Motorist, Loyalty customer, Shell App user
Information for individuals who are or were a retail customer, member of a Shell loyalty program, visitor to a Shell website and/or user of a Shell digital application.
Privacy Notice - Motorists, Loyalty or Energy Customers, Shell App users and visitors to our websites
This notice sets out what personal data we collect, for what purposes and your rights in this respect.
What does this Privacy Notice cover?
This Privacy Notice provides information regarding the processing of your personal data when using services and/or purchasing products from or on behalf of a company or companies within the Shell group of companies (‘Shell’ or ‘we’) whether as:
(i) a retail, energy or e-mobility customer;
(ii) a member of a Shell loyalty program such as BonusLink or equivalent in your location (‘Shell Loyalty Programme’);
(iii) a visitor to a Shell website (‘Website’ or ’Shell Website’); and/or
(iv) a user of the Shell Application or other Shell applications (‘Shell App).
As well as this Privacy Notice, bespoke privacy notices and supplementary privacy statements may contain further information about how Shell is processing your personal data. This would be the case for example if you are an energy or e-mobility customer. In those instances, such privacy notices will be communicated to you separately.
This Privacy Notice explains what personal data are processed about you; why we are processing your personal data and for which purposes; for how long we hold your personal data for; how to access and update your personal data, as well as the options you have regarding your personal data and where to go for further information.
If personal data of children is gathered this requires consent of the parent or guardian.
Special Notice - if you are under 18 years old. Processing children’s personal data
Except in those cases where Shell organizes educational events specifically designed for children, we do not intentionally collect personal data of individuals under 18 years old. If you are under 18 years old (or a different age to reflect local legal requirement as communicated on the Shell website in your location) please do not send us your personal data for example, your name, address and email address. If you wish to contact Shell in a way which requires you to submit your personal data (such as for education or innovation events) please get your parent or guardian to do so on your behalf.
This section describes the different sources from which we collect your personal data.
What personal data do we process about you? Collection of information
We collect information, including personal data about you, as a Shell customer, user of Shell Apps and/or visitor to a Shell Website or Shell administered social media page (‘Shell Social Media Page’). This information may be either:
- Information that you provide to us - when creating a Shell account profile, we will ask for your name, e-mail address and gender (so that we can address you properly but you do not have to provide us with this information), your contact preferences and information necessary for answering any security questions. If you decide to become a member of a Shell Loyalty Programme, a user of Shell Apps or our mobile payments, we may ask you to provide further personal data necessary for the performance of such services and/or authentication such as type of vehicle, driver pattern, date of birth (if collected), communications preferences and mobile number;
- Information that we obtain through your use of Shell services - we will also collect information about how and where you use or purchase Shell services and products. Such information may include electronic device information, IP addresses, log information, browser type and preferences, location information, online identifiers to enable ‘cookies’ and similar technologies. Your purchase history includes data regarding (i) specific products you buy, (ii) the total amount of your purchases per transaction, (iii) the time and place of the purchases you make and (iv) the payment method you use, including payment methods embedded in the Shell Apps (such as mobile payment option);
- If you are a member of a Shell Loyalty Programme - we will collect information about your participation in these programs; this includes data regarding (i) the type and description of the award you have chosen, (ii) the awards you have chosen, (iii) the amount of points you have redeemed, (iv) the frequency and time of redemption of your points and (v) the delivery method used to provide you with your award (if any).
- Information gathered through external sources - in order to ensure we have the most up to date information about you to provide you with better products and increasingly tailored services, we will combine information that we hold about you, with additional information which is publicly available or obtained through authorised third parties (such as Experian or Acxiom). This includes information about your shopping habits and related products or services that you may use, such as the number of household cars that you possess or the types of cars that you are interested in; or
- Information gathered through social media pages - When you communicate with us through a Shell Social Media Page (for example, when you comment on, share or react to a post , upload media, send a personal message or subscribe to a Shell Social Media Page), we may receive personal data about you such as your user name, profile picture, hometown, email address and gender. We will use any personal data received from social media in accordance with this Privacy Notice.
Shell view of the customer
With the aim of ensuring you have a seamless experience with the Shell group, and depending upon the nature of your engagement with Shell, we combine information gathered from the sources referred to above to create a personal profile of you. This enables you to interact with different Shell companies more easily and ensures we have the most up to date information about you in order to better develop services and products and to tailor offers relevant to your specific interests.
Please note however, you have the ability to control how Shell uses this information. You can opt out of having your personal data combined in this way - Please see the section below
We only process your personal data where we have a lawful basis to do so.
Why do we process your personal data?
The personal data covered by this Privacy Notice are only processed:
- with your explicit consent;
- where it is necessary to conclude a transaction with you (such as payment information);
- where it is necessary for the purposes of the legitimate interests pursued by the relevant Shell company/companies, except where such interests are overridden by your interests or fundamental rights and freedoms; or
- where it is necessary for Shell to comply with a legal obligation.
Where the processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.
What are the consequences of not providing your personal data?
Where you choose not to provide us with information set out above for the purposes of using a Shell App or participating in a Shell Loyalty Programme the only consequence is that it will affect your ability to fully interact with the Shell App and/or to participate in the Shell Loyalty Programme.
Who is responsible for any personal data collected?
Shell Malaysia Trading Sdn BHd , whose address is Menara Shell, No. 211, Jln Tun, Sambanthan, Kuala Lumpur, 50470, Malaysia, will be responsible for processing your personal data, either solely or jointly with its affiliates within the Shell group of companies.
The purposes for which we process your personal data.
For what purposes do we process your personal data?
We process your personal data for the purposes of:
- providing our products and delivering our services to you;
- managing relationships and marketing such as maintaining and promoting contact with you;
- account management including account verification (that is, ensuring that only you or someone you have authorized can access your account and information);
- customer service and development of our products and services;
- performance of and analysis of market surveys and marketing strategies;
- promotions and contests offered to Shell customers, including offering you digital rewards to recognise you as a valued customer; or
- detecting or preventing fraud if you use a mobile payment function to purchase Shell products.
We may also process your personal data for a secondary purpose where it is closely related, such as:
- storing, deleting or anonymising your personal data;
- audits, investigations, dispute resolution or insurance purposes, litigation or defence of claims;
- statistical, historical or scientific research; or
- legal and/or regulatory compliance.
Communication and marketing - your choices
If you have consented to receive communications from Shell (or if you have previously purchased goods/and or services from us and permitted by local law), you may receive offers that are tailored towards your preferences based on the information gathered about you from the various sources described above in order to provide you with better products and increasingly tailored services.
We may send you service updates and notifications without your advance consent only where such updates and/or notifications are necessary for the proper functioning of the Shell Apps or other services that you use.
You may receive pertinent offers and communications by different channels and you may update your subscription preferences via your personal profile settings anytime or use the unsubscribe functionality for the different digital channels.
Transaction security and preventing, detecting and investigating fraud
When you use a mobile payment application to purchase Shell products (if available in your market), you may be asked to provide additional personal details to complete the transaction. We may use the personal data you provide to prevent, detect and investigate fraud and to enforce the terms and conditions of the mobile payment application.
We may share some information with the service providers involved in mobile payments (such as PayPal), including but not limited to your IP address, device ID or unique identifier, loyalty card number for the purposes detailed above as well as for the purposes of collecting points, device type, geo-location information, connection information (for e.g. wi-fi) and mobile network information.
Your rights and how to exercise them.
Your rights in relation to your personal data
We aim to keep our information as accurate as possible. You can request:
- access to your personal data;
- correction or deletion of your personal data (but only where it is no longer required for a legitimate business purpose such as completing a retail transaction);
- that you no longer receive marketing communications;
- that the processing of your personal data is restricted;
- combining of your personal data from different sources to create a personal profile no longer takes place; and/or
- that you receive personal data that you have provided to Shell, in a structured, digital form to be transmitted to another party, if this is technically feasible.
To make any of these requests please go to your Shell account profile or please contact us [at as per the contact details in your country specific privacy notice, or] at SITI-MLM-Support@shell.com in this respect.
Who can you contact if you have a query, concern or complaint about your personal data?
If you have any issues, queries or complaints regarding the processing of your personal data, please contact us at SITI-MLM-Support@shell.com for further information or for submitting such requests.
You may also contact the Shell Group Chief Privacy Office at Shell International B.V. The Hague, The Netherlands - Trade Register No. 27155369 Correspondence: PO Box 162, 2501 AN, The Hague, at privacy-office-SI@shell.com.
If you are unsatisfied with the handling of your personal data by Shell, then you have the right to lodge a complaint to the Personal Data Protection Commissioner Malaysia, Level 6, Kompleks Kementerian Komunikasi dan Multimedia, Lot 4G9, Persiaran Perdana, Presint 4 Pusat Pentadbiran Kerajaan Persekutuan, 62100 Putrajaya, Malaysia or the Dutch Data Protection Authority whose address is Prins Clauslaan 60, 2595 AJ The Hague, The Netherlands. Please visit https://autoriteitpersoonsgegevens.nl/en for more information.
Cookies and similar technologies
Shell is committed to safeguarding your personal data.
Security of your personal data
We have implemented technology and policies with the objective of protecting your privacy from unauthorised access and improper use. In particular, we may use encryption for some of our services, we apply authentication and verification process for access to Shell services and we regularly test, assess and evaluate the effectiveness of our security measures.
Who do we share your personal data with?
Who will we share your personal data with?
Your personal data are exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:
- Other companies within the Shell group of companies, including to those which may be located outside of your location;
- With your consent, authorized third party companies in co-operation with Shell that may supply products and/or services to users of Shell Apps and Shell Loyalty Programmes;
- Authorized service providers involved in mobile payments (such as PayPal, Apple Wallet or Android Pay);
- Authorised agents, licensees, service providers, external auditors and/or subcontractors of Shell;
- A competent public authority, government, regulatory, supervisory, investigative or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which the relevant Shell company/companies is subject to or as permitted by applicable law; or
- Any person to whom Shell proposes to transfer any of its rights and/or duties.
Your personal data may be transferred outside of your country, subject to appropriate safe
Transfers of your personal data to other countries
Where your personal data have been transferred to companies within the Shell group and/or to authorized third parties located outside of your country we take organizational, contractual and legal measures to ensure that your personal data are exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented to safeguard your personal data. These measures include Binding Corporate Rules for transfers among the Shell group and for Shell companies in the European Union, European Commission approved transfer mechanisms for transfers to third parties. You can find a copy of Shell Binding Corporate Rules at https://www.shell.com.my/privacy.html or by contacting privacy-office-SI@shell.com.
Interacting with Shell through social media
If you choose to interact with Shell through social media on a Shell administered social media page (‘Shell Social Media Page’) such as Facebook, Instagram, Twitter or LinkedIn, your personal data (such as your name, your profile picture and the fact that you are interested in Shell) will be visible to all visitors of your personal webpage depending on your privacy settings on the relevant social media platform, and will also be visible to Shell. You can delete any information that you share on these sites at any time through your relevant social media platform’s account. Shell does not track your activity across the different social media sites that you use. If you send a message to Shell via any messanger service on a social media platform, these messages are held for no longer than one month after receipt. Please contact Shell if you wish to make a request that you are unable to action yourself and which relates to a Shell Social Media Page - see the section below.
Additionally and to the extent Shell is jointly responsible with a social media platform of a Shell Social Media Page, Shell will have access through the social media platform to aggregated data providing statistics and insights that help to understand the types of actions you take on Shell Social Media Pages. For more information on how your personal data are processed on those social media platforms, including any targeted advertising that you may receive, please refer to your privacy settings accessible through your relevant social media platform’s account.
Shell will only hold your personal data for a defined period of time.
How long do we hold your personal data for?
Personal data processed by Shell in line with this Privacy Notice will be deleted or rendered anonymous (such that it will no longer be possible to identify you);
(1) every 5 years where you remain a customer during this period;
(2) without undue delay upon you requesting that your Shell account profile is deleted or to discontinue your participation in a Shell Loyalty Programme; or
(3) after 3 years for all subscribed services from our last interaction with you (that is where you have not used our services for 3 years).
In relation to financial transactions (including those made through a Shell App), your personal data will be held for 10 years from the transaction.
In all cases information may be held for (a) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or (b) a shorter period where the individual objects to the processing of their personal data and there is no longer a legitimate business purpose to retain it.
This Privacy Notice is updated over time.
Changes to this Privacy Notice
This Privacy Notice may be changed over time. You are advised to regularly review this Privacy Notice for possible changes. This Privacy Notice was last updated in August 2019.