Vendor Information System

privacy policy

introduction

Chevron Nigeria Limited (“CNL”) is committed to protecting the privacy of data collected from vendors in the course of its business. This privacy policy statement (“Privacy Statement”) seeks to explain the steps taken by CNL to protect personal data collected by the administration of CNL’s Vendor Information System (“VIS”). This Privacy Statement describes the categories of personal data collected by CNL, the purposes for which they are collected, vendors’ choices regarding the use of vendors’ personal data, measures taken by CNL to secure vendors' data, and how vendors can review and correct vendors’ data. By reading this Privacy Statement and submitting to CNL VIS on-boarding request, vendor consents to the data collection and use/practices described in this Privacy Statement. The applicable laws that apply to this Privacy Statement are the Nigeria Data Protection Regulation, 2019 and the NDPR Nigeria Data Protection Regulation, 2019: Implementation Framework (“Applicable Laws”).

data collection

Data is voluntarily provided by Vendors through the VIS for the purpose of management of vendors’ enquiries and processing of vendors’ invoices.

CNL typically provides the reasons for collecting the data. At other times, the reasons are obvious from the circumstances. CNL will also inform vendors of what it will do with the data received.

The types of data collected by CNL, include but are not limited to:

  • contact details such as company/organization names (including previous names), forms of business, e-mail addresses, telephone and fax numbers, and physical addresses.
  • details of invoices and purchase orders.
  • any other information that suppliers may wish to disclose that may be relevant to CNL.

Vendors are not required to provide these information. However, should vendors choose not to provide the information, CNL may not be able to process vendors’ invoices or resolve enquires.

disclosure of Vendors’ personal data

Except as described below, personal data provided to CNL via the VIS will not be shared outside CNL, its subsidiaries, affiliates or its joint venture partners without vendors’ consent.

Disclosure in connection with audit or regulatory requirements: In connection with regulatory and audit requirements, CNL may disclose some or all of the personal data provided by vendors to partners, corporate auditors or government agencies.

Disclosure for other reasons: CNL may disclose vendor’s data if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on CNL, to protect and defend CNL’s rights or property, or in urgent circumstances to protect the personal safety of any individual.

international transfers of personal data

CNL may transfer the personal data that is collected through the VIS to, and store such personal data in, countries other than the country from which that personal data was initially collected, in accordance with Applicable Law. The countries to which such personal data may be transferred include the United States of America (and the other countries around the world where CNL’s individual subsidiaries, affiliates, vendors, or business partners maintain facilities) which may have different data protection laws from the countries from which the personal data was initially collected.

By choosing to complete the VIS and to submit personal data through the VIS, vendors consent to the transfer of such personal data outside of vendors’ country.

To the extent required by Applicable Law, when CNL transfers vendors’ personal data to recipients in other countries, CNL will take measures to protect that personal data.

personal data retention

To the extent permitted under Applicable Law, CNL will retain personal data obtained via the VIS for as long as, (1) it is needed for the purposes for which it was obtained, in accordance with the provisions of this Privacy Statement, or (2) CNL has a lawful basis, for retaining that personal data beyond the period for which it is necessary to serve the original purpose of obtaining the personal data.

security

CNL is committed to ensuring the security of personal data. While no security measure can guarantee protection against compromise, CNL utilizes a variety of security technologies and procedures to help protect personal data from unauthorized access, use, or disclosure. For example, CNL stores the personal data received on computer systems with restricted access which are located in facilities to which access is restricted. CNL retains all personal data subject to CNL’s procedures and policies relating to data retention, which require that personal data be destroyed in a manner that protects the confidentiality of the personal data when its retention period expires.

reviewing personal data

In many cases, vendors can immediately review, and correct personal data provided through VIS.

Vendors are also entitled to submit requests to CNL to review and correct personal data collected through VIS or submit any inquiries or concerns regarding personal data collected via VIS.

data subjects' rights

To the extent permitted under Applicable Law, vendors may have the right to (1) access certain personal data maintained by CNL; (2) request update, correct, amend, erase or restrict vendors’ personal data; or (3) exercise vendors’ right to data portability; (4) withdraw consent previously provided to CNL or object at any time to the processing of vendors’ personal data on legitimate grounds relating to vendors’ particular situation, and CNL will apply vendors’ preferences going forward as appropriate.

To exercise these rights, vendor should contact CNL through one of the means specified in the “how to contact us” section of this Privacy Statement.

complaints handling

If vendor wishes to make a complaint about the way CNL has handled vendors’ personal data (including if there is a breach of any Applicable Law), vendor may do so by contacting CNL in writing, via the VIS portal or by mail or email to the address set out in the “how to contact us” section of this Privacy Statement. If a complaint is made, vendor should include vendor’s name and contact details such as an email, address and telephone number and provide a clear description of the complaint. CNL will investigate the complaint and respond promptly (within 60 days).

If a vendor considers that vendor’s complaint was not resolved satisfactorily, such vendor can complain to the National Information Technology Development Agency (NITDA).

how to contact us

If vendors have questions regarding this Privacy Statement or CNL’s handling of personal data, please contact CNL by email, or by mail at:

Chevron Nigeria Limited
2 Chevron Drive Lekki Peninsula Lagos
Nigeria
Attention: Supervisor Accounts Payable

Email: l9lek618@chevron.com
Phone: +234-1-2772222

changes to this privacy statement

CNL may occasionally update this Privacy Statement. When CNL updates the Privacy Statement, the "Effective Date” at the bottom of the Privacy Statement will be revised. Vendors should revisit the VIS privacy page periodically to become aware of the most recent terms of CNL’s Privacy Statement. Vendors’ use of the VIS after changes have been made to the Privacy Statement constitutes vendors’ consent to such changes.

Effective Date: March 6, 2023