Heritage Petroleum Company Limited “Heritage” is the state-owned oil exploration and production company of Trinidad and Tobago. Its registered address is No. 9 Queen’s Park West and its operational centres are located in Santa Flora, Penal and Point Fortin in Trinidad. At Heritage protecting your privacy is very important to us and as part of ensuring good governance processes and procedures we are of the view that you need to understand our practices relative to the handling of your personal data. This policy therefore sets out:
- Heritage’s procedures for the collection, storage and processing of the personal information or sensitive personal information of the individuals that interact with us through our website.
- Your rights in relation to the personal information or sensitive personal information that we collect about you. If you have questions about the policy or wish to raise concerns relative to the use of your personal information/sensitive personal information, please contact email@example.com
For the purposes of this policy, “personal information” and “sensitive personal information” have the meanings ascribed to those terms in the Data Protection Act, Chapter 22:04 of the Laws of the Republic of Trinidad and Tobago.
2. Types of personal information we collect
How we collect personal information
We will primarily collect personal information from you either directly (such as when you request information from us, including through the Contact Us form available on our website) or indirectly from your interactions with us (such as by monitoring your use of this website. In some cases, we may also to collect personal information about you from third parties (such as recruitment agencies).
Types of personal information we collect
We collect and process different types of personal information depending on how you interact with us. In some circumstances, we may also collect sensitive personal information about you. The types of personal information that we collect about you may include:
- Identification data – such as your name, gender, job title, photograph and date of birth.
- Contact details – such as your home and business address, email address and telephone number.
- Recruitment-related information – such as your name, email address, location, telephone number, qualifications, employment history, interests, types of roles you are interested in, your work application form and resume or CV. If you progress through the interview process, we may also collect interview notes, references, results of any psychometric tests and background checks (including criminal records checks), your work visa and other information to verify your identity and right to work.
- e-Business information – this includes information required to provide access e-Business portals (such as login information, IP addresses), and records of your use of those websites or portals.
- Usage information – information we collect when you use our websites or apps, such as server log information (your IP address, browser type, operating system, browser language, time zone, access times and any referring addresses) and location information.
- Other information – this includes information about access to an attendance at Heritage premises and physical assets (such as security records about times of entry and exit, and information collected through CCTV), details about your use of our assets, communications with you (including complaints or concerns raised by you or any feedback or survey responses that you provide to us) and other information you voluntarily provide to us.
Sensitive Personal Information
Sometimes we may collect sensitive personal information about you but we will only do this as described in section 3 below.
3. Why we process your personal information
The legal basis for collecting your personal information
Heritage will only process your personal information where we have a legal basis for doing so. This means we will process your personal information:
- where necessary in connection with our procurement, recruitment processes prior to entering into a contract;
- to comply with our legal obligations;
- where it is in legitimate business interests; or
- where you are given a genuine choice as to whether or not we collect your data and you have given us your consent. Should you give your consent for Heritage to collect and process your personal information, you will always have the option to withdraw this consent at a later stage and you will never suffer. A decision to decline consent to the collection, processing and storage of your will not result in any material disadvantage to you.
The purposes for which we process your personal information will depend on the type of personal information collected and the context in which it was collected. However, the primary purposes for which we process personal information include:
- managing our relationship with you – this includes providing you with information or services, improving our products and services and communicating with you;
- business-related purposes – this includes negotiating, managing, and fulfilling our contracts with customers, suppliers and third parties (including e-commerce transactions); managing business relationships; administering real estate leases and licences; conducting clearance procedures; managing accounts and records; supporting corporate social responsibility activities; resource planning and workforce management; activities and operations; internal investigations; and debt administration;
- marketing and public relation purposes – this includes analysing the characteristics of visitors to our website; to prepare analytics and profiling for business intelligence purposes; to personalise your experience on our website; managing our newsletters and communications.
- recruitment-related purposes – this includes considering you for career opportunities (including internship positions) with Heritage and inviting you to participate in recruitment activities and events;
- legal obligations – this includes meeting obligations imposed under law; responding to lawful requests from governments and public authorities; and responding to potential or actual litigation.
If we do not collect your personal information, it may affect our ability to perform these functions.
Sensitive personal information
As flagged above, sometimes we may need to collect and process sensitive personal information about you, but we will only do this:
- where you have explicitly provided your consent; or
- where otherwise permitted by applicable laws and regulations.
- non-personal information and data may be automatically collected through the standard operation of the Company’s internet servers or through the use of “cookies.”
4. Who we share your personal information with
We may share your personal information within our corporate group as well as with third parties involved in the running of our business and your authorised representatives. This may involve sharing information across national borders.
Disclosures within our corporate group
Disclosures outside our corporate group
We may also need to share your personal information (which may sometimes include sensitive personal information) with:
- government authorities or other entities where we are obliged to do so by law.
- third parties who provide services we use to run our business (such as external service providers that assist Heritage to perform HR, information technology and other shared services functions, that provide IT services or that provide security for Heritage sites or systems);
- our professional advisors (such as our lawyers and accountants); and
- third parties that you have authorised to interact with us on your behalf (such as recruitment agencies);
In some circumstances relative to third party service providers, these entities are registered and operate out of other jurisdictions. If we need to disclose personal information to third parties in a different country, we will take steps to ensure that there is a lawful basis for the disclosure and that the disclosure complies with all applicable laws. This may include entering into a legally binding contract with the recipient under which they are obliged to maintain confidentiality of your information and handle your information in accordance with applicable laws.
5. How we store and protect your personal information
We take steps to ensure that your personal information is kept secure and protected against unauthorised access or use. We only keep your personal information for as long as we need it to carry out the purposes described in this policy.
We have put in place procedures and technologies to maintain the security of your personal information from the point of collection to the point of destruction.
We also take steps to ensure that all our workers are aware of and are properly trained through applicable information security policies and procedures that are designed to keep your personal information secure. We will investigate and take appropriate action if we become aware of any failure to comply with these policies and procedures.
Storing personal information
Heritage stores the personal information that we collect in electronic databases.
Our policy is that Heritage will keep personal information for no longer than is necessary for the purposes described in this policy or as otherwise required by law.
6. Your rights and choices
You have certain rights in relation to your personal information that we hold about you. As Heritage is a State-owned Company, the procedure for gaining access to the personal information that we have collected from you is set out in the Freedom of Information Act, Chapter 22:02 of the Laws of the Republic of Trinidad and Tobago. The Designated Freedom of Information Officer and Alternate can be contacted on_________. We respond to all requests we receive from individuals wishing to exercise their rights in relation to any information we hold in accordance with applicable Freedom of Information and Data Protection laws.
7. Updates to this policy
8. How you can contact us
If you have any questions about this policy, contact our Corporate Communications Department at firstname.lastname@example.org