Esso Smiles Privacy Statement

This Esso Smiles Driver Rewards Program Privacy Statement (“Privacy Statement”) was last updated on 18 June, 2021.

The Protection of your Personal Data (as defined below) is important to us.

Esso (Thailand) Public Company Limited (“Esso”) appreciates your interest in connection with our Esso Smiles Driver Rewards Program (“Program”). Your privacy is important and we want you to understand our practices with respect to gathering and handling of Personal Data.

This Privacy Statement may be further complemented by other data privacy notices provided by Esso. We may provide an additional notice to inform you about the way in which we process such additional information.

This Privacy Statement describes the Processing (as defined below) of Personal Data pertaining to the Program by Esso established in Thailand.

We use certain defined terms in this Privacy Statement, as outlined below in Section 1, Defined Terms.


1. DEFINED TERMS

“Data Controller” means the natural or legal person which determines the purposes and means of the Processing of Personal Data. In the context of this Privacy Statement and the Program, Esso is the Data Controller.

“ExxonMobil” and/or “ExxonMobil affiliates” mean (a) Exxon Mobil Corporation or any parent of Exxon Mobil Corporation, (b) any company or partnership in which Exxon Mobil Corporation or any parent of Exxon Mobil Corporation now or hereafter, directly or indirectly (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Exxon Mobil Corporations, any parent of Exxon Mobil Corporation or an Affiliated Company has day to day operational control.

“Processed” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject” or “Individual”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Esso Smiles Driver Rewards Program ("Program") is proprietary to Esso where acceptance of any person(s) to the Program shall be subject to the approval of Esso and once accepted by Esso, participation by any such person ("Cardmember") in the Program shall be subject to the Program’s terms and conditions which may be amended from time to time by Esso without prior notice to Cardmember.

Activities of the Cardmembers within the Program may include, but are not limited to, Esso Smiles Card registration, Esso Smiles points earning through your participating fuel and non-fuel product purchase (Esso Smiles points earning from participating non-fuel product is exclusive for Esso Smiles card only), Esso Smiles points redemption, and Esso Smiles points conversion to our partner alliance (“Activities”).

Cardmembers may access the Program through participating Esso-branded service stations (“Service Stations”), this Website (“Site”), and Esso LINE Official Account through Esso Smiles Connect (“Esso Smiles Connect”).


2. IDENTITY OF DATA CONTROLLER

The Data Controller in respect of Personal Data collected for the Program is:

Esso (Thailand) Public Company Limited 3195/17-29 Rama 4 Road, Klong Ton
Klong Toey District, Bangkok 10110
Thailand


3. INDIVIDUALS TO WHOM THIS PRIVACY STATEMENT IS ADDRESSED

This Privacy Statement is addressed to the visitors of the Site, users of Esso Smiles Connect and Cardmembers whose Personal Data is collected by the Data Controller listed in Section 2 above.


Personal Data of Children

If you are 18 years of age or over and not sui juris and wish to register in the Program, please provide your legal guardian's consent for registration and participation in the Program.


4. ESSO’S COMPLIANCE WITH DATA PROTECTION LAWS (LAWFUL BASIS FOR PROCESSING PERSONAL DATA)

Esso is committed to collecting and using Personal Data in a lawful manner.

Esso will ensure that its Processing of Personal Data is allowed under applicable data protection law. Depending on the situation, Esso can justify the Processing of Personal Data on various legal bases, which include:

  • Esso’s legitimate business interest, for example but not limited to transaction inquiry, customer service support, and transaction security, unless such interests are overridden by the interests or fundamental rights and freedoms of the Individual, and/or
  • the Processing is necessary for the performance of the Program to which the Individual is a party, and/or
  • the Processing is necessary for compliance with a legal obligation to which Esso is subject, and/or
  • the Individual has given consent to the Processing of his or her Personal Data for one or more specific purposes.

5. CATEGORIES OF PERSONAL DATA AND PURPOSES FOR DATA COLLECTION, PROCESS, AND USAGE

In this table we describe the categories of Personal Data that we gather from Cardmembers, visitors to the Site and users of Esso Smiles Connect as well as the purpose of processing for which we use the information.

No.

Purpose of Processing

Categories of Personal Data

1

Creating and maintaining the Cardmember’s Smiles account and managing his/her continued participation in the Program as well as other reasonable purposes relating to the Program.

Contact details for example but not limited to names, citizen ID or passport number, date of birth, addresses, e-mail addresses, and telephone numbers.

2

Verifying the Cardmember’s identity and eligibility to participate in the Program.

3

Providing the Cardmember with services and benefits under the Program.

4

Contacting the Cardmember about his/her Smiles account and suspension/termination of the Program and details of any replacement program (if applicable);

5

Providing the Cardmember with customer service generally or other services requested by the Cardmember

Contact details for example but not limited to names, citizen ID or passport number, date of birth, addresses, e-mail addresses, and telephone numbers, content of your request/ feedback and other Personal data you may provide.

6

Statistical analysis for design and administration of the Program and market research purposes (including, but not limited to, customer profiling purposes);

Number of visits to the Site; which parts of the Site visitors select. Number of visit to Esso Smiles Connect; which menu visitors select.

 

Any of the Personal Data referred to in this notice, provided the information is appropriately pseudonymized or anonymized, as required under applicable law.

 

IP address (the Internet address assigned to your computer from your Internet Service Provider), device type, domain type, browser type (e.g., Firefox, Chrome or Internet Explorer), and date and time of day, and LINE Unique Identity (LINE UID) assigned to your LINE account.

 

Contact details for example but not limited to geolocation of your computer or mobile device, names, citizen ID or passport number, date of birth, addresses, e-mail addresses,  telephone numbers, and transactional data.

 

Any of the Personal Data or content of your feedback that you voluntarily provide about your experience of our Program, products or services at Esso service station.

7

Developing general enhancements to the Program, improving services at Esso service station or other benefits and services provided by Esso or dealers to its Cardmember and other customers (including, but not limited to, customer surveys, marketing surveys).

8

Devising promotions (for fuel and non-fuel products) for its customers generally or specifically for some or all of its Cardmembers.

9

Providing the route to Service Stations.

Geolocation of your computer or mobile device.

When Esso relies on the Individual’s consent as a legal basis to Process the Personal Data, Cardmember can withdraw their consent at any time, for the future. Cardmember who wish to withdraw their consent, should notify us at Esso Smiles Customer Service Centre 02-631-9999 during 9.00 – 18.00 (Monday – Saturday) or self-withdraw through Site, or Esso Smiles Connect, or submit the Esso Smiles Customer Request form at Service Stations (submitting Customer Request form at Service Stations is for Esso Smiles Card only) and we will take steps to stop the Processing of your Personal Data as soon as reasonably possible.


6. INFORMATION PLACED ON YOUR COMPUTER AND MOBILE DEVICE (“COOKIE”)

We use cookies and other files which we store on your computer or mobile device when you visit the Site, in order to collect one or more of the categories of information listed above. The cookies and files stored on your computer or mobile device facilitate customization of your use of the Site and help to avoid the need for you to re-enter your details every time you visit it. You can erase or block this information from your computer if you want to. For more information about the cookies and files we place on your computer or mobile device, and how to erase or block them, see the Esso Smiles Driver Rewards Program Cookie Statement on the relevant website.

Note that some of the services may not be available if you fail to provide the Personal Data necessary to deliver them.

Furthermore, this Site and Esso Smiles Connect have link to sites that Esso does not own, control or maintain. We cannot be responsible for their privacy policies and practices and we make no representations or warranties about the privacy practices of those sites. Similarly, we cannot be responsible for the policies and practices of any site from which you linked to our Site and Esso Smiles Connect. We recommend that you review the privacy statement of other sites carefully and contact the operator if you have concerns or questions.


7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

Esso employs other companies and persons to perform functions on our behalf. They have access to Personal Data needed to perform their functions, but shall not use it for other purposes. Communicating via the Internet and sending information, products, services, and promotions to you by other means necessarily involves your Personal Data passing through or being handled by third-parties.

For the purpose of the administration of the Program and the Personal Data collected through Service Stations, Site, and Esso Smiles Connect, Esso shares and/or transfers your Personal Data with other companies and individuals to perform functions on our behalf, including creating and maintaining the Cardmember’s Smiles account, managing his/her continued participation in the Program, providing customers service, analyzing data and researching marketing purposes, providing data storage/processing, providing marketing or telemarketing assistance or other services to Esso. They have access to your Personal Data needed to perform their functions, but may not use it for other purposes.

Before any Personal Data is shared with service providers, please rest assure that we enter into a written agreement which requires them: (1) not to make any unauthorized further disclosures of the Personal Data; (2) to use the Personal Data only for the specified purposes and only according to the instructions received from Esso; (3) to retain the Personal Data only as long as necessary to carry out these purposes or to protect company interests (please see details in Section 12); and (4) to have in place adequate and appropriate security measures.

In some circumstances, Esso will have to disclose Personal Data to other third parties, including competent authorities, legal advisors, operators of Esso-branded fuel stations, and other business partners who process the Personal Data on their behalf, for instance if such transfer is required by law or legal process, in order to defend Esso's rights or to adequately handle individuals' complaints and requests.

If Personal Data is shared with a third party or an ExxonMobil affiliate outside Thailand, the conditions regarding data transfers, see  Section 8 below, apply in addition to the requirements of this section.


8. TRANSFERS OF PERSONAL DATA

Esso may obtain the Personal Data from, and/or provide or transfer the Personal Data to, the operator(s) of the participating Service Stations, its Affiliates and third parties that provide (whether directly or otherwise) administrative, business and operational support or marketing, research, data storage/processing, telemarketing, telecommunications, IT, payment or other services to Esso and its Affiliates (collectively, “Specified Third Parties”) in connection with the purposes stated in Section 5 above within or outside Thailand.


8.1 International Transfers between affiliates

Esso may transfer some or all of the Personal Data to servers of ExxonMobil located worldwide and will make that Personal Data accessible to other ExxonMobil affiliates, some of which are located in third countries that may not be regarded as providing an adequate level of protection of the Personal Data, in accordance with applicable law.

The transfer of Personal Data from Thailand to recipients located outside Thailand is subject to restrictions. Esso has taken steps so that Personal Data receives an adequate level of data protection at all ExxonMobil locations.

8.2 International Transfers to third parties

When transferring Personal Data to third parties, Esso puts in place safeguards to ensure that the third party adequately protects the Personal Data.  These safeguards may include, as appropriate, (1.) contractual safeguards imposed on the third party which is contracted by Esso, and (2.) protections available under local law for the third party established in a country deemed adequate by same standard as in Thailand Personal Data Protection Act.

For more information about specific transfer mechanisms used for transfers between affiliates and transfers to third parties, including information on and a copy of any of the existing safeguards implemented by Esso in order to ensure that Personal Data is Processed within an adequate framework, please contact Data Controller as detail in Section 2.


9. ACCURACY OF PERSONAL DATA

Esso endeavors to keep Personal Data that it collects as accurate, complete and current taking into account the purposes of Program for which it was collected and is being used. Esso relies on Data Subjects to maintain the accuracy and completeness of the Personal Data and so you should inform Esso if your personal details change.


10. SECURITY AND CONFIDENTIALITY

Esso maintains appropriate administrative, technical and physical safeguards designed to protect Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, use, and all other unlawful forms of Processing of Personal Data in our Program.


11. RIGHTS TO ACCESS TO AND RECTIFICATION, ERASURE, AND DATA PORTABILITY OF PERSONAL DATA, AND RIGHTS TO CONSENT WITHDRAWAL FOR, RESTRICTION OF, AND OBJECTION TO THE PROCESSING OF PERSONAL DATA

Applicable law may give you the right to know how Esso Processes your Personal Data, and to access your Personal Data held by Esso. Such rights exist under Thailand Personal Data Protection Act. Furthermore, you also have the right to: withdraw your consent, should you wish to revoke consent; have inaccurate or incomplete Personal Data rectified; restrict the Processing of your Personal Data, under certain circumstances; object to the Processing operations, having regard to the given circumstances and for reasons related to their particular situation; or have Personal Data erased when such data is no longer necessary for the purposes for which it has been collected, in accordance with applicable law.

In some circumstances, you also have a right to request the portability of your Personal Data, which will allow you to obtain and reuse your Personal Data for your own purposes across different services without hindrance to usability.

For more information about the specific mechanism available in order to exercise the aforementioned rights, please contact Esso Smiles Customer Service Centre at 02-631-9999 during 9.00 – 18.00 (Monday – Saturday).


12. RECORDS RETENTION

Esso will retain Personal Data as long as necessary to meet the purposes of the Program for which the data was collected.

Esso will delete Cardmember’s Personal Data or anonymize them to make it unidentifiable:

  • Without undue delay upon Cardmember’s request to delete account profile or terminate membership; or
  • Within 3 months from the last interaction with Esso. The last transaction with Esso means one of the following activities:
    • No fuel purchase by using Esso Smiles Card for consecutive 36 months.
    • No loyalty point transfer from any partner to Esso Smiles point for consecutive 36 months.
    • No activity gaining Esso Smiles point for consecutive 36 months.

In all cases, Esso may retain Cardmember’s Personal Data for longer period to ensure compliance with applicable laws (e.g. statute of limitations periods), or regulations reason to do so or to protect legitimate company interests.

We also require the same practice from the Specified Third Parties who may be located within or outside of Thailand who are assisting us in providing services to our customers.


13. AUTOMATED DECISION-MAKING

Esso does not use automated decision-making unless this is (1.) necessary for entering into, or performance of, a contract between the Individual and ExxonMobil and its affiliates, (2.) permitted or required by law, or (3.) based on the Individual’s explicit consent.

Automated decision-making means a decision that produces legal effects concerning an Individual or significantly affects the Individual and which is based solely on automated Processing (i.e. no human intervention in the process of decision-making) of Personal Data intended to evaluate certain personal aspects relating to the Individual. Moreover, Esso shall implement suitable measures to safeguard the Individual’s rights and freedoms and legitimate interests.


14. QUESTIONS AND COMPLAINTS

Esso is committed to protecting your Personal Data as described in this Privacy Statement and as required by Thailand Personal Data Protection Act. If you have any questions about this statement or about Esso’s handling of your Personal Data, or if you would like to request additional information on the Personal Data Esso holds about you or learn about and exercise your rights with respect to your Personal Data, you can contact our Esso Smiles Customer Service Centre at 02-631-9999 during 9.00 – 18.00 (Monday – Saturday).

Alternatively, you may write to:

Thailand Data Privacy Office

Esso (Thailand) Public Company Limited

3195/17-29 Rama 4 Road, Klong Ton

Klong Toey District, Bangkok 10110

Thailand

Email: data.privacy.office@exxonmobil.com


15. CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to change this Privacy Statement at any time without notice. When we make material changes to this Privacy Statement, we will post the changes on this page and update the revision date at the top of the Privacy Statement. We encourage you to review our Privacy Statement regularly for updates.