Privacy Notice - Shell Group Employee, Contractor and Dependents’ Personal Data

This notice sets out what personal data we collect, for what purposes and your rights in this respect.

What does this Privacy Notice cover?

Every individual within the Shell group of companies (‘Shell’ or ‘we’) is responsible for protecting personal data about each other as well as that of our customers, business partners and suppliers.

This Privacy Notice provides information about personal data processed by Shell in relation to individuals who are or were employees, interns or individual contractors as well as dependents of Shell employees (‘Shell Staff’).

For individual retail customers, members of Shell loyalty programs, visitors of Shell websites or users of Shell applications, please refer to the Privacy Notice - Motorists at https://www.shell.co.id/en_id/privacy/b2c-notice.html.

For individuals who apply to work for Shell, or who attend a recruitment event or undertake an assessment for Shell, please refer to the Privacy Notice - Shell Group Recruitment at https://www.shell.co.id/en_id/privacy/job-applicant-notice.html.

These notices are also available from the Shell websites in the various locations in which we operate, in local langauages and to reflect local requirements as appropriate.

As well as this Privacy Notice, bespoke privacy notices and supplementary privacy statements may contain further information about how we process your personal data in relation to specific HR processes (such as Open Resourcing, OneHealth IT and International Mobility programs). In those instances, such privacy notices will be communicated to you separately. These privacy notices may vary among the countries in which we operate to reflect local practices and applicable law requirements.

This Privacy Notice explains what personal data are processed about you, why we are processing your personal data and for which purposes, how long we hold your personal data for, how to access and update your personal data, as well as the options you have regarding your personal data and where to go for further information.

The categories of personal data we collect about you.

What personal data do we process about you? Collection of information

We process personal data necessary to manage the employment relationship, to engage contractors and interns and to provide benefits to certain dependents of Shell employees.

This includes personal home contact information, date of birth, marital status, payroll and bank account information, wage and benefit information including beneficiary information, emergency contacts, work performance information, information required to ensure you have the right to work in the country/ies you are engaged in, as well as any other information necessary for managing the employment relationship, for engaging contractors and for providing benefits to certain dependents of Shell employees (such as those dependents who accompany a Shell employee while on an expatriate assignment).

Specific personal data and health data

We also process some special categories of personal data (’specific personal data’) under the Indonesian Law No.27 of 2022 regarding Personal Data Protection (‘PDPL’) including data and information relating to an individual’s health, biometric data, genetic data, data of children, personal financial data, and/any other data in accordance with the relevant laws and regulations (Article 4 paragraph (2) of the PDPL).

We will only process such personal data where it is necessary for the purposes of complying with employment and social security laws, for the establishment, exercise or defense of claims or where necessary for the purposes of providing occupational medical advice and support, to protect the vital interests of an individual (such as in an emergency), where necessary for reasons of public health or where the individual has provided their explicit consent.

We will only process your personal data where we have a legal basis to do so.

Why do we process your personal data?

We process your personal data:

  • in order to satisfy our obligations to comply with local laws and regulations;
  • for legitimate business interests (for example performance management in order to ensure we have qualified and competent personnel or for health, safety and security purposes to ensure that only authorised personnel can access certain sites or assets, litigation and defense of claims); or
  • where we have your explicit consent.

Please note that as a general principle, Shell does not seek or rely on the consent of Shell Staff for processing personal data. However, there are limited circumstances when consent is required, such as if required by applicable local law.

Personal data requested from Shell Staff are the minimum required in order to fulfil legal and/or contractual requirements and to provide opportunities to take part in programs or to provide a benefit. Failure to provide us with the information requested may negatively affect your ability to remain in employment, internship or engagement as a contractor or from participating in a program or receiving a benefit.

In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent. Withdrawal of consent may however impact your ability to remain employed or otherwise engaged or from participating in a program or receiving a benefit.

The purposes for which we process your personal data.

For what purposes do we process your personal data?

We process personal data covered by this Privacy Notice for the following purposes:

  • Human Resources, personnel management, business process execution, internal management, management reporting, organisational analysis and development - including budgetary, financial and organisational planning, administration, compensation, performance management;
  • Health, safety and security - including protection of Shell Staff’s life or health, occupational health and safety, protection of Shell assets and authentication of Shell Staff status and access rights; or
  • Legal and/or regulatory compliance - including compliance with legal or regulatory requirements.

We may also process your personal data for a secondary purpose where it is closely related, such as:

  • storing, deleting or anonymising your personal data;
  • fraud prevention, audits, investigations, dispute resolution or insurance purposes, litigation and defence of claims; or
  • statistical, historical or scientific research.

Monitoring

All activities on Shell IT equipment and/or when connected to the Shell IT network may be monitored for legitimate business purposes.

All Shell Staff receive an access badge which allows Shell to record the date, time and access points made by individuals within Shell premises and assets. The data from the access and security systems are used:

  • for health, safety and security purposes,to prevent fraud and specifically the protection of Shell assets, Shell Staff and visitors to Shell premises;
  • to comply with legal and regulatory requirements, specifically where there is a local legal requirement to provide information to government/regulatory authorities;
  • to monitor (on an aggregated basis) the number of individuals entering and working in a Shell premise for human resources and real estate planning; and
  • in the case of contractors only (not Shell employees) the date and time of their entry and exit of Shell premises is used for the purposes of financial management and control.

Most of our premises and assets are equipped with surveillance cameras (CCTV). Where surveillance cameras are used they will be identified. Surveillance cameras are used for health, safety and security specifically the protection of Shell assets, Shell staff and visitors to Shell premises. All images are routinely deleted unless there has been a health, safety or security incident, suspected or actual criminal activity, in which case they may be viewed by internal Shell investigation teams and externally if legally required or permitted by law enforcement or other government authority.

Screening

In order to comply with legal and regulatory obligations, to protect Shell’s assets and employees/contractors and specifically to ensure that Shell can comply with trade control, anti-money laundering and/or bribery and corruption laws and other regulatory requirements, we carry out screening on all employees and contractors on a periodic basis. This screening takes place against publicly available or government issued sanctions lists and is compared with information held about you by Shell (for example from the Conflict of Interest register - see here for more information).

Any personal data collected through the screening will not involve profiling or automated decision making regarding suitability for continued employment, internship or engagement as a contractor.

Who is responsible for any personal data collected?

PT SHELL INDONESIA, whose address is Talavera Office Park 22-26th Floor, Jl. Letjen. TB Simatupang Kav. 22-26, Jakarta Selatan, Jakarta, 12430, Indonesia, will be responsible for processing your personal data (including that of dependents), jointly with its affiliates within the Shell group of companies.

In the case of individual contractors, the company within the Shell group that has contracted your services solely or jointly with its affiliates within the Shell group of companies and your external contracting/employing company/agency.

Who do we share your personal data with?

Who will we share the personal data with?

Your personal data are exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:

  • Other companies within the Shell group of companies, including to those which may be located outside of your location;
  • Authorized third party agents, service providers, external auditors and/or subcontractors of Shell; and
  • A competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which the relevant Shell company/companies is subject to or as permitted by applicable law; or
  • Any person to whom Shell proposes to transfer any of its rights and/or duties.

Your personal data may be transferred outside of your country, subject to appropriate safeguards.

Transfers of your personal data to other countries

Where your personal data have been transferred to companies within the Shell group and/or to authorized third parties located outside of your country we take organizational, contractual and legal measures to ensure that your personal data are exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented in order to safeguard your personal data. These measures include Binding Corporate Rules for transfers among the Shell group and for Shell companies in the EU, European Commission approved transfer mechanisms for transfers to third parties as well as any additional local legal requirements. You can find a copy of Shell Binding Corporate Rules at https://www.shell.co.id/en_id/privacy.html or by contacting privacy-office-SI@shell.com.

Shell is committed to safeguarding your personal data.

Security of your personal data

We have implemented technology and policies with the objective of protecting your privacy from unauthorised access and improper use and will update these measures as new technology becomes available, as appropriate.

Shell only holds your personal data for a defined period of time.

How long do we hold your personal data for?

All information, including personal data, is managed in line with the Shell group standards for Information and Records Management and securely deleted once no longer required for a legitimate business purpose or for a legal/regulatory purpose.

With some exceptions required to comply with local legal requirements:

  • information contained within personnel files is held for no longer than 10 years once your employment has terminated;
  • information relating to retirement benefits are held for no longer than 99 years from the commencement of employment;
  • any personal data gathered as part of the screening against publicly available or government issued sanctions lists and media sources are held for no longer than 15 years after they were first gathered;
  • the names, date, time and access points for all individuals entering Shell premises are held for 5 years from each access;
  • where an individual has been dismissed or had their contract terminated due to serious misconduct, including breaching the Shell Life Saving Rules or breaching the Shell Code of Conduct, that information is held for up to 30 years post termination.

In all cases information may be held for (a) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or (b) a shorter period where you object to the processing of the personal data and there is no longer a legitimate business purpose to retain it.

Your rights and how to exercise them.

Your rights in relation to your personal data

We aim to keep our information about you as accurate as possible. You can request:

  • access to your personal data;
  • correction or deletion of your personal data (but only where they are no longer required for a legitimate business purpose);
  • that the processing of your personal data is restricted; and/or
  • that you receive personal data that you have provided to Shell, in a structured, digital form to be transmitted to another party, if this is technically feasible.

For those individuals who have access to HR Online you can access your personal data through: https://hronline.shell.com/.

Alternatively, please contact your local HR adviser. If you are a contractor you should speak with your external contracting/employing company/agency. For former employees or dependents, please contact privacy-office-SI@shell.com.

Who can you contact if you have a query, concern or complaint about your personal data?

If you have any issues, queries or complaints regarding the processing of your personal data please refer to the relevant Shell privacy notice in your location or alternatively you can contact Privacy-Office-SI@shell.com.

You may also contact the Shell Group Chief Privacy Officer at Shell International B.V. The Hague, The Netherlands - Trade Register, No. 27155369 Correspondence: PO Box 162, 2501 AN, The Hague.

If you are unsatisfied with the handling of your personal data by Shell, then you have the right to lodge a complaint to the Dutch Data Protection Authority whose address is Prins Clauslaan 60, 2595 AJ The Hague, The Netherlands. Please visit https://autoriteitpersoonsgegevens.nl/en for more information.

This Privacy Notice is updated over time.

Changes to this Privacy Notice

This Privacy Notice may be changed over time. You are advised to regularly review this Privacy Notice for possible changes. This Privacy Notice was last updated in May 2023.