Effective April 19, 2024

Overview

California residents have certain rights under the California Consumer Privacy Act, as subsequently amended by the California Privacy Rights Act (CPRA), collectively referred to hereafter as “CCPA.” Phillips 66 has created this Privacy Statement to California residents to provide you with:

• information in addition to that in the Phillips 66 Privacy Statement that explains how we collect, use, process, and share personal data (also referred to as personal information, an interchangeable term) collected through Phillips 66 websites, mobile applications, and offline interactions;
• additional general information about how we collect and use personal data from California residents, including data collected through consumer use of Phillips 66 websites and apps, through retail purchases of gasoline at Phillips 66 stations, or data collected from Phillips 66 employees or job applicants; and
• instructions about how to exercise CCPA-related rights.

For the purpose of this Privacy Statement, “Customers” are individual California residents who purchase our goods and services or use our mobile apps, such as those who are in a business-to-consumer relationship with us, or who visit our websites.  “Non-Customers” are other individual California residents who, themselves or acting on behalf of a business, we work with in conducting our operations, such as current, past, and prospective suppliers, vendors, counterparties, contractors, employees, or visitors to our physical sites or premises.

What personal data do we collect?

Under the CCPA, personal data is information that identifies, relates to, or could reasonably be linked with a particular California resident, subject to certain exclusions. The specific pieces of personal data we collect depend on our relationship or interaction with a specific California resident.

Our services, including our websites and applications, are not directed to children under 16 years of age and we do not knowingly collect any personal data from children under 16. We may collect personal data regarding individuals under 16 years of age from their parents or legal guardians, but only as necessary to provide employment and related benefits.  If we learn that we have inadvertently collected the personal data of a child under the age of 16, we will use reasonable efforts to delete such information from our systems promptly. 

Phillips 66 collects personal data from Customers and Non-Customers as described in the Phillips 66 Privacy Statement. In the past 12 months, we have collected the following categories of personal data and sensitive personal information relating to California residents listed below. These categories are defined by California law. We do not necessarily collect all data listed in a particular category, nor do we collect all categories of data for all individuals.

The purposes for which we use personal data that we collect depends on our relationship or interaction with a specific California resident.  Nonetheless, we may use the respective category of personal data for the business purposes detailed below.

Phillips 66 may collect and/or disclose the following categories of personal data, and/or may have collected and/or disclosed such personal data within the preceding 12 months:

1.   Identifiers

Description: Includes name, contact information, online identifiers, Social Security numbers and other government ID numbers.

Sources: From you directly or from the personal data you have provided to our service providers, from automated electronic sources, or from public sources and third parties.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service;
• commercial transactions;
• improvement/development of products or services;
• marketing, tailored content, and promotions;
• account management and verification;
• fraud and security prevention; and 
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• support our assets and/or the environment;
• manage payroll, wages, tax forms and filings, expense reimbursements, and other awards or compensation;
• manage and provide employee benefits, such as health care and savings plans;
• allow you to access our sites or facilities;
• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• monitor use of our IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

2.   Personal information, as defined in the California customer records law

Description: Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including name, contact information, signature, government ID numbers, insurance and financial account information, and education and employment information.

Sources: From you directly or from the personal data you have provided to our service providers, or from public sources and third parties.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service
• commercial transactions
• improvement/development of products or services
• marketing, tailored content, and promotions
• account management and verification
• fraud and security prevention 
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• support our assets and/or the environment;
• manage payroll, wages, tax forms and filings, expense reimbursements, and other awards or compensation;
• manage and provide employee benefits, such as health care and savings plans;
• allow you to access our sites or facilities;
• manage accounts, payments to real property or mineral interest owners who receive payments from us for those interests;
• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

3.   Protected classifications under California or federal law

Description: Characteristics of classes protected under federal or California law, including race, national origin, age, disability status, medical conditions, military status, sex, and marital status.

Sources: From you directly or from the personal data you have provided to our service providers, or from public sources and third parties.

Purpose of Processing:

For Customers, we will not collect this category of information except as required by law.

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• manage payroll, wages, tax forms and filings, expense reimbursements, and other awards or compensation;
• manage and provide employee benefits, such as health care and savings plans;
• allow you to access our sites or facilities;
• manage payments to real property or mineral interest owners who receive payments from us for those interests;
• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

4.   Commercial information

Description: Includes transaction and transaction history.

Sources: From you directly or from the personal data you have provided to our service providers.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service;
• commercial transactions;
• improvement/development of products or services;
• marketing, tailored content, and promotions;
• account management and verification;
• fraud and security prevention; and 
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• manage expense reimbursements;
• manage payments to real property or mineral interest owners who receive payments from us for those interests;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

5.   Internet or network activity information

Description: Includes browsing history and interactions with our website.

Sources: From you directly or from the personal data you have provided to our service providers, or from automated electronic sources.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service;
• commercial transactions;
• improvement/development of products or services;
• marketing, tailored content, and promotions;
• account management and verification;
• fraud and security prevention; and
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• monitor use of our IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

6.   Geolocation data

Description: Includes device location.

Sources: From you directly or from the personal data you have provided to our service providers, from automated electronic sources, or from third parties.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service
• commercial transactions
• improvement/development of products or services
• marketing, tailored content, and promotions
• account management and verification
• fraud and security prevention 
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• allow you to access our sites or facilities;
• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• monitor use of our IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

7.   Audio, electronic, visual, and similar information

Description: Includes call and video recordings.

Sources: From you directly or from the personal data you have provided to our service providers, or from automated electronic sources.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service
• commercial transactions
• improvement/development of products or services
• marketing, tailored content, and promotions
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• allow you to access our sites or facilities;
• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

8.   Professional or employment-related information

Description: Includes work history and prior employers.

Sources: From you directly or from the personal data you have provided to our service providers, or from public sources and third parties.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service;
• commercial transactions;
• improvement/development of products or services;
• marketing, tailored content, and promotions;
• account management and verification;
• fraud and security prevention; and
• compliance with the law

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

9.   Education information

Description: Information subject to the federal Family Educational Rights and Privacy Act, such as student records.

Sources: From you directly or from the personal data you have provided to our service providers, or from third parties.

Purpose of Processing:

For Customers, we will not collect this category of information except as required by law.

For Non-Customers, we may process information in this category to:

• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

10. Inferences drawn from any of the Personal Data

Description: Includes the personal data in the categories listed above that can be used to create a profile about, for example, an individual’s preferences and characteristics.

Sources: From you directly or from the personal data you have provided to our service providers.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• customer service;
• commercial transactions;
• improvement/development of products or services;
• marketing, tailored content, and promotions;
• account management and verification;
• fraud and security prevention;
• compliance with the law;

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• monitor use of our IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

Phillips 66 also collects the categories of sensitive personal information below, as that term is defined under California law.

1.   Social security, driver’s license, state identification card, or passport number

Description: Includes social security, driver’s license, state identification card, or passport number.

Sources: From you directly or from the personal data you have provided to our service providers, or from third parties.

Purpose of Processing:

For Customers, we will not collect this category of information except as required by law.

• manage payroll, wages, tax forms and filings, expense reimbursements, and other awards or compensation;
• manage and provide employee benefits, such as health care and savings plans;
• allow you to access our sites or facilities;
• manage payments to real property or mineral interest owners who receive payments from us for those interests;
• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• provide a safe and secure physical environment as required by law and our policies;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

2.   Account log-ins, financial account, debit or credit card numbers

Description: Includes account log-ins, financial accounts, debit or credit card numbers and any required security or access code, password, or credentials allowing access to an account.

Sources: From you directly or from the personal data you have provided to our service providers, or from third parties.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• account management and verification;
• fraud and security prevention;

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• manage payroll, wages, tax forms and filings, expense reimbursements, and other awards or compensation;
• manage payments to real property or mineral interest owners who receive payments from us for those interests;
• manage and provide employee benefits, such as health care and savings plans;
• monitor use of our IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use; and
• otherwise carry out our legal and regulatory obligations.

3.   Precise geolocation

Description: Includes precise geolocation.

Sources: From you directly or from the personal data you have provided to our service providers, or from automated electronic sources.

Purpose of Processing:

For Customers, we may process information in this category for the following purposes:

• allow you to access, find, and visit our retail station sites;
• customer service;
• commercial transactions; and
• fraud and security prevention

For Non-Customers, in addition to the purposes listed above for Customers, we may process information in this category to:

• allow you to access our sites or facilities;
• monitor use of our IT infrastructure, internet access, and electronic communication for unauthorized, unlawful, or inappropriate use;
• provide a safe and secure physical environment as required by law and our policies; and
• otherwise carry out our legal and regulatory obligations.

4. Racial or ethnic origin, religious or philosophical beliefs, or union membership

Description: Includes racial or ethnic origin, religious or philosophical beliefs, or union membership.

Sources: From you directly or from the personal data you have provided to our service providers, or from public sources and third parties.

Purpose of Processing:

For Customers, we will not collect this category of information except as required by law.

For Non-Customers, we may process information in this category to:

• facilitate hiring, promotion, and disciplinary actions, including through background checks and internal investigations;
• manage payments to real property or mineral interest owners who receive payments from us for those interests;
• provide a safe and secure physical environment as required by law and our policies; and
• otherwise carry out our legal and regulatory obligations.

5.   Personal data collected and analyzed concerning your health

Description: Includes personal data collected and analyzed concerning your health.

Sources: From you directly or from the personal data you have provided to our service providers, from automated electronic sources, or from public sources and third parties.

Purpose of Processing:

For Customers, we will not collect this category of information except as required by law.

For Non-Customers, we may process information in this category to:

• manage and provide employee benefits, such as health care and savings plans;
• allow you to access our retail station sites or facilities;
• to accommodate disabilities during the interview process;
• provide a safe and secure physical environment as required by law and our policies; and
• otherwise carry out our legal and regulatory obligations.

6.   Sexual orientation

Description: Includes sexual orientation or other personal data concerning a consumer’s sex life.

Sources: From you directly or from the personal data you have provided to our service providers.

Purpose of Processing:

For Customers, we will not collect this category of information except as required by law.

For Non-Customers, we may process information in this category to:

• manage payments to real property or mineral interest owners who receive payments from us for those interests;
• prevent illegal activity or to protect our legitimate business interests, including by obtaining legal advice and exercising or defending legal rights; and
• otherwise carry out our legal and regulatory obligations.

To whom do we disclose your personal data?

We have disclosed data in each of the above-described categories of personal data with our affiliates and service providers for our business purposes within the last 12 months. We may also receive requests for information from regulatory authorities, our auditors and/or our legal advisors. If requested from such parties, we would share your personal data as appropriate. 

In the past 12 months, however, we have not “sold” or “shared” for “cross-context behavioral advertising” any personal data, including sensitive personal information, relating to California residents within the meaning of the CCPA. For purposes of this disclosure, “sold” means the disclosure of personal data for monetary or other valuable consideration and “cross-context behavioral advertising” means targeted advertising based on personal data obtained from your activity across businesses, distinctly branded websites, applications, or services, other than our websites and services with which you intentionally interact.

The following provides more information on how we may disclose your personal data to different kinds of third parties:

Affiliated companies.  We may disclose your personal data to our affiliated companies and subsidiaries which may be located outside of your location;

Service Providers.  We disclose your personal data to our vendors, contractors, and service providers for legitimate business purposes so that they may provide services to us or on our behalf, such as providing data hosting, cloud services, sending out information and communications, processing transactions, analyzing data, providing technical support, and other business and professional services.  We provide these companies with only those elements of personal data they need to provide their services to us.   

Third Parties to Process Transactions.   We may also disclose personal data in connection with certain transactions, such as to financial institutions; credit card issuers; insurers; brokers; professional advisors such as lawyers, accountants, or auditors; government entities; shipping companies or postal services involved in fulfilling transactions; or to other third parties to whom you or your agents authorize us to disclose your personal data in connection with products or Services we provide to you or business that we conduct with you.  We have not otherwise shared your information with Third Parties for business purposes in the preceding 12 months.

Required Disclosures.  We may disclose your personal data if required to do so by law or in our good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, including litigation and investigations, and to protect our or others’ rights, property, or safety.  

Business Transfers or Partners.  If we undertake or are involved in any merger, acquisition, joint venture, consortium, reorganization, sale of assets, bankruptcy, or insolvency event, then we may transfer or provide some or all our assets, including your personal data, in connection with such transaction or in contemplation of such transaction (e.g., during due diligence).  We will make reasonable efforts to notify you before your personal data is transferred and becomes subject to a different privacy policy.  

How long do we keep your personal data?

We store personal data about you on computer systems operated by us or our service providers. As a regulated company, we keep various records that contain personal data in accordance with applicable state and federal regulations, or pursuant to contractual obligations. In general, we aim to keep personal data only for as long as necessary and only for the reason(s) we collected it. It may be necessary to keep personal data longer than our official retention periods for legal or regulatory reasons, including litigation. To support us in managing how long we hold personal data and our record management, we maintain a data retention policy which includes clear guidelines on retention and deletion.

We consider the following criteria when determining how long a particular record will be retained, including any personal data contained in that record:

• how long the record is needed to provide you with the products and services you request;
• how long the record is needed to support and enhance our operational processes;
• how long the record is needed to protect our rights and legal interests; and
• how long the record must be retained to comply with applicable laws and regulations

The same personal data about you may be included in more than one record and used for more than one purpose, each of which may be subject to different retention periods based on the factors listed above.

Financial Incentives

We provide special offers, discounts, and other benefits to customers who buy gasoline at our retail stations using our branded mobile application.  There is no charge to download or use the mobile app.  If you download the application, we request your name, telephone number, and an email address that allows us in return to tailor our future communications and discounts to you.  You may choose to provide additional personal data to customize your app experience and make payments using the app.  By choosing to use the application to make payments or by using a specific type of method of payment within the application, you are opting in to take advantage of those benefits and receipt of those offers.  You can choose to opt out of notifications at any time by disabling notifications in the mobile application, or by using the unsubscribe methods provided in a specific communication you receive from us, such as unsubscribe links in email messages, and replying “Stop” to text messages.

The value of the financial incentive varies based upon offers that may be provided at certain times of the year and other seasonal promotions, your frequency of use of the app, the type of fuel you purchase, and the amount you purchase using a given offer.  For example, a limited time offer to save 10¢ per gallon (up to 30 gallons) is valued at up to $3.00 while valid.  The value of the personal data you provide to Phillips 66 as part of the financial incentive program is that it allows Phillips 66 to promote our retail stations and encourages you to visit us and purchase our products more frequently, and to improve our services and offerings.  We do not otherwise profit from the personal data you provide, and we do not sell your personal data.

What are your rights under the CCPA?

As a California resident, with respect to your personal data, you have:

• the right to know the categories and/or specific pieces of personal data collected about you, including whether your personal data is disclosed, and with whom your personal data is shared; 

• the right to access a copy of your personal data that we process;

• the right to request deletion of the personal data we collect from you;

• the right to correct your personal data if it is not accurate; and

• the right to not be discriminated against based upon your choices and/or requests you may make in connection with your personal data.

We do not sell your personal data or share your personal data for cross-context behavioral advertising, so we do not offer an option for you “opt-out” of the sale or sharing of your personal data.  We also do not use sensitive personal information for purposes other than those permitted under California law, so we do not provide a right to limit the use of sensitive personal information.

Before we can process your request(s) to exercise any of the above-listed CCPA rights, Phillips 66 will first need to verify your identity. There may be situations where we are unable to grant your request, such as where we cannot verify your identity, where we must keep the information for employment-related, legal, or tax reasons, or where we need to retain the information to process an order you have placed.

To verify your identity, we will collect information from you, including, to the extent applicable, your name, government identification number, date of birth, contact information, your account information, answers to security questions, or other personal identifying information. We will match this information against information we have previously collected about you or against information available from consumer reports to verify your identity and to respond to your request. Information collected for purposes of verifying your request will only be used for verification and to respond to your personal data request.

If you maintain an account with us, we may require you to login to that account as part of submitting your request. For deletion requests, you will be required to submit a verifiable request for deletion and then to confirm separately that you want personal data about you deleted.

If you would like to appoint an authorized agent to make a request on your behalf, and that agent is not already authorized to access your account in your profile, we require you to verify your identity with us directly before we provide any requested information to your approved agent.

We will not restrict or deny you access to our Services, refuse to do business with you, or as noted above, otherwise discriminate against you based upon the choices and/or requests you make in connection with your personal data, but please note that certain choices you make may negatively affect our ability to deliver our Services to you.  

To exercise any of your rights directly or through the use of an authorized agent, you may submit a request through our webform or call us at 1.800.527.5476. 

Our Response Process

We will make every effort to respond to a verifiable CCPA consumer rights request within 45 days after we receive it.  If we require more time (up to an additional 45 days, for a total of 90 days), we will inform you of the reason and extension period in writing.  Any information we provide to you will cover at most the 12-month period preceding our receipt of your verified request. 

If we cannot comply with your request, our response will explain the reasons why.  For personal data access requests, we will select a format to provide your personal data that is readily usable and should allow you to transmit the personal data without hindrance. 

We will not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded.  If we determine your request warrants a fee, we explain why and provide you with a cost estimate before completing your request.  

Contact us

If you have questions regarding this Privacy Statement, our handling of your personal data, your rights under the CCPA, or any of our other business privacy policies and practices, please contact us at www.Phillips66.com/contact or call us at 800.527.5476. 

Updates to this Privacy Statement

Phillips 66 may update this privacy statement from time to time and will do so at least annually.  When we make an update, we will revise the effective date at the top of the Privacy Statement.