Throughout this Policy, the pronouns “we” or “us” or the term “the Company”, means Irving Oil Company, Limited of Saint John, New Brunswick, Canada and its group of companies including its affiliates, subsidiaries and related companies, wheresoever situate. The pronouns “you” or “your” means the person, organisation, or entity including customers, business contacts, suppliers and service providers to the Company which includes, as appropriate, their respective directors, officers, employees, agents, representatives, contractors and personnel. Terms such as “Data Controller” and “Data Processor” shall have the meaning assigned in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
Depending on where you are located and/or the location from which you engage with us and/or the location from which you receive goods or services from us or provide goods and services to us, the Data Controller of your personal data controlled or processed by us under this policy may vary. If you have any questions about our use of your personal data, you should first contact us at [email protected].
We do not collect any personal data about you from this website, apart from information that you volunteer (for example by e-mailing us or by completing any of our on-line forms or physical application form). Like most websites, we gather statistical and analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you. Please also refer to our Cookies Policy.
For the purposes of this policy, data may include personal information, contracts and related documents between the Company and customers (whether or not Individuals), and between the Company and the service providers to the Company (“Service Providers”), and includes any information (whether or not it is sensitive or personal) which relates to an identified or (directly or indirectly) identifiable living Individual (“Personal Data”).
The Company is obliged to adhere to applicable legal requirements in the various jurisdictions within which the Company operates. In addition, the Company has contractual confidentiality obligations which are owed to customers and Service Providers, amongst others.
In obtaining and processing Personal Data in connection with customer, contractors and/or Service Providers, the Company acts as the Data Controller.
The Data may be held electronically, processed via automated processes, or held in general files, and where processed on the Company’s behalf by Service Providers, will be subject to written contracts governing that processing and setting out the security and confidentiality measures which the Service Providers have committed to implement.
The Company may, in certain circumstances, act as a Data Processor on behalf of third parties, including members of the Irving Oil group of companies. Where the Company acts as Data Processor, it will act in accordance with the instructions of the Data Controller and within the terms of the written contract with the Data Controller (where same is required to exist) and in all circumstances in compliance with this Policy and related Company policies.
The provisions of this policy relating to security of processing and international data transfers shall apply whether the Company acts as Data Controller or Data Processor.
For the avoidance of doubt and notwithstanding anything to the contrary in this policy, nothing in this policy shall prevent the Company from complying with any legal or regulatory obligation to disclose Data in accordance with applicable law.
1. HOW WE COLLECT AND USE PERSONAL DATA.
Personal Data is data that identifies you or can be used to identify or contact you. For example, this might include your name, address or e-mail address, occupation and photograph. In certain circumstances you will provide us with your personal data directly or your data may be supplied by your organisation/business. We rarely collect any sensitive personal data by design, however in certain circumstances we will hold sensitive personal data about you by default where this information forms part of your personal contact details.
Customers, Prospective Customers, Service Users, Service Providers, Prospective Service Providers and Job Applicants.
Any Personal Data collected about our customers, prospective customers, service users, service providers, prospective service providers, job applicants and our legitimate business contacts is stored in appropriate data management systems which may be paper based or electronic. We process your Personal Data in accordance with the aims of the business i.e. the refining, supply, manufacture, marketing, storage, and transport of petroleum and related oil products i.e. to provide goods or services.
Your Personal Data may be processed for the following purposes:
(a) for day to day operational and business purposes;
(b) to communicate with you regarding your contract with us, enquiries regarding the goods or services we provide to you or the goods and services you provide to us, before, during and after the duration of such contract;
(c) to contact you in relation to communications from the Company deemed to be of possible interest to you, as an individual and/or company;
(d) for marketing and/or advertising purposes where appropriate and where you have agreed or consented to such marketing/advertising, if required;
(e) to contact you in response to communications you might send us; and
(f) to provide you with the information / service you have requested.
We rely upon the following legal bases in controlling and processing your Personal Data:
(i) where such processing is necessary to enter into or for the performance of your contract with us;
(ii) where such processing is in our legitimate interests in conducting our business in a responsible and commercially prudent manner;
(iii) to investigate or process complaints and/or defend or bring legal claims or complaints;
(iii) to comply with our legal and regulatory obligations; and
(iv) in limited circumstances, your explicit consent (where we have sought it and you have provided it to us), and in which case, you can withdraw your consent at any time.
We will not process your Personal Data for any of these purposes if to do so would constitute an unwarranted interference with your interests, rights and freedoms. We will endeavour to only collect the minimum amount of Personal Data necessary.
CCTV, Photography & Video Recording
We operate CCTV at our company premises. Images and recordings collected through our CCTV will be collected for specified, explicit and legitimate purposes (e.g. security purposes, health and safety) and they will not be processed in a manner that is incompatible with those purposes. In accordance with the legitimate business of the Company your image if captured in our CCTV may be used if required for security, health and safety purposes.
At any event or conference we may organise, photography and/or video recording may take place. In accordance with the legitimate business and promotional interests of our business your image may be used in our publications and website. If you do not consent to this use, please advise a member of staff prior to or on arrival at the meeting and/or event. You will be advised whether it is possible to accede to your request. If it is not possible for us to confirm that your image will not be used in our publications and/or website, even in an inadvertent manner, we will offer you a refund of any attendance fee. We strongly advise that you make any such enquiry at the time of booking.
However, where our events and/or meetings are held in public venues and in accordance with the legitimate business and promotional interests of our business members of the press and press photographers/videographers are present, we do not control the publication of press photography and/or reporting.
The Requirement to process Personal Data.
The provision of your Personal Data for the purposes described above is a contractual requirement. In addition, we may need to process your Personal Data to comply with statutory requirements, such as keeping proper records of financial transactions. We cannot continue to facilitate and administer your contract, service agreement or relationship with us, if you fail to provide your Personal Data for the purposes described above.
2. HOW IS YOUR INFORMATION SHARED?
Your information will be shared as required with relevant persons for legitimate and reasonable purposes. We may process and share your data with our accountant(s) and other professional advisors when required. Our service providers may only process the data of our customers for the purpose of providing us with their services, and no other purpose. We may also share certain parts of your data when we are required to do so with competent regulatory authorities and bodies as requested or required by law.
Your data may be shared within our Company i.e. Irving Oil Company, Limited of Saint John, New Brunswick, Canada and its group of companies including its affiliates, subsidiaries and related companies, wheresoever situate.
Transfers of data outside the European Economic Area (“the EEA”)
In some jurisdictions, the transfer and distribution of Personal Data, whether to an entity related to the Company or any of the Service Providers, or to a third party, is restricted and is only permitted in limited circumstances. In the event that the Company or a Service Provider transfers Personal Data from within the EEA to a country outside the EEA, it will in general be necessary for the Company (as Data Controller) to have in place a written agreement with the third party to whom the Personal Data is transferred.
We transfer data to Data Processors located outside the EEA. Your Personal Data may also be processed by staff operating outside the EEA who work for us or for one of our Service Providers. Particular restrictions and limitations apply to the transfer of Personal Data from within the EEA to countries outside of the EEA, where such countries do not have equivalent levels of data protection to that afforded to Personal Data within the EEA. The safeguard we have put in place for transfers to such countries is to enter into European Commission approved contractual clauses with the relevant third party. The Company may, as Data Controller, appoint a Service Provider as its agent for the purposes of executing the European Commission’s approved contractual clauses. However, in no case will Data be transferred from within the EEA to a country outside the EEA without the Company’s consent.
If you wish to receive more information relating to our Processors and/or transfers outside of the EEA, relevant to your Personal Data, please contact the Privacy Officer.
3. WHAT ARE YOUR RIGHTS RELATING TO PERSONAL DATA?
Depending on where you are located and the location from which you engage with us and/or the location from which you receive goods or services from us or provide goods and services to us , the Data Controller of your personal data controlled or processed by us under this policy may vary and accordingly, your rights in relation to your Personal Data may also vary. To clarify your rights in relation to your Personal Data or if you have any questions about our use of your personal data, you should first contact us at [email protected].
In certain circumstances, you may have the right to request information regarding Personal Data relating to you, how it is stored, how the data was collected, and for what purpose. If Personal Data is incorrect or incomplete, you may have the right to request for it to be corrected or supplemented. You may have the right to request that your data is deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing activity has lapsed or ceased to be applicable for other reasons. However, certain operational, legal and/or statutory retention requirements must be observed.
You may also have the right to data portability i.e. you may have the right to request us to provide you, or a third party, with a copy of your Personal Data in a structured, commonly used machine readable format. In the very limited circumstances where we may be processing Personal Data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.
If you are unhappy with how we process Personal data, we ask you to contact us so that we can rectify the situation. You may also lodge a complaint with a supervisory authority. Please contact the Privacy Officer at [email protected] and we will advise you of the appropriate supervisory authority pertaining to your complaint or query.
You may also ask us not to process your personal data for marketing purposes. As indicated above, you can exercise your right to object to such processing at any time by using an unsubscribe facility or contacting us at [email protected]
In order to exercise any of the potential rights set out above, please contact the Privacy Officer at [email protected].
4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will retain your Personal Data (including sensitive data) on an ongoing basis, for as long as we have a relationship with you, to observe certain operational, legal and/or statutory retention requirements and in order for us to:
(a) comply with our records retention obligations and for any extended period reasonably determined necessary; and
(b) to investigate or process complaints and/or defend or bring legal claims or complaints.
5. HOW DO WE KEEP YOUR PERSONAL DATA SAFE?
We take steps through appropriate organisational and technical measures to ensure that the personal and sensitive information we hold about you is held securely and to protect against the loss or misuse of your information.
Each of the Company and the Service Providers is obliged to implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, or accidental loss, alteration, unauthorised disclosure or access. This applies particularly where such Personal Data will be transmitted over a network.
Generally, the Company shall, and where it appoints Service Providers and/or Data Processors, shall ensure that the Service Providers shall, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of Individuals, implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Any breach of your Personal Data is notified and managed in accordance with our Privacy Breach Management Protocol.
In accordance with applicable data protection laws, the Company may be obliged to notify the appropriate regulatory authority of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data (each a “personal data breach”), unless the Personal Data breach is unlikely to result in risks to Individuals. Furthermore, the Company may be required notify any impacted Individuals without undue delay where a Personal Data breach is likely to result in a high risk to those Individuals.
The Company shall ensure that Service Providers notify the Company without delay of any security incident and shall provide all reasonable assistance to the Company to enable it to comply with its obligations under applicable data protection laws with regard to notification of Personal Data breaches.
Tedcastle Oil Products operating under the brand name Top Oil is located in Ireland and includes its groups of companies including its affiliates, subsidiaries and related companies (“Top Oil”).
Top Oil’s Parent Company Irving Oil Company, Limited is located in Saint John, New Brunswick, Canada and includes its group of companies including its affiliates, subsidiaries and related companies. (“Irving Oil”)
Top Oil and Irving Oil act as Joint Data Controllers of personal information you provide to Top Oil pursuant to a Data Sharing Agreement in place between Top Oil and Irving Oil.
What information is collected?
This website collects the following type of information from all users.
- Information, provided voluntarily, that identifies you or can be used to identify you in conjunction with other information that we may likely hold in order to provide our service.
- Contact information such as your name, address, email address and telephone numbers.
- Information preferences and user IP addresses in circumstances where they have not been deleted, clipped or made anonymous. Such information is only collected from you if you voluntarily submit it.
Top Oil will gather statistical and other analytical information on an aggregate basis. This Non-Personal Data cannot be used to identify or contact you. It includes data such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymous, browser types and other anonymous statistical data involving the use of this website.
Why does this website collect data?
Top Oil will use the personal and non-personal data collected on this website to gain a better understanding of where site visitors come from and to help improve the layout and content of the website.
Top Oil uses the following cookies:
Purpose: Web Analytics
Cookie Names: Utma, utmb, utmc, utmt, utmz
Domain: Top Oil
Purpose: Site Management
Cookie Names: PHPSESSID
Visit aboutcookies.org for a comprehensive guide on how to control and delete cookies on a wide range of web browsers and operating systems.
What do we do with your data?
Top Oil will use your personal data for the following purposes only:
- To process and deliver any goods or services you have ordered.
- To contact you in connection with any goods or services you have ordered.
- To respond to any inquiry or application form you submit.
- To send you marketing emails and/or text messages if you have opted into these services.
- To contact you in connection with any competitions you have entered.
- To contact you to verify that we have your correct data.
We process your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy.
We will only process your personal data where we have a legal basis to do so. The legal basis for our processing of your personal data varies depending on the manner and purpose for which we collected it.
We will only process personal data from you when:
- we have your consent to do so, or
- we need your personal data to perform a contract with you, or
- the processing is in our legitimate interests and not overridden by your rights, or
- we have a legal obligation to process your personal data, or
- the processing is necessary for the performance of task carried out in the public interest; or
- the processing is necessary in order to protect your vital interests or those of another natural person
If you have any questions about how Top Oil processes any of your personal data or its legal bases for doing so, please contact [email protected].
You will only receive communication from us if
(a) we have obtained your contact details in the course of a sale of our products or services and you have not objected to receiving such communication from us, or
(b) we have obtained your contact details via phone call, email, post, web form, competition entry or social media and you have not objected to receiving such communication from us.
We will only use your contact details to send you marketing communication if you have consented to receiving marketing from us. We will only send you marketing news and offers that are based on similar products or services that you purchased from us. You have the right to opt out of marketing at any time by
(a) contacting your local depot, or
(b) following the opt-out instructions as detailed in any marketing messages you receive.
We do not share your personal information with companies that would send their marketing to you.
Your rights in relation to your personal information
You have the right to request any personal information that Top Oil processes about you, such as
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with data protection law; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
You may contact us directly to inform us of any changes in your personal data. We will update or delete your data in accordance with our obligations under the GDPR and Irish Data Protection Act 2018.
If you would like to find out what personal data we hold on you please complete our Subject Access Request (SAR) Procedures form.
If you would like us to amend or delete data we have stored in our database, please send an email to [email protected] with your name and email address and contact information, and outline the information you would like to amend or delete
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Will my data be shared with any Third Parties?
Top Oil may provide aggregated data to other websites. For example, we might disclose the number of unique users of our site to a third party or user’s activities on
the website e.g. number of users to complete an online purchase.
These third parties may include website tracking services, commercial partners, researchers and other similar parties.
Top Oil may use third parties to complete processing of our services. From time to time, we will run sales and promotional campaigns in collaboration with trusted partner organisations within the broader Top Oil and/or Irving Oil group of companies.
Where requests for disclosure of your personal data arise, Top Oil will only disclose
your personal data where we are required to disclose it in order to comply with any applicable law, summons, search warrant, court or regulatory order, or other statutory requirement.
Is my personal data secured?
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage.
Your personal data is held on secure servers hosted by Top Oil, Irving Oil and trusted service providers used to complete processing on our behalf. No data transmission over the Internet can be guaranteed to be 100% secure. However, we will take all reasonable steps to protect your personal data.
Where we transfer your personal information to a destination outside the European Economic Area, such as to our Parent Company Irving Oil in accordance with a Data Sharing Agreement between Top Oil and Irving Oil or to Data Processors located outside the EEA for legitimate business purposes, we take specific measures to ensure the security and integrity of the data at all times. Such data will be protected under the terms of a formal, written contract in line with our regulatory obligations and in compliance with the guidance of the appropriate Supervisory Authority.
Policy last updated