Business customer, supplier, partner or investor
Information for individuals connected with our business customers (B2B), suppliers, business partners, stakeholders and/or investors.
What does this Privacy Notice cover?
This Privacy Notice provides information regarding the personal data which is processed by a company or companies within the Shell group of companies (‘Shell’ or ‘we’) in relation to individuals who work for or on behalf of or who are shareholders of our business customers (B2B), suppliers, business partners (including within non Shell-operated joint ventures), stakeholders and/or investors including visitors to certain Shell websites and portals.
For individuals who apply to work for, or who attend a recruitment event or undertake an assessment please refer to the Privacy Notice- Recruitment on https://www.shell.com/privacy/job-applicant-notice.html
This notice explains what personal data is processed, for which purposes, how long we hold the personal data for, how to access and update your personal data and where to go for further information.
Special Notice – if you are under 14 years old. Processing children’s personal data
If you are under 14 years’ old (or older if set out in any local privacy notice) please do not send us your personal data (for example, your name, address and email address). If you wish to contact Shell in a way which requires you to submit your personal data (such as for education or innovation events) please get your parent or guardian to do so on your behalf.
What personal data do we process?
We process personal data from and in relation to individuals who are, or who work for or on behalf of or who are shareholders in our business customers, suppliers, business partners (including those within non Shell-operated joint ventures), stakeholders and/or investors in the following categories:
- Private contact information (such as name, postal or e-mail address, and phone number) only if necessary;
- Business contact and other information (such as job title, department, name of organization and your dealings with Shell on behalf of yourself or the relevant business customer, supplier, business partner and/or investor);
In addition, in order to comply with legal and regulatory obligations, to protect Shell’s assets and employees/contractors and specifically to ensure that Shell can comply with trade control, anti-money laundering and/or bribery and corruption laws and other regulatory requirements, we carry out screening on existing business counter-parties and potential business counter-parties pre-contract and on a periodic basis post-contract. This screening includes individuals such as directors, officers, sole traders, shareholders and key stakeholders of our current and potential counter-parties. This screening takes place against publicly available or government issued sanctions lists and media sources.
This data may include personal data regarding suspected and actual criminal behaviour, criminal records or proceedings regarding criminal or unlawful behaviour but only for the purposes of ensuring Shell’s compliance with legal and regulatory obligations and/or to the extent permitted or required by local law particularly, separate consent will be obtained.
The screening does not result in any automated decision making in relation to the counter-parties or potential counter-parties.
Who is responsible for any personal data collected?
Hankook Shell Oil Company Limited, a company registered in the Republic of Korea with office at 250, Shinseon-Ro, Nam-Gu, Busan, Republic of Korea.
For what purposes do we process the personal data?
We process personal data covered by this Privacy Notice for the following purposes:
- Business execution including researching, developing and improving products or services; concluding and executing agreements with customers, suppliers and business partners; recording and settling services, products and materials to and from a Shell company; managing relationships and marketing such as maintaining and promoting contact with existing and prospective customers, account management, customer service, and development, execution and analysis of market surveys and marketing strategies.
- Organisation and management of the business including financial management, asset management, mergers, de mergers, acquisitions and divestitures, implementation of controls, management reporting, analysis, internal audits and investigations.
- Health, safety and security including protection of an individual’s life or health, occupational health and safety, protection of Shell companies and staff, authentication of individual status and access rights; or
- Legal and/or regulatory compliance including compliance with legal or regulatory requirements including litigation and defence of claims.
(or for a secondary purpose where it is closely related, for example such as storing or deleting it).
What are the legal bases for processing the personal data?
The personal data covered by this Privacy Notice is only processed with the explicit consent of the individual:
- in order to take steps at the request of an individual prior to entering into a contract;
- where it is necessary to comply with a legal or regulatory obligation to which the relevant Shell company/companies is subject to;
- where it is necessary for the purposes of the legitimate interests pursued by the relevant Shell company/companies, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual/s;
In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.
Who will we share the personal data with?
The personal data covered by this Privacy Notice is exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:
- Other companies within the Shell group of companies;
- Authorized third party agents, service providers and/or subcontractors of Shell;
- A competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which the relevant Shell company/companies is subject to or as permitted by applicable local law.
Transfers of personal data
Where the personal data has been transferred to companies within the Shell Group and/or to authorized third parties located outside of your country (including outside of the European Economic Area) we take organizational, contractual and legal measures to ensure that your personal data is exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented in order to safeguard your personal data. These measures include Binding Corporate Rules for transfers among the Shell Group and European Commission approved transfer mechanisms for transfers to third parties in countries which have not been deemed to provide an adequate level of data protection as well as any additional local legal requirements.
In addition, we have implemented technology and policies with the objective of protecting your privacy from unauthorised access and improper use and will update these measures as new technology becomes available, as appropriate.
We shall take the following technical, administrative and physical actions required to ensure the safety of personal information:
- Minimize the number of employees handling personal information and provide training for them.
- Conduct a periodic self-audit.
- Establish and implement an internal management plan.
- Encrypt personal information.
- Take technical measures against hacking, etc.
- Control access to personal information.
- Retain log-in records and prohibit forgery and alteration of log-in records.
You can request a copy of these by contacting email@example.com.
What are the consequences of not providing personal data?
Personal data gathered by Shell for these processes either directly or indirectly is required in order to:
- Fulfil legal requirements and/or which is required for entering into a contract with a counter-party and continuing to contract with that counter-party.
- Maintain contact with business customers, suppliers and business partners, visitors to the website and investors.
Failure to provide us with the information required will negatively affect our ability to communicate with you, or our ability to enter into a contract with a counter-party or continuing to contract with a counter-party.
How long do you hold any personal data for?
Any personal data that is required for the purposes of conclusion and execution of agreements with business customers, suppliers and business partners or for considering bids or tenders will be held during the duration of the contractual relationship and up to 15 years after. For agreements which have a term of more than five years and for the purposes set out above these agreements will be held for 35 years with effect from the commencement of the agreement.
In all other cases for the purposes set out above, including personal data gathered as part of any unsuccessful bids to Shell or which relates the screening against publicly available or government issued sanctions lists and media sources, such personal data is held for no longer than 15 years after it was first gathered.
In all cases information may be held for a) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or b) a shorter period where the individual objects to the processing of their personal data and there is no longer a legitimate purpose to retain it.
We will destroy the personal information within [five] days from the expiration date of the retention period. If the personal information becomes no longer needed as the purpose of processing such information has been achieved or our business has been closed, we will destroy such information within [five] days from the date on which the processing of such information is deemed unnecessary.
Any printout, document, etc. containing personal information will be destroyed by incinerating or shredding such into pieces, and personal information in the form of electronic file will be destroyed by permanently deleting it in an irrevocable manner.
How can I access my personal data?
We aim to keep our information as accurate as possible. Individuals can access their personal data, request correction or deletion of the personal data (but only where it is no longer required for a legitimate business purpose) and request that the processing of their personal data is restricted. Please contact firstname.lastname@example.org
Who can I contact for more information?
If you have any issues, queries or complaints regarding the processing of your personal data please contact us at Privacy-Officeemail@example.com or Shell Group Chief Privacy Officer at Shell International B.V. The Hague, The Netherlands - Trade Register, No. 27155369 Correspondence: PO Box 162, 2501 AN, The Hague.
If you are unsatisfied with the handling of your personal data by Shell, then you have the right to lodge a complaint to your own data protection authority or the Personal Information Protection Commission whose address is 4th floor, Government Complex Seoul, (03171) 209, Sejong-daero, Jongno-gu, Seoul. Please visit http://www.pipc.go.kr for more information.
Cookies and similar technologies
Changes to this Privacy Notice
This Privacy Notice may be changed over time. Should there be any inconsistency between the English version and the Korean version of this notice, the former shall prevail. This Privacy Notice was last updated in September 2018.