
Legal reasons. We will share personal information outside of OilX if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to (i) enforce applicable terms of service or other agreements, including investigation of potential violations and audits, (ii) detect, prevent, or otherwise address fraud, abuse, security risks, or technical issues, and (iii) protect against harm to the rights, property or safety of OilX, our users, or the public as required or permitted by law.
Your organisation. When you access or use our services in the course of working for your organisation, we may share your information with such organisation in certain circumstances.
Business transfers. In the event that OilX undergoes or may undergo any reorganisation, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to any new owners of the business.
In connection with the purposes identified above, your personal data may be transferred outside the UK and the EEA . Where information is transferred outside the UK or EEA that is not subject to an adequacy decision by the UK Secretary of State, data is adequately protected by UK approved standard contractual clauses (including, where applicable, a UK International Data Transfer Agreement or Addendum) and/or EU Commission approved standard contractual clauses (as applicable), or a vendor's Processor Binding Corporate Rules.
What rights do I have?
Where required by applicable law or regulation, you have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller. If you are a registered user of our Services, you may also review and change your personal information on your account profile page.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights - or get a copy of our legitimate interest balancing tests - you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.
For the provision of information marked as mandatory when you register to use the Service, if such information is not provided, then you will not be able to use the Service. All other provision of your information is optional. If you do not provide such information, our provision of certain services to you may be detracted from. More information about your rights can be found on the UK Information Commissioner’s Office website.
How long will you retain my data?
We store data for as long as necessary to provide our Services. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. Some personal data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time. For example:
• We will keep the account information you provide to us (such as details about your organisation, your professional role) for as long as you remain an account holder.
• We will keep a record of the fact that you have asked us not to send you direct marketing indefinitely, so that we can respect your request in future.
• We will keep usage information and analytics data for a reasonable length of time that allows us to provide our services and to understand how people use our services.
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include security, fraud prevention, financial record-keeping, complying with legal or regulatory requirements, ensuring the continuity of our services, and when there have been direct communications with OilX.
How do I get in touch with you?
If you have any questions or concerns about how we process your data, please contact us at email@example.com.
Who is my data controller?
Any personal information provided to or gathered by OilX is controlled by OilX Limited (c/o 83 Cambridge Street, Pimlico, London, United Kingdom, SW1V 4PS, UK) . For more information on who is considered the specific data controller in connection with the collection of your personal information please contact us at firstname.lastname@example.org.
Changes to our privacy notice
We reserve the right to change this privacy notice from time to time to reflect changes in the law or regulation, our information practices, our services, or our operational requirements. Depending on the type of change, we may notify you by updating this page or by email. We encourage you to periodically review this page to see any changes we have made.
Last updated: February 2022