Privacy Policy

Effective Date: April 19, 2026
Last Updated: April 19, 2026
Jurisdiction: Global Multi-Jurisdictional Compliance Framework

1. INTRODUCTION AND SCOPE OF APPLICATION

OilNational Group (“the Company,” “we,” “us,” or “our”) is a preeminent global energy investment institution managing sovereign-grade assets and infrastructure projects across one hundred seventeen countries. We recognize that the trust placed in us by institutional investors, sovereign partners, stakeholders, and website visitors is predicated on our unwavering commitment to confidentiality, data integrity, and the highest standards of information security. This Privacy Policy constitutes a binding framework governing the collection, processing, storage, and protection of personal data in accordance with applicable data protection laws across all relevant jurisdictions.

This document serves as our comprehensive data protection policy, articulating the principles and practices by which OilNational Group safeguards user data security while fulfilling its operational, regulatory, and fiduciary obligations. As an entity operating at the intersection of global energy markets and institutional finance, we adhere to a risk-averse, compliance-first methodology that exceeds baseline legal requirements. Our privacy policy is designed to ensure transparency, accountability, and respect for the user privacy rights of all individuals whose personal data collection occurs through our digital platforms, physical operations, or strategic engagements.

The scope of this policy extends globally, encompassing all subsidiaries, affiliates, joint ventures, and operational entities under the OilNational Group umbrella. It applies to all interactions with our website, located at oilnational.com (the “Site”), as well as offline communications, investor relations activities, and partnership engagements. By accessing the Site or engaging with OilNational Group, you acknowledge the practices described herein and consent to the data processing practices outlined in this document.

We are committed to full GDPR compliance within the European Economic Area, adherence to the UK GDPR for United Kingdom residents, conformity with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, and alignment with Asia-Pacific data protection frameworks including but not limited to the Personal Data Protection Act (PDPA) of Singapore and the Privacy Act of Australia. This privacy policy reflects our dedication to harmonizing these diverse regulatory regimes into a single, cohesive standard of excellence that protects personal data regardless of geographic origin.

OilNational Group operates under the principle that data protection is not merely a legal obligation but a cornerstone of institutional integrity. Our approach to information security is proactive, employing state-of-the-art technical safeguards, rigorous organizational controls, and continuous monitoring to mitigate risks associated with user data security. We do not treat data as a commodity but as a fiduciary responsibility, handling all personal data collection with the utmost care, precision, and respect for individual autonomy.

This document supersedes any prior representations, agreements, or understandings regarding data handling practices. It is intended to be read in conjunction with our Terms of Use, Cookies Policy, and any sector-specific disclosures required by local regulatory authorities. Should any provision of this privacy policy be deemed unenforceable in a particular jurisdiction, the remaining provisions shall remain in full force and effect, and we shall endeavor to implement equivalent protections that comply with local law.

Our commitment to transparency requires that we clearly articulate how personal data flows through our systems, who has access to it, for what purposes it is utilized, and what rights you possess to control its use. This data protection policy is structured to provide that clarity, ensuring that every stakeholder—from sovereign wealth fund managers to individual website visitors—understands their rights and our obligations. We invite you to review this document thoroughly and contact us at Partners@oilnational.com should you require further elaboration on any aspect of our data processing practices.

2. CATEGORIES OF INFORMATION WE COLLECT

OilNational Group collects specific categories of information to facilitate our global energy investment operations, maintain regulatory compliance, and ensure the secure functioning of our digital infrastructure. The nature and extent of personal data collection vary depending on the context of your interaction with us, whether as an institutional investor, a strategic partner, a job applicant, or a visitor to our website. We categorize collected data into four primary classifications: Personal Identifiable Information, Technical Data, Usage Data, and Transaction-Related Data.

2.1 Personal Identifiable Information (PII)

Personal Identifiable Information refers to any data that can be used, either alone or in combination with other information, to identify a specific individual. In the course of our institutional operations, we may collect the following types of PII:

Identity Data: Includes first name, last name, title, professional designation, date of birth (where required for compliance), and government-issued identification numbers (e.g., passport numbers, national ID codes) when necessary for Know Your Customer (KYC) and Anti-Money Laundering (AML) verification processes.
Contact Data: Encompasses business email addresses, office telephone numbers, mailing addresses, and mobile contact details provided for the purpose of investor communications, partnership coordination, or service delivery.
Professional Data: Comprises information regarding your employment history, current role, organizational affiliation, areas of expertise, and professional certifications. This data is essential for verifying the credentials of potential partners and ensuring that communications are directed to authorized representatives.
Financial Data: In the context of investment engagements, we may collect bank account details, tax identification numbers, proof of funds documentation, and other financial identifiers required to execute transactions, process distributions, or comply with fiscal reporting obligations. Such data is handled with the highest level of encryption and access control.
Compliance Data: Includes information gathered during due diligence procedures, such as source of wealth declarations, politically exposed person (PEP) status, and sanctions screening results. This personal data collection is mandatory for adhering to international anti-corruption and counter-terrorism financing regulations.

2.2 Technical Data

As part of our commitment to information security and system optimization, we automatically collect technical information from devices used to access the Site. This data does not typically identify an individual directly but is crucial for maintaining the integrity of our digital infrastructure:

Device Information: Includes Internet Protocol (IP) addresses, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform details.
Network Data: Encompasses login information, network carrier details, and connection metrics used to diagnose connectivity issues and prevent unauthorized access attempts.
Security Logs: We retain logs of authentication attempts, failed login records, and session timestamps to detect and mitigate potential cyber threats. These logs are integral to our user data security protocols and are reviewed regularly by our cybersecurity team.

2.3 Usage Data

Usage data provides insights into how visitors interact with the Site, enabling us to enhance user experience and optimize content delivery. This category of data is collected through automated technologies and includes:

Navigation Patterns: Information about the pages you visit, the time spent on each page, the sequence of pages viewed, and the links clicked within the Site.
Interaction Metrics: Data regarding downloads, video views, form submissions, and other interactive elements engaged with during your session.
Referral Sources: Details about the website or search engine that directed you to the Site, including specific search terms used if accessible via referral headers.
Exit Points: Identification of the last page visited before leaving the Site, which helps us understand user flow and potential areas for improvement.

This data processing practice is conducted anonymously wherever possible, aggregating individual behaviors into statistical trends that inform our digital strategy without compromising individual user privacy rights.

2.4 Transaction-Related Data

For stakeholders engaged in formal investment processes or commercial transactions with OilNational Group, we collect specific data points necessary to execute and record these activities:

Transaction Records: Details of capital commitments, fund transfers, asset acquisitions, and divestitures, including dates, amounts, currencies, and counterparties involved.
Contractual Documentation: Executed agreements, term sheets, side letters, and amendments that define the legal relationship between parties.
Communication Records: Correspondence related to transactions, including email threads, meeting minutes, and recorded conference calls (where consent has been obtained), retained for audit and dispute resolution purposes.
Regulatory Filings: Documents submitted to governmental authorities or regulatory bodies in connection with transaction approvals, notifications, or reporting requirements.

All transaction-related data is subject to strict confidentiality agreements and is processed solely for the purposes of fulfilling contractual obligations and complying with legal mandates. Our data retention policy ensures that such records are maintained for the duration required by applicable laws and then securely destroyed or anonymized.

By providing any of the aforementioned categories of information to OilNational Group, you acknowledge that such data may be processed in accordance with this privacy policy and applicable data protection laws across relevant jurisdictions. We do not collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health information, or sexual orientation) unless explicitly required by law or with your express written consent for a specific, lawful purpose.

3. METHODS OF DATA COLLECTION

OilNational Group employs a multi-faceted approach to personal data collection, utilizing both direct interactions with individuals and automated technological processes. Our methods are designed to be transparent, efficient, and compliant with global data protection policy standards. We categorize our collection methods into three distinct channels: Direct User Input, Automated Technologies, and Third-Party Integrations.

3.1 Direct User Input

The primary method of data collection involves information voluntarily provided by you through direct engagement with OilNational Group. This occurs in various contexts, each serving a specific operational or compliance function:

Website Forms: When you submit inquiries via contact forms on oilnational.com, request investor materials, register for webinars, or apply for career opportunities, you directly input personal data such as your name, email address, organization, and message content. This data is transmitted securely via encrypted channels (SSL/TLS) and stored in our protected databases.
Investor Onboarding: During the process of establishing an investment relationship, authorized representatives provide extensive documentation through secure client portals. This includes identity verification documents, financial statements, and signed legal agreements. These submissions are handled by our dedicated Investor Relations and Compliance teams under strict access controls.
Event Registration: Participation in OilNational Group-hosted conferences, roundtables, or roadshows requires registration, during which attendees provide contact details and professional affiliations. This facilitates networking, logistical coordination, and post-event follow-up communications.
Correspondence: Emails, letters, or verbal communications (subsequently documented) sent to our offices or representatives constitute direct data provision. We retain records of such correspondence to ensure continuity of service, resolve queries, and maintain an audit trail of our interactions.
Employment Applications: Candidates submitting resumes and cover letters for open positions provide detailed professional histories, educational backgrounds, and references. This data is processed exclusively for recruitment purposes and retained in accordance with our hiring data retention policy.

In all instances of direct input, we strive to collect only the minimum data necessary to achieve the specified purpose, adhering to the principle of data minimization inherent in GDPR compliance and other global frameworks.

3.2 Automated Technologies

In addition to data you actively provide, OilNational Group utilizes automated technologies to collect information passively as you navigate the Site. These technologies operate in the background to enhance functionality, security, and analytical capabilities:

Cookies and Similar Trackers: As detailed in Section 6 of this privacy policy, we deploy cookies, web beacons, pixel tags, and local storage objects to recognize your device, remember your preferences, and analyze site usage. These tools collect Technical Data and Usage Data without requiring active input from you. You may control the deployment of non-essential cookies through your browser settings or our cookie consent management platform.
Server Logs: Our web servers automatically log every request made to the Site, capturing IP addresses, request timestamps, HTTP methods, response status codes, and user agent strings. These logs are essential for troubleshooting technical issues, detecting malicious activity, and optimizing server performance.
Analytics Scripts: We integrate third-party analytics services (e.g., Google Analytics, Adobe Analytics) that execute JavaScript code in your browser to gather aggregated usage statistics. These scripts collect data on page load times, scroll depth, click paths, and device characteristics. We configure these tools to anonymize IP addresses and disable features that could lead to individual identification, aligning with best practices for user privacy rights.
Security Scanners: Automated vulnerability scanners and intrusion detection systems continuously monitor our network perimeter and application layer for signs of exploitation attempts. These tools collect metadata about incoming traffic patterns to identify and block potential threats before they compromise user data security.

The data collected through automated means is primarily used for internal analysis, system maintenance, and security enhancement. We do not use this data to profile individuals for marketing purposes without explicit consent, nor do we sell or rent such data to third parties.

3.3 Third-Party Integrations

OilNational Group occasionally receives personal data from trusted third-party sources to supplement our own records, verify information, or facilitate specific services. These integrations are governed by strict contractual agreements that mandate compliance with applicable data protection laws:

Due Diligence Providers: We engage specialized firms to conduct background checks, sanctions screenings, and reputation assessments on potential investors and partners. These providers supply reports containing publicly available information and proprietary risk scores, which we incorporate into our compliance files.
Data Enrichment Services: To maintain accurate contact databases, we may utilize business intelligence platforms that update corporate hierarchies, job titles, and contact details based on public filings and professional networks. This ensures our communications reach the appropriate decision-makers.
Payment Processors: For any transaction involving fees or capital movements, third-party payment gateways process financial data on our behalf. These processors adhere to Payment Card Industry Data Security Standard (PCI DSS) requirements and do not share raw card data with us, transmitting only tokenized confirmation of successful transactions.
Cloud Infrastructure Providers: Our digital operations rely on cloud service providers (e.g., AWS, Microsoft Azure) that host our servers and databases. While these providers manage the underlying infrastructure, they act as data processors under our instruction and are contractually bound to implement robust information security measures.
Legal and Regulatory Authorities: In certain circumstances, we may receive data from government agencies, regulatory bodies, or law enforcement officials as part of official investigations, audits, or compliance requests. Such data is handled with extreme caution and disclosed only to authorized personnel with a legitimate need to know.

When receiving data from third parties, we verify the lawfulness of the original collection and ensure that the transfer complies with cross-border data transfer restrictions. We do not assume responsibility for the privacy practices of third-party websites or services linked from our Site, as addressed in Section 12 of this privacy policy.

By engaging with OilNational Group through any of these methods, you consent to the collection and processing of your data as described herein. We remain committed to transparency regarding our data processing practices and will notify you of any material changes to our collection methods that affect your rights.

4. PURPOSES OF DATA PROCESSING

OilNational Group processes personal data strictly for specified, explicit, and legitimate purposes aligned with our core business objectives, legal obligations, and commitment to user data security. We do not engage in arbitrary or unrestricted data usage; every processing activity is mapped to a defined business need and justified under a valid legal basis as outlined in Section 5. Our data processing practices are categorized into five primary functional areas: Service Delivery, Investor Communication, Compliance Obligations, Security and Fraud Prevention, and Business Operations.

4.1 Service Delivery

The fundamental purpose of data processing is to fulfill our contractual and operational commitments to clients, partners, and stakeholders. This encompasses:

Investment Management: Processing investor identity, financial, and transaction data to execute capital calls, distribute returns, manage fund accounts, and provide regular performance reporting. This ensures the accurate and timely administration of investment vehicles.
Client Support: Utilizing contact and communication data to respond to inquiries, resolve technical issues, provide requested documentation, and facilitate smooth interactions with our Investor Relations and Client Services teams.
Platform Functionality: Leveraging technical and usage data to maintain the operational integrity of oilnational.com, ensuring fast load times, correct display of content, and seamless navigation across devices and browsers.
Customization: Using preference data to tailor the user experience, such as remembering language settings, regional content preferences, or dashboard configurations for logged-in users.

Without the processing of data for these purposes, OilNational Group would be unable to deliver the high-quality, responsive services expected of a global institutional leader.

4.2 Investor Communication

Effective communication is vital for maintaining transparency and trust with our institutional partners. We process data to:

Distribute Reports: Send quarterly financial statements, annual reports, market commentaries, and regulatory filings to authorized investors via secure electronic delivery or physical mail.
Facilitate Engagement: Manage invitations to annual general meetings, investor days, webinars, and exclusive briefings, including tracking RSVPs and distributing meeting materials.
Provide Updates: Disseminate timely news regarding portfolio developments, strategic initiatives, macroeconomic insights, and industry trends that may impact investment decisions.
Solicit Feedback: Conduct surveys or request input on service quality, product offerings, and strategic direction to continuously improve our value proposition.

All communications are targeted to ensure relevance, and recipients retain the right to opt-out of non-essential marketing or informational emails at any time, respecting their user privacy rights.

4.3 Compliance Obligations

As a regulated entity operating in the global energy and finance sectors, OilNational Group is subject to a complex web of legal and regulatory requirements. Data processing is essential to:

Know Your Customer (KYC) and Anti-Money Laundering (AML): Verify the identity of investors and counterparties, assess their risk profiles, screen against sanctions lists, and monitor transactions for suspicious activity. This is mandatory under laws such as the USA PATRIOT Act, EU AML Directives, and similar regimes worldwide.
Tax Reporting: Collect and report tax-related information to relevant authorities (e.g., IRS Form W-8/W-9, FATCA, CRS) to ensure compliance with international tax transparency standards.
Regulatory Filings: Submit required disclosures to securities regulators, central banks, and other oversight bodies, which often include aggregated or individual-level data regarding ownership structures, transaction volumes, and risk exposures.
Audit and Recordkeeping: Maintain comprehensive records of all business activities, communications, and decisions to satisfy statutory retention periods and facilitate internal or external audits.

Failure to process data for compliance purposes would expose OilNational Group and its stakeholders to significant legal, financial, and reputational risks. Therefore, such processing is non-negotiable and often mandated by law.

4.4 Security and Fraud Prevention

Protecting our digital and physical assets from cyber threats, fraud, and unauthorized access is a paramount priority. We process data to:

Authenticate Users: Verify the identity of individuals accessing secure portals or sensitive systems through multi-factor authentication (MFA) and credential validation.
Detect Anomalies: Analyze login patterns, transaction behaviors, and network traffic to identify deviations that may indicate compromised accounts, insider threats, or external attacks.
Prevent Fraud: Cross-reference transaction data with known fraud indicators, blacklists, and behavioral biometrics to block fraudulent activities before they cause harm.
Incident Response: Investigate security incidents, preserve forensic evidence, and notify affected parties and regulators in accordance with breach notification laws.

These data processing practices are critical for safeguarding user data security and maintaining the resilience of our operations against evolving cyber threats.

4.5 Business Operations

Finally, data processing supports the internal functioning and strategic development of OilNational Group:

Human Resources: Manage employee records, payroll, benefits administration, performance evaluations, and training programs to support our workforce.
Vendor Management: Evaluate and monitor third-party suppliers, contractors, and service providers to ensure they meet our standards for quality, security, and compliance.
Strategic Planning: Analyze aggregated market data, investment trends, and operational metrics to inform long-term strategy, resource allocation, and risk management decisions.
Legal Defense: Preserve data relevant to actual or potential litigation, arbitration, or regulatory proceedings to protect the legal interests of the Company.

Each of these purposes is pursued with a commitment to data minimization, ensuring that we collect and process only what is necessary to achieve the stated objective. We regularly review our processing activities to eliminate redundancies and ensure ongoing alignment with our data protection policy and evolving regulatory expectations.

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

Under global data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act (CCPA), the processing of personal data must be grounded in a valid legal basis. OilNational Group adheres to a rigorous framework that identifies and documents the specific legal justification for each processing activity. We rely on four primary legal bases: Consent, Contractual Necessity, Legal Obligation, and Legitimate Interests. The applicability of each basis depends on the context of the data collection and the nature of the relationship between the individual and OilNational Group.

5.1 Consent

Consent serves as a legal basis when an individual has freely given specific, informed, and unambiguous indication of their agreement to the processing of their personal data for one or more specific purposes. At OilNational Group, we seek consent in the following scenarios:

Marketing Communications: Sending promotional materials, newsletters, or event invitations to individuals who have explicitly opted in to receive such communications. Consent is obtained through clear affirmative actions, such as checking an unticked box on a web form or signing a consent clause in a document.
Sensitive Data Processing: In rare instances where the processing of special categories of data (e.g., health information for insurance purposes) is necessary, we obtain explicit written consent detailing the scope, purpose, and duration of such processing.
Cookie Deployment: For non-essential cookies used for analytics or advertising, we obtain prior consent through our cookie banner, allowing users to accept or reject specific categories of tracking technologies.

Consent may be withdrawn at any time by contacting Partners@oilnational.com or using the unsubscribe mechanisms provided in our communications. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, nor does it invalidate processing grounded in other legal bases.

5.2 Contractual Necessity

Processing is necessary when it is required to perform a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract. This basis applies to:

Investment Agreements: Executing and administering investment contracts, including processing investor identity, financial details, and transaction instructions to facilitate capital contributions, distributions, and reporting.
Service Provision: Delivering requested services, such as responding to inquiries, providing access to secure portals, or fulfilling orders for research reports or data subscriptions.
Employment Contracts: Managing the employment relationship with staff, including payroll processing, benefits administration, and performance management, as stipulated in employment agreements.

Without the processing of data under this basis, OilNational Group would be unable to fulfill its contractual obligations, rendering the provision of services impossible.

5.3 Legal Obligation

Processing is permissible when it is necessary for compliance with a legal obligation to which OilNational Group is subject. This basis is invoked for:

Regulatory Compliance: Fulfilling KYC/AML requirements, tax reporting duties (e.g., FATCA, CRS), and sanctions screening mandates imposed by national and international laws.
Litigation and Discovery: Responding to court orders, subpoenas, or regulatory investigations that require the disclosure of specific data.
Statutory Recordkeeping: Retaining financial records, corporate minutes, and transaction logs for periods mandated by corporate, tax, and securities laws.

In these cases, the legal obligation overrides individual preferences, and refusal to provide necessary data may result in the inability to proceed with a transaction or engagement.

5.4 Legitimate Interests

Processing is allowed when it is necessary for the purposes of the legitimate interests pursued by OilNational Group or a third party, provided that such interests are not overridden by the rights and freedoms of the data subject. We carefully balance our interests against individual privacy rights through a Legitimate Interest Assessment (LIA). This basis covers:

Fraud Prevention and Security: Monitoring network traffic, analyzing login patterns, and implementing security measures to protect our systems and data from cyber threats.
Business Intelligence: Analyzing aggregated usage data to improve website functionality, optimize content delivery, and enhance user experience.
Corporate Governance: Conducting internal audits, risk assessments, and compliance reviews to ensure the integrity of our operations.
Direct Marketing (B2B): Contacting professional contacts within corporate entities regarding relevant business opportunities, where the communication is pertinent to their role and does not intrude on personal privacy.

Individuals have the right to object to processing based on legitimate interests on grounds relating to their particular situation. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds that override the individual’s interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

By engaging with OilNational Group, you acknowledge that your data may be processed under one or more of these legal bases. We maintain detailed records of our processing activities and the corresponding legal justifications to ensure accountability and facilitate regulatory inspections. Our commitment to GDPR compliance and global data protection policy standards requires that we continually evaluate and refine our legal basis assessments to reflect changes in law, technology, and business practices.

6. COOKIES AND TRACKING TECHNOLOGIES

OilNational Group utilizes cookies and similar tracking technologies to enhance the functionality, security, and performance of oilnational.com. Our cookies policy is designed to provide transparency regarding the types of cookies we employ, their specific purposes, and the mechanisms available for you to control their deployment. This section forms an integral part of our broader privacy policy and data protection policy, ensuring that your user privacy rights are respected while we maintain a robust digital presence.

6.1 Definition and Function of Cookies

Cookies are small text files stored on your device (computer, tablet, or smartphone) when you visit a website. They contain unique identifiers that allow the site to recognize your browser during subsequent visits. Cookies serve various functions, ranging from enabling basic site features to analyzing user behavior for improvement purposes. In addition to cookies, we may use web beacons (pixel tags), local storage objects, and software development kits (SDKs) in mobile applications to achieve similar objectives.

6.2 Categories of Cookies Used

We categorize the cookies deployed on our Site into four distinct types based on their functionality and necessity:

6.2.1 Strictly Necessary Cookies

These cookies are essential for the Site to function correctly and cannot be disabled in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.

Purpose: To enable core functionality like secure login, session management, and load balancing.
Legal Basis: Legitimate Interest (security and functionality) or Contractual Necessity.
Examples: Session IDs, authentication tokens, CSRF protection cookies.
Control: These cookies cannot be refused via our cookie banner, but you can set your browser to block or alert you about them; however, some parts of the Site will not function without them.

6.2.2 Performance and Analytics Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. All information these cookies collect is aggregated and therefore anonymous.

Purpose: To analyze usage patterns, identify technical errors, and optimize content delivery.
Legal Basis: Consent (in jurisdictions requiring opt-in) or Legitimate Interest (for internal analytics).
Examples: Google Analytics cookies (_ga, _gid), Adobe Analytics cookies.
Control: You may refuse these cookies via our cookie consent manager or browser settings. Refusal may limit our ability to improve the Site based on user feedback.

6.2.3 Functional Cookies

These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.

Purpose: To remember your choices (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
Legal Basis: Consent.
Examples: Language preference cookies, video player settings, social media sharing buttons.
Control: You may refuse these cookies, which may result in some or all of these services not functioning properly.

6.2.4 Targeting and Advertising Cookies

Although OilNational Group does not engage in broad consumer advertising, we may use targeting cookies in limited B2B contexts to ensure that relevant professional content is delivered to appropriate audiences.

Purpose: To build a profile of your interests and show you relevant content on other sites or to measure the effectiveness of our professional communication campaigns.
Legal Basis: Consent.
Examples: LinkedIn Insight Tag, Twitter Universal Website Tag.
Control: You may refuse these cookies via our cookie consent manager. Note that blocking these cookies will not make you less susceptible to ads in general, but they will not be tailored to your professional interests.

6.3 Third-Party Cookies

Some cookies placed on your device during your visit to our Site are set by third parties, not by OilNational Group. These include cookies from analytics providers, content hosting platforms, and social media networks. We do not control the setting of these cookies, so we encourage you to check the third-party websites for more information about how they use cookies and how you can manage them. Our partnerships with third parties are governed by strict data processing agreements that mandate compliance with applicable data protection laws.

6.4 Managing Cookie Preferences

We are committed to providing you with clear choices regarding personal data collection via cookies. Upon your first visit to oilnational.com, you will be presented with a cookie consent banner that allows you to:

Accept All: Consent to the use of all categories of cookies.
Reject Non-Essential: Decline performance, functional, and targeting cookies while allowing strictly necessary cookies.
Customize: Select specific categories of cookies you wish to allow.

You may modify your preferences at any time by clicking the “Cookie Settings” link located in the footer of our website. Additionally, most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies, some parts of the Site may become inaccessible or not function properly.

6.5 Updates to Our Cookies Policy

As technology and regulatory requirements evolve, our use of cookies may change. We will update this section of our privacy policy to reflect any new types of cookies or changes in their purposes. Material changes will be communicated via the Site or through direct notification where appropriate. We encourage you to review this cookies policy periodically to stay informed about our data processing practices and information security measures related to tracking technologies.

7. DATA SHARING AND DISCLOSURE

OilNational Group operates within a complex global ecosystem involving strategic partners, service providers, regulatory bodies, and corporate affiliates. While we prioritize the confidentiality of personal data, there are specific circumstances under which we may share or disclose information to third parties. Such disclosures are conducted with stringent safeguards, contractual protections, and adherence to applicable data protection laws across relevant jurisdictions. This section outlines the categories of recipients with whom we may share data and the conditions governing such transfers.

7.1 Service Providers and Data Processors

To deliver our services effectively, OilNational Group engages third-party vendors who perform specific functions on our behalf. These entities act as “data processors” under GDPR compliance standards and are contractually bound to process data only according to our instructions and to implement adequate information security measures. Categories of service providers include:

Technology Infrastructure: Cloud hosting providers (e.g., Amazon Web Services, Microsoft Azure) that store and manage our servers, databases, and backup systems.
Professional Services: Law firms, accounting firms, tax advisors, and consulting agencies that assist with legal compliance, financial auditing, and strategic planning.
Communication Platforms: Email service providers, customer relationship management (CRM) systems, and webinar platforms used to facilitate investor communications and event management.
Security Vendors: Cybersecurity firms that provide threat detection, vulnerability scanning, and incident response services to protect our digital assets.
Payment Processors: Financial institutions and payment gateways that handle transaction processing, currency conversion, and fund transfers.

All service providers sign Data Processing Agreements (DPAs) that mandate confidentiality, restrict data usage to specified purposes, require prompt notification of breaches, and obligate the return or destruction of data upon termination of the contract. We conduct due diligence on these providers to ensure they meet our rigorous standards for user data security.

7.2 Strategic Partners and Joint Ventures

In the course of our global energy investment activities, OilNational Group may collaborate with strategic partners, co-investors, or joint venture entities. In such contexts, sharing personal data may be necessary to:

Facilitate joint due diligence processes.
Coordinate investment strategies and operational decisions.
Comply with shared regulatory obligations.
Distribute returns or manage shared assets.

Disclosures to partners are limited to the minimum data necessary for the specific collaboration and are governed by confidentiality agreements that align with this privacy policy. Partners are prohibited from using the data for any purpose outside the scope of the joint engagement.

7.3 Legal Authorities and Regulatory Bodies

OilNational Group is obligated to disclose personal data to government agencies, regulatory authorities, law enforcement officials, or courts when required by law or in response to valid legal processes. Such disclosures may occur in the following situations:

Regulatory Investigations: Responding to inquiries, audits, or examinations conducted by securities regulators, central banks, tax authorities, or anti-money laundering agencies.
Law Enforcement Requests: Complying with subpoenas, court orders, warrants, or other legal demands for information related to criminal investigations or national security matters.
Public Safety Emergencies: Disclosing data to prevent imminent harm to individuals or the public, such as in cases of fraud, terrorism, or severe cyberattacks.
Legal Defense: Providing data to our legal counsel or in court proceedings to establish, exercise, or defend our legal rights.

Where legally permissible, we will notify affected individuals of such disclosures unless prohibited by law or if notification would compromise the investigation or safety of others.

7.4 Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, sale of assets, or any other corporate transaction involving OilNational Group, personal data may be transferred to the acquiring entity, successor organization, or relevant stakeholders as part of the transaction assets. Such transfers are subject to:

Confidentiality Obligations: Ensuring that the recipient agrees to honor the terms of this privacy policy or provide equivalent protections.
Notice Requirements: Informing affected individuals of the change in data control, where required by law.
Regulatory Approval: Obtaining necessary consents or approvals from regulatory bodies before completing the transfer.

We will take reasonable steps to ensure that any successor entity continues to protect your user privacy rights in accordance with applicable data protection policy standards.

7.5 Aggregated and Anonymized Data

OilNational Group may share aggregated, de-identified, or anonymized data with third parties for research, industry analysis, benchmarking, or marketing purposes. Such data does not identify any individual and cannot be reasonably linked back to a specific person. Since this data is no longer considered personal data under most data protection laws, it may be shared freely without restriction. We employ advanced statistical techniques to ensure that re-identification is practically impossible.

7.6 Prohibition on Selling Personal Data

OilNational Group does not sell, rent, or trade personal data to third parties for their own marketing or commercial purposes. We view data as a fiduciary responsibility, not a commodity. Any sharing of data is strictly limited to the purposes outlined in this section and is always accompanied by robust contractual and technical safeguards.

By engaging with OilNational Group, you acknowledge that your data may be shared under the conditions described above. We remain committed to transparency and will notify you of any material changes to our data sharing practices that affect your rights. If you have concerns about specific disclosures, please contact us at Partners@oilnational.com.

8. INTERNATIONAL DATA TRANSFERS

OilNational Group is a truly global institution, with operations, partners, and stakeholders spanning over one hundred seventeen countries. Consequently, the personal data we collect may be transferred to, stored in, and processed in jurisdictions outside your country of residence, including nations that may not have data protection laws deemed “adequate” by your local regulatory authorities. We are committed to ensuring that all cross-border data transfers are conducted with appropriate safeguards to maintain the confidentiality, integrity, and availability of your information, in full compliance with GDPR compliance, UK GDPR, CCPA, and other applicable data protection laws across relevant jurisdictions.

8.1 Nature of Cross-Border Transfers

Data transfers occur in various contexts within our global operations:

Centralized Processing: Data collected locally may be transmitted to our global headquarters or regional hubs for centralized analysis, reporting, and administration.
Cloud Storage: Information stored on cloud servers may reside in data centers located in different countries, depending on the infrastructure provider’s architecture.
Third-Party Access: Service providers, auditors, or legal advisors located abroad may require access to data to perform their duties.
Investor Communications: Data may be shared with international investors, partners, or regulators situated in foreign jurisdictions.

Common destination countries for data transfers include the United States, United Kingdom, Switzerland, Singapore, United Arab Emirates, and other key financial and energy hubs where OilNational Group maintains a presence.

8.2 Legal Mechanisms for Transfer

To legitimize international data transfers, OilNational Group employs a combination of legal mechanisms recognized by global data protection policy standards:

8.2.1 Adequacy Decisions

Where the European Commission, UK Secretary of State, or other relevant authority has issued an adequacy decision confirming that a third country ensures an adequate level of data protection, we may transfer data to that country without additional safeguards. Examples include transfers to Switzerland, Japan, and certain sectors in South Korea.

8.2.2 Standard Contractual Clauses (SCCs)

For transfers to countries without adequacy decisions, we utilize Standard Contractual Clauses approved by the European Commission and/or UK Information Commissioner’s Office. These clauses are incorporated into our contracts with data recipients, binding them to uphold EU/UK-level data protection standards regardless of their location. We have executed SCCs with all relevant service providers, affiliates, and partners handling EU/UK resident data.

8.2.3 Binding Corporate Rules (BCRs)

As a multinational enterprise, OilNational Group is in the process of implementing Binding Corporate Rules—a comprehensive internal policy framework approved by relevant data protection authorities—to govern intra-group data transfers. Once fully operational, BCRs will provide a consistent, group-wide standard for user data security across all our entities.

8.2.4 Derogations for Specific Situations

In limited circumstances, we may rely on derogations permitted under GDPR compliance frameworks, such as:

Explicit Consent: Obtaining your specific, informed consent for a particular transfer after being advised of the potential risks.
Contractual Necessity: Transferring data necessary for the performance of a contract between you and us, or for pre-contractual measures taken at your request.
Public Interest: Transfers required for important reasons of public interest recognized by applicable law.
Legal Claims: Transfers necessary for the establishment, exercise, or defense of legal claims.

8.3 Safeguards and Risk Mitigation

Beyond legal mechanisms, OilNational Group implements robust technical and organizational measures to protect data during international transfers:

Encryption: Data is encrypted in transit using industry-standard protocols (TLS 1.3) and at rest using strong encryption algorithms (AES-256).
Access Controls: Strict role-based access controls ensure that only authorized personnel with a legitimate need can access transferred data.
Monitoring: Continuous monitoring of cross-border data flows to detect and prevent unauthorized access or anomalies.
Vendor Audits: Regular audits of third-party recipients to verify their compliance with contractual data protection obligations.

8.4 Transparency and Notification

We are committed to transparency regarding our international data transfer practices. A list of countries to which we regularly transfer data, along with the specific safeguards employed, is available upon request by contacting Partners@oilnational.com. In the event of a significant change in our transfer mechanisms or a identified risk in a destination country, we will notify affected individuals and take corrective action as necessary.

By providing your personal data to OilNational Group, you expressly consent to the transfer, storage, and processing of your information in countries outside your jurisdiction, subject to the safeguards described herein. We assure you that your user privacy rights will be upheld regardless of where your data resides, reflecting our unwavering commitment to global information security and regulatory adherence.

9. DATA RETENTION POLICY

OilNational Group adheres to a principled data retention policy that ensures personal data is kept only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. We do not retain data indefinitely; instead, we employ a systematic approach to determine retention periods based on legal obligations, operational needs, and the nature of the data itself. This section outlines our retention principles, specific timeframes for different data categories, and procedures for secure disposal.

9.1 Principles of Data Retention

Our retention practices are guided by the following core principles:

Purpose Limitation: Data is retained only for the duration necessary to achieve the specific purpose for which it was collected. Once the purpose is fulfilled, the data is securely deleted or anonymized.
Legal Compliance: Retention periods are aligned with statutory requirements imposed by tax laws, securities regulations, anti-money laundering directives, and corporate governance mandates. Where multiple jurisdictions apply, we adhere to the longest applicable retention period to ensure global compliance.
Minimization: We regularly review our data holdings to identify and purge redundant, obsolete, or trivial (ROT) data, ensuring that our repositories contain only active, necessary information.
Security: Throughout the retention period, data is protected by robust information security measures, including encryption, access controls, and regular backups, to prevent unauthorized access, loss, or corruption.

9.2 Retention Periods by Data Category

While specific retention periods may vary based on the context and jurisdiction, OilNational Group generally applies the following guidelines:

9.2.1 Investor and Client Data

Active Relationships: Data related to current investors, clients, and partners is retained for the duration of the business relationship plus a minimum of seven (7) years thereafter to satisfy tax, audit, and regulatory reporting obligations.
Terminated Relationships: Upon termination of an investment or service agreement, data is archived for seven (7) to ten (10) years, depending on the jurisdiction’s statute of limitations for legal claims and regulatory requirements.
Prospective Leads: Information collected from individuals who expressed interest but did not enter into a formal agreement is retained for up to three (3) years, after which it is deleted unless renewed consent is obtained.

9.2.2 Website and Technical Data

Server Logs: IP addresses, request timestamps, and error logs are retained for ninety (90) days for security monitoring and troubleshooting, after which they are automatically purged.
Analytics Data: Aggregated usage statistics and cookie-derived data are retained for twenty-six (26) months to facilitate trend analysis and performance optimization, consistent with Google Analytics’ default retention settings.
Session Data: Temporary session cookies and authentication tokens are deleted immediately upon logout or after a period of inactivity (typically thirty (30) minutes).

9.2.3 Employment and HR Data

Current Employees: Personnel files, payroll records, and performance reviews are retained for the duration of employment plus seven (7) years post-termination to comply with labor laws and tax regulations.
Job Applicants: Resumes and application materials for unsuccessful candidates are retained for two (2) years to consider future opportunities, unless the candidate requests earlier deletion.
Background Checks: Results of pre-employment screenings are kept for three (3) years to address any subsequent disputes or regulatory inquiries.

9.2.4 Compliance and Legal Records

KYC/AML Documentation: Identity verification records, sanctions screening results, and transaction monitoring logs are retained for a minimum of five (5) to ten (10) years, as mandated by global anti-money laundering directives.
Legal Correspondence: Emails, contracts, and legal opinions related to litigation or regulatory matters are retained for the duration of the matter plus the applicable statute of limitations (typically six (6) to ten (10) years).
Board Minutes and Corporate Records: Permanent retention is applied to foundational corporate documents, board resolutions, and shareholder registers to preserve corporate history and governance integrity.

9.3 Secure Disposal Procedures

When data reaches the end of its retention period, OilNational Group executes secure disposal procedures to ensure irretrievable destruction:

Digital Data: Electronic files are overwritten using Department of Defense (DoD) standard wiping methods or cryptographically shredded to prevent recovery. Database records are logically deleted and physically purged from backups during scheduled cycles.
Physical Documents: Paper records are cross-cut shredded or pulped by certified document destruction vendors who provide certificates of destruction.
Backup Media: Old backup tapes and hard drives are degaussed, crushed, or incinerated by licensed e-waste recyclers.

We maintain detailed logs of all data disposal activities, including dates, methods, and responsible personnel, to demonstrate compliance with our data protection policy and facilitate audits.

9.4 Exceptions to Retention Limits

In certain exceptional circumstances, data may be retained beyond the standard periods:

Legal Holds: If data is subject to a litigation hold, regulatory investigation, or internal inquiry, retention is suspended until the hold is lifted, regardless of the original expiration date.
Archival Purposes: Data of historical, scientific, or statistical significance may be retained indefinitely in an anonymized format for research or archival purposes, provided that individual identification is no longer possible.
Consent Extension: If an individual explicitly consents to extended retention for a specific purpose (e.g., long-term networking), data may be kept for the duration specified in the consent.

OilNational Group regularly reviews its data retention policy to ensure alignment with evolving legal requirements and best practices. We are committed to minimizing our data footprint while maintaining the records necessary for operational excellence and regulatory adherence. If you wish to inquire about the retention period applicable to your specific data, please contact us at Partners@oilnational.com.

10. DATA SECURITY MEASURES

OilNational Group recognizes that user data security is paramount to maintaining the trust of our institutional investors, sovereign partners, and stakeholders. As a global energy investment firm managing sensitive financial and operational data, we implement a comprehensive, multi-layered information security framework designed to protect personal data against unauthorized access, disclosure, alteration, destruction, and loss. Our approach integrates advanced technical safeguards, rigorous organizational controls, and a proactive risk management methodology that aligns with international standards such as ISO/IEC 27001, NIST Cybersecurity Framework, and SOC 2 Type II.

10.1 Technical Safeguards

We deploy state-of-the-art technologies to secure data throughout its lifecycle, from collection to disposal:

Encryption: All personal data is encrypted both in transit and at rest. Data transmitted between users and our servers is protected using Transport Layer Security (TLS) 1.3 with strong cipher suites. Data stored in databases, file servers, and cloud environments is encrypted using Advanced Encryption Standard (AES) with 256-bit keys. Key management follows strict separation of duties and hardware security module (HSM) protocols.
Access Control: We enforce a Zero Trust architecture, requiring strict identity verification for every person and device trying to access resources on our private network, regardless of whether they are sitting within or outside of the network perimeter. Multi-Factor Authentication (MFA) is mandatory for all employees, contractors, and privileged users accessing sensitive systems. Role-Based Access Control (RBAC) ensures that individuals have access only to the data necessary for their specific job functions.
Network Security: Our network infrastructure is protected by next-generation firewalls (NGFW), intrusion detection and prevention systems (IDPS), and web application firewalls (WAF) that monitor and filter incoming and outgoing traffic. Segmentation techniques isolate critical systems (e.g., investor databases, financial ledgers) from general corporate networks to limit the blast radius of potential breaches.
Endpoint Protection: All devices connected to our network, including laptops, mobiles, and servers, are equipped with endpoint detection and response (EDR) solutions that provide real-time monitoring, threat hunting, and automated remediation of malware, ransomware, and other malicious activities.
Vulnerability Management: We conduct regular vulnerability scans and penetration tests on our applications, networks, and infrastructure to identify and remediate security weaknesses before they can be exploited. Patch management processes ensure that all software and systems are updated promptly with the latest security fixes.
Data Loss Prevention (DLP): DLP tools monitor, detect, and block sensitive data while in use, in motion, and at rest. These tools prevent unauthorized exfiltration of personal data via email, USB drives, cloud uploads, or other channels.

10.2 Organizational Controls

Technology alone is insufficient; we complement our technical defenses with robust organizational policies and procedures:

Security Governance: A dedicated Chief Information Security Officer (CISO) oversees our information security strategy, reporting directly to the Board of Directors. A cross-functional Security Steering Committee meets quarterly to review risk posture, approve policies, and allocate resources.
Employee Training: All employees undergo mandatory cybersecurity awareness training upon hire and annually thereafter. Training covers phishing recognition, password hygiene, social engineering tactics, and incident reporting procedures. Specialized training is provided to IT staff, developers, and data handlers.
Incident Response Plan: We maintain a detailed Incident Response Plan (IRP) that outlines roles, responsibilities, and procedures for detecting, containing, eradicating, and recovering from security incidents. The plan includes communication protocols for notifying affected individuals, regulators, and law enforcement in accordance with breach notification laws.
Vendor Risk Management: Third-party vendors and service providers are subject to rigorous security assessments before engagement. Contracts include strict data protection clauses, audit rights, and breach notification obligations. We conduct periodic reviews to ensure ongoing compliance.
Physical Security: Our physical facilities, including data centers and offices, are secured with biometric access controls, CCTV surveillance, mantraps, and 24/7 security personnel. Visitor access is logged and escorted at all times.
Change Management: All changes to production systems, applications, and configurations follow a formal change management process that includes risk assessment, testing, approval, and documentation to prevent unintended security gaps.

10.3 Risk Management Approach

OilNational Group adopts a proactive, risk-based approach to information security:

Risk Assessments: Comprehensive risk assessments are conducted annually, or whenever significant changes occur in our business, technology, or regulatory environment. These assessments identify threats, vulnerabilities, and impacts, guiding the prioritization of security investments.
Threat Intelligence: We subscribe to leading threat intelligence feeds and participate in industry information sharing and analysis centers (ISACs) to stay abreast of emerging cyber threats, attack vectors, and adversary tactics.
Business Continuity and Disaster Recovery: Robust Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies ensure that critical operations can resume rapidly in the event of a disruption. Data is backed up frequently to geographically dispersed locations, and recovery drills are performed semi-annually to validate efficacy.
Continuous Monitoring: Security Operations Center (SOC) analysts monitor our environment 24/7/365, using Security Information and Event Management (SIEM) systems to correlate logs, detect anomalies, and initiate rapid response to potential incidents.

10.4 Breach Notification

In the unlikely event of a data breach that compromises personal data, OilNational Group is committed to swift and transparent action. We will:

Contain and Investigate: Immediately activate our Incident Response Plan to contain the breach, assess its scope, and determine the root cause.
Notify Authorities: Report the breach to relevant supervisory authorities within seventy-two (72) hours of becoming aware, as required by GDPR compliance and other applicable laws.
Inform Affected Individuals: Notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms, providing clear guidance on protective steps they can take.
Remediate and Improve: Implement corrective measures to prevent recurrence and enhance our security posture based on lessons learned.

Our dedication to user data security is unwavering. We continuously invest in people, processes, and technologies to stay ahead of evolving cyber threats and ensure that your personal data remains safe in our custody. For more information about our security practices, please contact Partners@oilnational.com.

11. USER RIGHTS AND PRIVACY CONTROLS

OilNational Group is committed to empowering individuals with control over their personal data. Under global data protection laws, including the GDPR, UK GDPR, CCPA, and various Asia-Pacific frameworks, you possess specific rights regarding the collection, use, and storage of your information. This section details these user privacy rights and provides clear instructions on how to exercise them. We treat every request with seriousness and aim to respond within the statutory timeframes mandated by applicable law.

11.1 Right to Access

You have the right to request confirmation as to whether OilNational Group is processing your personal data and, if so, to obtain a copy of that data along with information about the purposes of processing, categories of data concerned, recipients of the data, and the envisaged retention period.

How to Exercise: Submit a written request to Partners@oilnational.com specifying the information you seek. We may require verification of your identity to prevent unauthorized disclosure.
Response Time: We will respond within thirty (30) days, extendable by two additional months for complex requests, with notification of the extension provided within the initial period.

11.2 Right to Rectification

If you believe that the personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request correction or completion of such data.

How to Exercise: Contact us at Partners@oilnational.com with details of the inaccuracies and supporting documentation where applicable.
Action: We will verify the information and make necessary corrections promptly. If the data has been shared with third parties, we will notify them of the rectification unless doing so proves impossible or involves disproportionate effort.

11.3 Right to Erasure (Right to Be Forgotten)

Under certain circumstances, you may request the deletion of your personal data. This right applies when:

The data is no longer necessary for the purposes for which it was collected.
You withdraw consent on which the processing was based, and there is no other legal ground for processing.
You object to processing based on legitimate interests, and we have no overriding legitimate grounds.
The data has been unlawfully processed.
Deletion is required to comply with a legal obligation.
Exceptions: This right is not absolute. We may retain data if necessary for compliance with legal obligations (e.g., tax records, AML logs), for the establishment, exercise, or defense of legal claims, or for public interest archiving.
How to Exercise: Send your request to Partners@oilnational.com. We will evaluate the request against legal exemptions and inform you of our decision.

11.4 Right to Restriction of Processing

You may request the restriction of processing your personal data in specific scenarios:

You contest the accuracy of the data, pending verification.
The processing is unlawful, but you oppose erasure and request restriction instead.
We no longer need the data for the original purpose, but you require it for legal claims.
You have objected to processing based on legitimate interests, pending verification of whether our grounds override yours.
Effect: During restriction, data may only be stored or processed with your consent, for legal claims, to protect another person’s rights, or for reasons of important public interest.
How to Exercise: Contact Partners@oilnational.com with your rationale for restriction.

11.5 Right to Data Portability

Where processing is based on consent or contractual necessity and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.

Scope: This applies only to data you have provided to us directly.
How to Exercise: Request portability via Partners@oilnational.com. We will provide the data in CSV or JSON format within thirty (30) days.

11.6 Right to Object

You have the right to object, on grounds relating to your particular situation, to processing of your personal data based on legitimate interests or public task. We will cease processing unless we demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Direct Marketing: You have an absolute right to object to processing for direct marketing purposes at any time. Upon objection, we will immediately cease using your data for such purposes.
How to Exercise: Use the “unsubscribe” link in marketing emails or contact Partners@oilnational.com directly.

11.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for a contract, authorized by law, or based on explicit consent. OilNational Group does not currently engage in solely automated decision-making that produces significant legal effects; human review is always involved in critical decisions affecting individuals.

11.8 Exercising Your Rights: Verification and Process

To protect your user data security, we must verify your identity before fulfilling any rights request. This may involve requesting additional information such as a copy of your government-issued ID, proof of address, or answers to security questions. We will not discriminate against you for exercising your rights, nor will we charge a fee unless your request is manifestly unfounded or excessive.

For California residents under CCPA/CPRA, you also have the right to opt-out of the “sale” or “sharing” of personal data (though OilNational Group does not sell data) and the right to limit the use of sensitive personal information. These rights can be exercised via the same contact channels.

To initiate any of these requests, please contact our Data Protection Team at Partners@oilnational.com. We are dedicated to facilitating your user privacy rights efficiently and transparently.

12. THIRD-PARTY LINKS AND EXTERNAL RESOURCES

The oilnational.com website may contain links to third-party websites, applications, or services that are not owned, operated, or controlled by OilNational Group. These links are provided solely for your convenience and informational purposes. Examples may include links to industry publications, regulatory bodies, partner organizations, news outlets, or social media platforms.

Important Disclaimer: OilNational Group does not endorse, warrant, or guarantee the products, services, content, or privacy practices of any third-party site accessible through our links. The inclusion of any link does not imply a recommendation or affiliation with the linked entity.

Privacy Implications: When you click on a link to a third-party site, you will leave our Site and be directed to an external domain. At that point, this privacy policy no longer applies. Your interactions on the third-party site are governed by that entity’s own privacy policy and terms of use, which may differ significantly from ours. We strongly encourage you to review the privacy policies of any third-party sites you visit to understand how they collect, use, and share your personal data.

No Responsibility: OilNational Group assumes no responsibility or liability for the content, accuracy, legality, decency, or reliability of any third-party site, nor for any loss or damage that may arise from your use of or reliance on any such site. We have no control over the nature, content, and operation of these external sites and cannot be held accountable for their data processing practices or information security measures.

Reporting Concerns: If you encounter a broken link or believe a linked site is engaging in deceptive or harmful practices, please notify us at Partners@oilnational.com so we can investigate and potentially remove the link. However, our ability to influence third-party behavior is limited, and ultimate responsibility for your online safety rests with you.

We advise caution when providing personal data to any third-party site. Always look for indicators of trustworthiness, such as HTTPS encryption, clear privacy policies, and reputable branding, before sharing sensitive information.

13. CHILDREN’S PRIVACY

OilNational Group is committed to protecting the privacy of children and adheres to strict guidelines regarding the collection of personal data from minors. Our services, investments, and digital platforms are designed exclusively for professional, institutional, and adult audiences. We do not knowingly collect, solicit, or maintain personal data from individuals under the age of eighteen (18) years, or under the age of majority in their respective jurisdiction, whichever is higher.

Prohibition on Minor Usage: The oilnational.com website and all associated services are not intended for children. Minors are strictly prohibited from registering accounts, submitting forms, or providing any personal data to OilNational Group. If we discover that we have inadvertently collected personal data from a child without verified parental consent, we will take immediate steps to delete such information from our servers and terminate any associated accounts.

Parental Guidance: Parents and guardians are encouraged to monitor their children’s online activities and instruct them never to provide personal data to OilNational Group or any other online service without permission. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at Partners@oilnational.com. We will promptly investigate and, if confirmed, erase the data in accordance with our data retention policy and applicable data protection laws.

Legal Compliance: This stance aligns with requirements under the Children’s Online Privacy Protection Act (COPPA) in the United States, Article 8 of the GDPR in the European Union, and similar regulations globally that impose heightened protections for children’s data. OilNational Group does not engage in marketing or profiling activities directed at minors, nor do we allow third parties to collect data from children via our Site.

By using our Site, you represent and warrant that you are of legal age to form a binding contract and that you are not a minor. If you are under the age of majority, you must not access or use the Site under any circumstances.

14. POLICY UPDATES AND NOTIFICATIONS

OilNational Group reserves the right to modify, amend, or update this privacy policy at any time to reflect changes in our data processing practices, technological advancements, legal requirements, or business operations. Such updates are necessary to ensure that our data protection policy remains current, compliant, and reflective of our unwavering commitment to user data security and user privacy rights.

Notification of Changes: When we make material changes to this privacy policy, we will notify you through prominent notices on our website (oilnational.com), via email to registered users, or through other communication channels deemed appropriate. The “Last Updated” date at the top of this document will be revised to indicate the effective date of the changes. We encourage you to review this privacy policy periodically to stay informed about how we protect your personal data.

Continued Use Constitutes Acceptance: Your continued use of the Site or engagement with OilNational Group following the posting of changes constitutes your acceptance of the revised privacy policy. If you do not agree with the updated terms, you must discontinue your use of the Site and contact us at Partners@oilnational.com to discuss your options, which may include requesting the deletion of your data where legally permissible.

Historical Versions: Copies of previous versions of this privacy policy are available upon request for archival and reference purposes. We maintain these records to demonstrate our historical compliance and transparency.

Regulatory Alignment: Any updates will be implemented with careful consideration of global data protection laws across relevant jurisdictions, ensuring that our practices remain aligned with GDPR, UK GDPR, CCPA/CPRA, and other applicable frameworks. We consult with legal counsel and data protection experts to validate the adequacy of our updates before implementation.

Our goal is to maintain a living document that evolves with the landscape of information security and privacy regulation, always prioritizing the trust and confidence of our stakeholders.

15. CONTACT INFORMATION AND GOVERNANCE

OilNational Group takes its responsibilities regarding personal data seriously and has established dedicated channels for addressing inquiries, concerns, and requests related to this privacy policy and our data protection practices. We believe that open communication is essential to fostering trust and ensuring accountability.

Primary Contact Point:
For any inquiries regarding this Privacy Policy, data protection policy, user privacy rights, or information security practices, all communications should be directed to:

OilNational Group
Attention: Data Protection Officer / Privacy Team
Website: oilnational.com
Email: Partners@oilnational.com

Response Commitment:
We strive to respond to all legitimate inquiries within thirty (30) days of receipt. Complex requests may require additional time, up to sixty (60) days, in which case we will notify you of the delay and the reason thereof. Our team is equipped to handle requests in multiple languages to accommodate our global stakeholder base.

Supervisory Authorities:
If you reside in the European Economic Area (EEA), United Kingdom, California, or other jurisdictions with dedicated data protection authorities, you have the right to lodge a complaint with your local supervisory body if you believe that our processing of your personal data violates applicable data protection laws. However, we encourage you to contact us first so that we have the opportunity to address your concerns directly and resolve any issues amicably.

Global Reach:
Given our international operations, our Data Protection Team is trained to handle cross-border inquiries and coordinate responses that comply with the diverse legal landscapes in which we operate. Whether you are an investor in New York, a partner in Dubai, or a visitor in Singapore, your user privacy rights are paramount to us.

Transparency and Accountability:
We maintain detailed records of all privacy-related inquiries and their resolutions to demonstrate our commitment to accountability. These records are subject to internal audit and regulatory inspection to ensure continuous improvement of our data processing practices.

Thank you for trusting OilNational Group with your personal data. We are dedicated to upholding the highest standards of information security, transparency, and respect for your user privacy rights as we navigate the complex global energy landscape together.

For any inquiries regarding this Privacy Policy or data protection practices, all communications should be directed to Partners@oilnational.com.