privacy statement
Last updated: October, 2025
1. introduction
Chevron Lubricants Lanka PLC (“Chevron,” “we,” or “us”) wants you to be familiar with how we collect,use, disclose and otherwise process your personal data. This Privacy Statement (“Statement”) describes ourpractices in connection with information that we collect through:
- Websites operated by us through which you are accessing this Statement (the “Sites”);
- Software applications made available by us for use on or through computers and mobile devices (the “Apps”);
- Our social media pages and apps that we control from which you are accessing this Statement (collectively, our “Social Media Pages”);
- HTML-formatted email messages that we send to you that link to this Statement or other communications with you; and
- Offline business interactions you have with us.
Collectively, we refer to the Sites, Apps, Social media pages, emails, and offline business interactions as the “Services.”
The purpose of this Statement is to explain our data practices – including, but not limited to, the categories of personal data collected by us, the purposes for which it is processed and shared, as well the rights available to you in your capacity as a “data subject” in respect of your personal data
By accepting our Services, you acknowledge that you have read and understood this Statement.
2. Personal data collection
Personal data that you provide to us directly or indirectly. The Services collect personal data, including:
- Contact details such as your name, email address, telephone, fax number(s), and mailing address;
- Company information such as your title, company/organization name, and company address; Thecontent of your message or request;
- Partner rewards program account number and/or rewards or loyalty program eligibility information;
- Information in connection with your participation in events, such as your registration, participation insessions, and survey results;
- Your preferences with respect to email marketing;
- Information regarding contest entries, event registration, and rewards or loyalty program participation;
- Account login information, including username and password;
- Video or audio recordings of company conference calls or customer service calls, and security footage andvideo recordings captured at our facilities or company events;
- State and national identification numbers, such as passports or driver’s licenses, which may include biographical and demographic information, such as date of birth, age, gender,racial or ethnic origin, and data revealing citizenship;
- Financial account number and other payment and financial information;
- Transaction information and purchase history, including purchases considered, consuming histories or tendencies;
- Geolocation data, such as the site, time, and date of purchases or data derived from your IP address,country, and zip code, as well as precise geolocation of your mobile device where we have provided noticeand obtained your consent, where required under applicable law;
- Information such as your nationality and/or country of residence that allows us to determine youreligibility under export control regulations to receive information about certain technologies or complywith other legal reporting requirements; and
- Feedback from you about our products and services, including our Sites.
Personal data collected by automated means. We collect certain data about your visit to and use of ourServices, including what pages you view, the number of bytes transferred, the links you click, and otheractions taken within our Services. We also collect certain standard information that your browser sends toevery website you visit, such as your Internet Protocol (IP) address, your browser type and capabilities andlanguage, your operating system, the date and time you access the Services, your mobile deviceinformation (including ID), as applicable, and the website from which you linked to our Services. We usethis data to communicate with you through the Services, operate and administer the Services,and analyze Services usage. We may also use this information to execute or improve our security measures.
Our Services use tracking technologies to help us understand their performance and our online marketing efforts.
Sources of personal data. We and our service providers collect personal data in a variety of ways, including:
- Through the Services. We collect personal data through the Services, for example, when you sign up for anewsletter, contact us, or make a purchase.
- From other sources. We receive your personal data from other sources, for example publicly- availablewebsites (such as LinkedIn), our business partners, and marketing companies.
We need to collect personal data in order to provide the requested Services to you. If you do not providethe information requested, we may not be able to provide the Services. We generally process your Personal Data in accordance with one or more of the following lawful bases as provided by applicable Law:
- Contract: When performing contractual obligations
- Legal Obligation: When required by applicable law
- Legitimate Interest: In relation to our legitimate interests related to serving you as a customer
- Data made manifestly public
- Defense of legal claims
- Statistical purposes
- With your Consent.
3. Our use of personal data
We collect and process your personal data for a number of legitimate business purposes – which include, but are not limited to, the following:
Operate, evaluate, and improve our business. We may use the personal data we collect to administer, enhance, maintain, repair, personalize, and improve our products and services, develop new products,services, websites, and mobile apps, manage our communications and customer relationships, undertakequality and safety assurance measures, and perform accounting, auditing, billing, reconciliation, collection,and similar activities.
Respond to your request for information, order, or support. When you contact us, we collect and useinformation necessary to respond to your request, grant you access to a product or service, and provide youwith support. For instance, we may collect your name and contact information, payment and partnerrewards program account number and/or rewards or loyalty program eligibility information, and detailsabout the fulfillment delivery and invoicing of your order, and we may include client satisfaction surveyinformation.
To effectively pursue our business relationship with you, to keep you informed and updated about our Services and other business activities. Subject to the rights made available to you under Section 5 hereof, we usepersonal data to provide you with personalized advertising, marketing materials, and content, and todetermine the effectiveness of our promotional campaigns. We may combine the personal data we collect todevelop aggregate analysis and business intelligence for conducting our business and for marketing andpersonalization purposes. We may retain such information for administrative purposes, to defend our rights,and to manage our relationship with you.
Administer or fulfill a rewards or loyalty program or similar offer. When you enroll in one of our rewardsor loyalty programs or participate in a contest, promotion, survey, or offer, we may collect
information in order to administer or fulfill such program or offer.
Manage physical sites and event visits and secure persons and property. We may register individualsvisiting our physical sites and locations (name, identification, and contact information) and use video,CCTV, camera, or use other technology and other measures, to ensure security and safety of persons andbelongings, as well as for regulatory purposes.
Prevent fraudulent or other criminal activity. We may use the personal data we collect to verify youridentity, protect against and prevent fraud and other unlawful activity, unauthorized transactions,claims and other liabilities, for safety and security purposes, and to manage risk exposure and quality, including for the purpose of ensuring network and information security.
Meet legal, regulatory and compliance obligations. We may use personal data to conduct investigations,and to comply with and enforce applicable legal requirements, relevant industry standards, contractualobligations, and our policies and terms. We may use personal data to establish, defend, or prosecute legal claims.
We may aggregate and/or anonymize personal data so that it is no longer personal data. We do soto generate other data for our use, which we may use and disclose for any purpose, as it no longeridentifies you or any other individual.
4. Disclosure of personal data
We disclose personal data to:
Affiliated entities. We disclose personal data to our affiliates for the purposes described under “Our Use of Personal Data” described in Section 3 of this Statement.
Business partners. We may disclose personal data to our joint venture partners and, where appropriate,with selected business partners for a business purpose such as providing you with products or services,facilitating your transactions, or fulfilling your requests. In some cases, a partner’s own privacy policy mayapply to its use of your personal data.
Service providers. We contract with other companies to provide services on our behalf, including, but notlimited to, hosting the Services, providing data analysis, sending out information, processing transactionsand payments, analyzing our Sites, providing customer service, conducting investigations, informationtechnology, and related infrastructure, and administering and fulfilling our loyalty and rewards programs.
Select corporate, promotional, rewards or loyalty partners. We may offer sweepstakes, contests, promotions, rewards, or loyalty programs (each, an “Offer”) that provide eligible members with certainawards and specifical benefits. By participating in an Offer, you agree to the terms, conditions and/or officialrules that govern that Offer. If you choose to participate in an Offer, personal data may be disclosed to thirdparties, including select partners, in connection with the administration of the Offer, including, without limitation, tracking and redemption of rewards and
as may be required by applicable law. The third party’s own privacy policy may apply to its use of your personal data.
Transactional partners. In connection with certain transactions, we may disclose personal data to financial institutions, government entities, and shipping companies or postal services involved in fulfillingthe transaction. The third party’s own privacy policy may apply to its use of your personal data.
Third parties in connection with acquisitions or divestitures. We may use, disclose, or transfer personaldata to a third party in connection with any proposed or actual reorganization, bankruptcy, merger, sale,joint venture, assignment, transfer, or other disposition of all or any portion of our assets or stock.
Other users on collaborative Site pages. Some pages on our Sites may promote collaboration amongregistered users with respect to a particular area or topic. Those pages may disclose your username toother participants to label comments or suggestions that you make as yours.
Government and regulatory authorities. We may disclose personal data to authorities if so required by law,regulation, subpoena, court order, warrant or similar legal process, or in the good-faith belief that such actionis necessary to protect and fulfill our legal obligations, defend our rights or property, establish, defend, or prosecute legal claims, or in urgent circumstances to protect the personal safety of any individual.
5. choices and access
Subject to applicable laws, you have the following rights concerning your Personal Data:
- Right to access: to access information we hold about you and to obtain information about how we process it.
- Right to rectification or completion: to request rectification of your information if it’s inaccurate or incomplete.
- Right to erasure: in certain circumstances, to request erasure of your information. Please note if you choose to erase your information, we may continue to retain your information if we have another legitimate reason to retain same and are entitled or required to do so.
Your rights concerning our use and disclosure of personal data can be exercised in the following manner:
Receiving marketing-related emails from us. If you no longer want to receive marketing related emailsfrom us on a going-forward basis, you may opt out by following the unsubscribe link in the message or by submitting your opt-out request via email. We will try to comply with your requests as soon as reasonablypracticable.
How you can access, change, or delete your personal data
If you would like to request to access, correct, update, restrict further processing, or delete personal data, object to or opt out of the processing of personal data (to the extent these rights are provided to you byapplicable law), you may contact us in accordance with the how to contact us section below. We willrespond to your request in accordance with applicable law.
In your request, please make clear what personal data you would like to have corrected and or updated orwhether you object to the further processing of your personal data. Where and to the extent certain data has been processed solely on the basis of your consent, you retain the option of withdrawing such consent; provided, however, that it would not affect the lawfulness of any processing that took place prior to such withdrawal.
In certain circumstances, you may wish to withdraw your consent for processing your information, which may be exercised as a Right to withdraw consent and object to processing under applicable law. Please note if you choose to withdraw your consent, we may continue to process your information if we have another legitimate reason to do so. The withdrawal of consent may also impact your ability to continue to have access to our products and services.
For your protection, we may implement any requests you submit to us only with respect to the personal dataassociated with the particular email address that you use to send us your request, and we may need toverify your identity before implementing your request. We will try to comply with your request as soon asreasonably practicable in accordance with applicable law. In doing so, we reserve the right to request and require you to provide additional information where, and to the extent, such information is necessary to processes your request (for example, where you have failed or neglected to reasonably identify the personal data to which your request relates). We also reserve the right to decline processing any requests that are manifestly unfounded, fraudulent, or otherwise not permitted by applicable law or, in some cases, where applicable law does not require us to comply with the request.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make apurchase or enter a promotion, you may not be able to change or delete the personal data provided untilafter the completion of such purchase or promotion).
In exercising your rights under applicable law, you must ensure that your requests are communicated in writing and addressed as provided below, that you detail the nature of the request and the respective right you seek to exercise, and that you fairly, reasonably, and specifically identify the Personal Data over which you wish to exercise such right.
Right to appeal: you may choose to file an appeal against our decision made in relation to a request to exercise your data subject rights, under applicable law, through the Appeal process available with the Data Protection Authority.
6. third-party advertising
We use third-party advertising companies to serve advertisements regarding goods and services thatmay be of interest to you when you access and use the Services and other websites or online services. This is subject to your rights available you under Section 5.
You may receive advertisements based on information relating to your access to and use of the Services andother websites or online services on any of your devices, as well as on information received from thirdparties. These companies may place or recognize a unique cookie on your browser (including through the useof pixel tags). They may also use these technologies, along with information they collect about your onlineuse, to recognize you across the devices you use, such as a mobile phone and a laptop.
If you would like more information about this practice, and to learn how to opt out of it in desktop andmobile browsers on the particular device on which you are accessing this Statement, please contact privacy@chevron.com for more information.
7. third-party payment services
The Services may provide functionality allowing you to make payments to Chevron using third- partypayment services with which you have created your own account. When you use such a service to make apayment to us, your personal data will be collected by such third party and not by us and will be subject tothe third party’s privacy policy, rather than to this Statement. We have no control over, and are not responsible for, such third party’s collection, use, and disclosure of personal data.
8. sensitive / special categories of personal data
During the course of providing you the Services, we do not generally process Sensitive Personal Data (e.g., Photo ID, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership). Unless we specifically request that you provide us with such data, we request that you do not send or disclose such data to us, and in the event that you do send or disclose such data to us when we have not specifically requested it, our policy is to promptly delete it without further processing it.
9. jurisdiction and cross-border transfers
Your personal data may be stored and processed in any country where we have facilities or in which weengage service providers; and, by using the Services, you agree that your information will be transferredto countries outside of your country of residence, including to the United States, which may have dataprotection rules that are different from those of your country. In certain circumstances, courts, lawenforcement agencies, regulatory agencies, and/or security authorities in those other countries may beentitled to access your personal data. In the event of any cross-border transfer of your personal data, we will ensure that such transfers are in accordance with and subject to the safeguards available under the Sri Lanka Personal Data Protection Act, including the directions or orders of the Data Protection Authority of Sri Lanka, and any other applicable law.
10. retention of personal data
We retain personal data, including sensitive personal data, for as long as needed to make our Services available to you or as otherwise consistent with the purposes for which it was collected and with applicable law. When determining the retention period, we use various criteria, including the following : the length oftime we have an ongoing relationship with you and provide Services to you; the legitimate businesspurposes for which we collect and process personal data as described in this Statement, includingretention of personal data related to the establishment, defense, and pursuit of legal claims; and whetherwe are subject to a legal obligation that requires us to retain records.
11. security
We seek to use reasonable organizational, technical, and administrative measures designed to protectpersonal data within our organization. Unfortunately, no data transmission or storage system can beguaranteed to be 100% secure. If you have reason to believe that your interaction
with us is no longer secure, please immediately notify us in accordance with the how to contact us section below.
12. links to third-party websites or services
This Statement does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which theServices link. The inclusion of a link on the Services does not imply endorsement of the linked site orservice by us or by our affiliates. In addition, we are not responsible for the information collection, use,disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google,Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating systemprovider, wireless service provider, or device manufacturer, including with respect to any personal datayou disclose to other organizations through or in connection with the Apps or our Social Media Pages.
13. children
The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collectpersonal data from individuals under 16. If you become aware that we may have collected personal data ofminors, please contact us at privacy@chevron.com.
14. how to contact us
Chevron Lubricants Lanka PLC, located at Level 16, MAGA ONE, No. 200, Nawala Road, Narahenpita, Colombo 05, Sri Lanka , is the company responsible for the collection, use, and disclosure of your personaldata under this Statement.
If you have questions regarding this Statement or our handling of personal data in Sri Lanka, please contact us by email, or by mail at:
Chevron Lubricants Lanka PLC
Level 16, MAGA ONE, No. 200, Nawala Road, Narahenpita, Colombo 05, Sri Lanka.
Tel : +94 114 524 524
Email: privacy@chevron.com
15. changes to this Statement
We may change or update this Statement from time to time. When we do, we will post the revised Statement on this page with a new “effective” date. Any changes will become effective when we post therevised Statement on this page.
resources
Search Location
Distributors: 0
PRINT