What is PD? In this PN, PD includes all personally identifiable information (“PII”) (such as names, email addresses, phone numbers, and ID numbers) but also includes data like IP addresses, location data, and pseudonymized information. PII is a term used most commonly in the US for data protection matters, whereas PD is more commonly used in the UK and EU. As Petrolink is a global organisation, we have chosen to use the term PD for this PN as it covers broader types of personal information.
Petrolink’s Commitment to Your Privacy Petrolink respects the privacy of everyone who uses our website and applications, and is committed to safeguarding your PD. Whenever you provide PD to us, we handle it in accordance with our internal data protection standards, which are aligned with relevant DP Laws in the countries in which we operate.
How do we collect PD? We receive and store certain types of information whenever you interact with us via our website or applications.
How do we use PD? We may use the PD you give us to carry out various functions in relation to your role. This can include (but is not limited to) helping us create, develop, operate, deliver and improve our products, services and content, and for loss prevention and anti-fraud purposes.
Our Legal Grounds for Processing PD: As set out above, we may use your PD for several different purposes. In each case, we must have a “legal basis” to do so. When using your PD, this is in the for a legitimate interest of the business (e.g., improving services).
When might we share your PD? Petrolink shares PD only as described below:
- Third Party Service Providers: We may employ other companies and individuals to perform functions on our behalf – for e.g., sub-suppliers providing services associated with the functioning of our website or applications. They will have access to PD to the extent that it is needed to perform their functions but may not use it for other purposes. They must also process the PD in accordance with this PN and relevant DP Laws.
- Petrolink Group Companies: We may share PD within the Petrolink Group, for business performance and management purposes.
- Others: We may need to disclose your PD if required by law, legal process, litigation, and/or requests from public and governmental authorities. We may also disclose PD if we determine that:
- disclosure is necessary or appropriate for purposes of national security, law enforcement, or other issues of public importance; and/or
- such action is necessary to protect and/or defend our rights, property, or personal safety and those of our users/customers or other individuals.
International Transfers of PD: There may be some instances where your PD may be transferred outside the country where you are based (for e.g., to jurisdictions where the Petrolink Group operates, or where our trusted third-party service providers are located). Where such transfers take place, we implement safeguards to ensure that your PD remains protected in accordance with the DP Laws. These may include agreeing contractual protections with applicable parties, relying upon decisions of the courts as to which countries have high standards of DP laws comparable to those in the UK/EU, or applying other legally recognised safeguards.
Retention of PD: We will retain your PD for the period necessary to fulfil the purposes outlined in this PN, unless a longer retention period is required (for example, where there is a legal obligation to retain such PD). Petrolink has implemented Data Protection Guidelines, which specifies the PD retention periods in each country where we operate.
Storage and Protection of PD: Petrolink takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our personnel in the proper performance of their duties.
Cookies and Other Technologies: To enable our systems to recognise your device and to provide features to you, we use cookies (small pieces of information saved on your device via your web browser). The cookies record patterns of use and allow us to:
- customise, control or regulate the use of our websites and
- adapt the display or appearance according to your preferences or interests.
We use the following cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our website (such as setting your privacy preferences, logging in or filling in forms).
- Analytical or performance cookies: These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site.
- Functionality cookies: These are used to recognise you when you return to our website, enabling us to personalise our content for you.
Where required by law, we will seek your consent before placing non-essential cookies on your device.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
| Cookie Title/name |
Purpose |
Retention period |
|
| _pk_cvar |
short lived cookies used to temporarily store data for the visit |
30 minutes |
|
| _pk_hsr |
short lived cookies used to temporarily store data for the visit |
30 minutes |
|
| _pk_id |
used to store a few details about the user such as the unique visitor ID |
13 months |
|
| _pk_ref |
used to store the attribution information, the referrer initially used to visit the website |
6 months |
|
| _pk_ses |
short lived cookies used to temporarily store data for the visit |
30 minutes |
|
| _pk_testcookie |
used to check whether the visitor’s browser supports cookies |
Cookies is created and should be then directly deleted |
|
| commId |
For window communication |
Valid until the browser is closed |
|
| Idp_id |
Used to store the IDP session id |
Valid until the browser is closed |
|
| matomo_ignore |
Used to opt out user by Matomo |
[13 months] |
|
| matomo_sessid |
Used to opt out user by Matomo for preventing CSRF |
[13 months] |
|
| MMAUTHTOKEN |
Mattermost Session ID |
Valid until the browser is closed |
|
| MMCSRF |
Mattermost cookie for preventing CSRF attack |
Valid until the browser is closed |
|
| MMUSERID |
Mattermost User ID |
Valid until the browser is closed |
|
| mtm_consent |
Used to remember that consent was given by the user |
[13 months] |
|
|
| mtm_consent_removed |
Used to remember that consent which was removed by the user |
[13 months] |
|
| mtm_cookie_consent |
Used to remember that consent for storing and using cookies was given by the user. |
[13 months] |
|
| petrovue cookie [GUID] |
Used to store the session id |
Valid until browser is closed |
|
| Pvu-connect.sid |
Session ID for Petrovue (name is configurable in modconfig session.key) |
Valid until the browser is closed |
|
|
{PVU_MODULE_ROUTE}_
FeedbackTimestamp |
PVU Module last feedback check timestamp, e.g. for rtv would be rtv_FeedbackTimestamp |
Valid until the browser is closed |
|
You can adjust your browser settings to notify you when cookies are being used, or to automatically reject certain types of cookies. Please note that our website and applications may not function properly if your cookies are disabled.
Your Rights
Under DP Laws you have certain rights in relation to your PD.
- The right to access your PD: You can obtain a copy of the PD we hold about you and certain details of how we use it.
- The right to rectification: If you believe that there are any inaccuracies, discrepancies, or gaps in the PD we hold about you, you can contact us and ask us to update or amend it.
- The right to restriction of processing: In certain circumstances, you are entitled to ask us to stop using your PD (for example, where you believe the PD is no longer necessary for the purposes for which it was collected).
- The right to withdraw your consent: Where we rely on your consent to process your PD, you have the right to withdraw such consent.
- The right to erasure: This is sometimes known as the ‘right to be forgotten’. It entitles you, in certain circumstances, to request deletion of your PD.
- The right to object to direct marketing: You have a choice about whether you wish to receive marketing information from us. Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the nature of services we offer you.
- The right to object to processing: In certain cases, you have the right to object to our processing. This right arises where we process your PD based on our legitimate interests and you can object to such processing (unless our purpose outweighs any prejudice to your privacy rights).
- The right to data portability: In certain circumstances, you can request that we transfer PD that you have provided to us to a third party.
- Rights relating to automated decision-making: We do not carry out any automated decision making. If this changes in the future, we will provide you with an updated notice setting out our decision-making process.
- The right to make a complaint with the Regulator: If you believe that we have breached DP Laws when using your PD, you have the right to lodge a complaint with the relevant data protection authority. In the UK, this is the Information Commissioner’s Office, whose website can be found at ico.org.uk.
Please note that while we take your rights seriously, there may be circumstances where we are unable to comply with your request — for example, if doing so would prevent us from meeting our own legal or regulatory obligations. In such cases, we will explain the reasons for our decision.
Further queries
If you have any questions or concerns about:
- the PD we hold in relation to you (including wishing to submit a request in line with your rights above), or
- the privacy of our websites or applications, please contact us at privacy@petrolink.com.
Version: 1.2 – 09/Sep/2025
