Privacy and cookies

When you use our website, like many others, we use small files called cookies in order to make the site work as expected, to help us customise your experience when visiting the site and provide us with information about the use of our website.

Cookies are small text files that are stored by the browser on your computer or mobile device. They allow websites to store things like user preferences, almost like a memory of your browsing so that you can be recognised if you use the website again, making your next visit easier and the site more useful to you.

The law states that we can store cookies on your device where they are essential to the operation of the site, for example, to enable you to move around the website and use its features. For other non-essential ones we require your permission. At any time, you can remove your permission for non-essential cookies, however, disabling these may have a negative impact on how the website functions for you.

Where we use non-essential cookies, we do so in order to gain useful knowledge about how the site is used, which pages are visited and how often, etc. We use this information to ensure our website functions effectively for our users. We do not use these cookies to track or identify individual users.

Below is a list of the cookies we use on this site and how long we keep them for:

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be switched off.

Performance Cookies

Performance cookies allow us to count visits to our site and the traffic source, enabling us to improve the performance of the site. They help us understand which pages are most and least popular and how users move around our website. The information gathered is aggregated and anonymous. These can be disabled but may have a negative impact on your experience when using our website.

Custom Cookies

Custom cookies allow us to record your cookie preferences.

For information on how to manage Cookie preferences go to http://www.aboutcookies.org.uk/managing-cookies or http://www.allaboutcookies.org/manage-cookies/

Our website allows users to contact us via an online form. When you contact us, we use your information only to respond to your enquiry. We do not share this information with any third parties.

Through our website you can subscribe to email alerts relating to our business. We will only send you the information you have indicated you would like to receive at the time of subscribing and you are able to unsubscribe at any time by using the unsubscribe option contained in the emails we send you. We do not share this information with any third parties, except Mailchimp whose services we use to manage subscriptions.

Our email alerts to you contain web beacons. These tell us if you have opened the email or followed any links that may be contained within the email. They help us to understand better the effectiveness of our email alerts to you and to identify areas for improvement.

If you do not want us to have this information you can switch this off by amending your email preferences via the MailChimp link contained in the email we sent you.

On our Careers page we publish any vacancies we have and users can submit an application to us online via this page. We will use and retain the information you provide for recruitment purposes only.

When recruiting we sometimes use recruitment agencies. When you submit your application to them they will process your personal data on our behalf for recruitment purposes only. We will also use and retain the information you provide for recruitment purposes only. Recruitment agencies may additionally wish to retain and use your data for their own purposes. When they do, they are the data controller and as such are obliged to inform you of this processing directly and where appropriate seek your consent.

Other information we process as part of the recruitment and selection process may include interview notes, Occupational Health screening results and Psychometric testing results.

In our day to day business we need to communicate with our suppliers and JV partners regularly. In order to do so we use contact information provided by our suppliers and JV partners. We only use this information for the purposes of conducting agreed business activities.

In some circumstances we require additional information from our suppliers for billing purposes, such as timesheets and invoices. These will contain a limited amount of personal data relating to employees or sub-contractors of our suppliers. This information is only used for the purpose of meeting our business and contractual obligations to the supplier.

Where employees or sub-contractors of our suppliers are providing services offshore we may need to provide some personal data to third parties who provide local services such as transport to offshore installations. This data may include a small amount of Special Categories of personal data. This information is required to ensure the safety and well-being of these individuals when travelling to and from our offshore installations, and while located on these installations. We will only ask you for this information if it is absolutely essential and only the minimum amount of information is provided for these purposes.

Likewise, where employees or sub-contractors of our suppliers are providing services outside of the UK we may also need to provide some personal data to third parties who provide similar local services. This data may also include a small amount of Special Categories of personal data. This information is required to ensure the safety and well-being of these individuals when travelling to and from our offshore installations, and while located on these installations. We will only ask you for this information if it is absolutely essential and again only the minimum amount of information is provided for these purposes.

To ensure your safety and well-being when undertaking travel on behalf of Capricorn or working off-shore we ask you to provide details of any medical conditions that might require us to provide additional support, or that we need to be aware of should you require medical assistance.

When we believe it is appropriate to do so, and to meet these obligations to you, we may share it with your fellow travellers and third-party security providers. When we do, we take care to ensure only the required information is shared and that the appropriate safeguards are always in place to protect your personal data.

You do not have to share your medical information with us but if you do not you acknowledge that there may be circumstances where we will be unable to adequately provide medical support you may need.

You can also request that we do not share your medical information, but if you restrict the sharing of your data in this way, again there may be circumstances where we will be unable to adequately provide medical support you may need.

Occasionally we may experience “unique circumstances”, such as a pandemic or serious incident, which requires the urgent collection and processing of health data. This may also include, in the case of a pandemic information about people you may have been in contact with. In these circumstances the processing purpose continues to be ensuring the health, safety and well-being of colleagues, and meeting our health and safety obligations.

In these circumstances it may also be necessary to share this data with third parties, such as emergency services, government authorities, crisis response providers, and in the case of a pandemic, colleagues you may have had contact with. In these cases, we only share the minimum amount of data necessary, anonymising where possible, and where appropriate we have the required safeguards in place, such as a contract for services.

When this data is no longer required, we either securely destroy or anonymise.

We are also required to hold information relating to industry certifications of individuals providing certain services to us. This is a regulatory requirement and we use an industry recognized training system provider to store and manage this information.

In order to meet tax reporting obligations, we may also require some financial information about individuals providing services in certain UK offshore jurisdictions. Where this is required, we limit data collection to only the data that is required.

To enhance working practices, some business tools may be provided to you via mobile apps which often gather varying amounts of data about your use of the app. This data is not collected by, or shared with Capricorn, therefore it is important that you read the associated third party privacy notices for information about their collection and processing of personal data and choose privacy settings you feel are appropriate to you.

Where we have to use third parties, we take care to ensure only the required information is shared and that the appropriate safeguards are in place to protect your personal data at all times. If you would like further information, please use the Contact Us section.

When you are an employee of Capricorn we routinely gather and process personal data about you, and we tell you about that in our Internal Privacy Notice. When you leave we still require to retain and process some personal data about you in order to meet any contractual obligations we may have to you, to meet legal obligations we may have, and for our own legitimate interests where these do not outweigh your rights and freedoms.

This may include your personnel file, information about your pension and/or shares you hold as part our employee share schemes, payroll and tax information, and information we need to retain relating to employment law or other relevant laws that apply to us. When we no longer require this information we securely destroy.

Sometimes we require individuals, such as employees or subcontractors of our suppliers or employment candidates, to undertake business travel on our behalf.  Where appropriate we will use the services of a travel management company to make the travel arrangements.

To book travel for you, we need to share some of your personal data with our travel management provider. This will include your name, address, date of birth, next of kin, passport details and visa information. It may also include some Special Categories of personal data such as travel vaccination records, or where the traveler may have some special requirements, for example dietary requirements for health or religious reasons, or requires additional support while travelling. Our travel management provider will also have to share some of your personal information with specific service providers, such as airlines, rail companies, hotels and other travel providers.

Sometimes visas are required when travelling to certain countries. When processing visa applications on your behalf we also need to share some of your information with third parties. This may be our travel management provider, a specialist travel visa provider, consulates or JV partners.

Your safety and security while travelling on our behalf is important to us. When we need you travel for us we assess the current risk profile of these locations and if required we arrange for local security to be provided for the duration of your stay. To do this we have to share some of your personal data with third party specialist service providers. Sometimes this will also include sharing medical information about you that they may need to ensure your safety and wellbeing at all times. For the same reason we may also share this data with colleagues who are travelling with you.

By managing business travel in this way we can ensure the most efficient and cost effective travel is purchased, that all travel meets our health and safety requirements and provide our travellers with 24/7 travel support.

Where we have to use third parties we take care to ensure only the required information is shared and that the appropriate safeguards are in place to protect your personal data at all times. If you would like further information please use the Contact Us section.

We have a legal obligation to ensure certain information about our Shareholders (name, address and number of shares held) is made available on our Register of Members. In order to meet this obligation we use a third party share registrar (Equiniti) to maintain this register on our behalf.

If you are a Shareholder and have any questions about your shareholding or other information maintained by our share registrar, please contact Equiniti on 0371 384 2660 (+44 121 415 7047 if calling from overseas). Lines are open between 8.30 am and 5.30 pm Monday to Friday excluding public holidays in England and Wales. Equiniti’s own privacy policy can also be found at https://equiniti.com/uk/privacy-policy/.

We also use this information for our own legitimate interests (such as providing insights into shareholder demographics) where these interests are not overridden by the fundamental rights and freedoms of the shareholders and former members. In performing these activities we may use the services of specialist third parties.

Where we have to use third parties we take care to ensure only the required information is processed and that the appropriate safeguards are in place to protect your personal data at all times. If you would like further information please use the Contact Us section.

While using our website no personal information about you is shared with third parties.

A limited number of third parties are used to support our offshore activities, business travel and shareholder management. These circumstances are detailed in the Employees of Suppliers and JV Partners, Business Travel and Shareholders sections.

While undertaking our legitimate business activities we may also use third parties to collect relevant stakeholder information on our behalf. Although this information is normally in the public domain we limit our collection and processing to only what is required for stakeholder engagement activities.

As part of our day to day business activities we also use the services of secure data-room providers to host and share personal data of both employee and external parties as part of operations projects. We would also use these services in the future if we engaged in any mergers or acquisitions activities.

Third parties who provide us with IT support services and secure data archiving services may also have access to some of your personal information to enable them to provide the services we have contracted them to do.

Where we have to use third parties we take care to ensure only the required information is shared and that the appropriate safeguards are in place to protect your personal data at all times. If you would like further information please use the Contact Us section.

Personal information provided to us via our website is not transferred outside of the UK.

As an organisation that operates internationally, in limited and necessary circumstances your information may be transferred outside of the UK.

A limited number of third parties are used to support our offshore activities, business travel and shareholder management. These circumstances are detailed in the Employees of Suppliers and JV Partners, Business Travel and Shareholders sections. Sometimes these activities require us to share personal data outside of the UK.

As part of our day to day business activities we also use the services of secure data-room providers to host and share personal data of both employee and external parties as part of operations projects. We would also use these services in the future if we engaged in any mergers or acquisitions activities. Sometimes these activities require us to share personal data outside of the UK.

Where we need to transfer personal data outside of the UK we only do so when there are adequate technical and organisational safeguards in place to ensure the security of the data. In addition, where we have to use third parties we take care to ensure only the required information is shared and that the appropriate safeguards are in place to protect the data at all times. If you would like further information please use the Contact Us section.

We only keep your personal data for the length of time we need for stated processing purposes. When no longer required this information is deleted from our systems.

We use reasonable technical, organisational and administrative measures to protect our website and any personal information we may collect through it. The internet is an unsecure environment and it is easy to fall victim to computer viruses and malware, therefore, it’s also important that you take appropriate steps to protect yourself when using the internet, such as keeping your device software up to date and having anti-virus software on your devices.

In the interests of the safety and security of our employees and visitors, CCTV cameras are in operation in some of our offices. Where CCTV is in operation there are signs in place advising of this and a strict code of practice is in place to ensure the protection of the privacy of individuals.

CCTV is also installed in some of the buildings where Capricorn’s offices are. These are operated and controlled by the building owner or the building management company who are also the data controllers of the images captured.

We may on occasion have a requirement to review building CCTV images for security reasons. When we need to review these images, we have to request this from the building owners or the building management providers, who have to be satisfied that we have a valid reason for the request, as they are the controllers of this data.

Further information about our CCTV is available on request.

If we plan to change how we process your personal information, such as changing the cookies we use, we will let you know before we make the changes and will publish the revised policy on our website.

Under the UK General Data Protection Regulation (GDPR) you have a number of rights relating to the collection, processing and storing of your personal information. In relation to using our website, including contacting us via the website, or where you have provided personal data to us by other means, you have the right to:

• Be informed about certain aspects of our processing of your personal data
• Request access to a copy of your personal data
• Request that any personal data that is inaccurate or incomplete is rectified
• Request erasure of your personal data in certain circumstances (also known as the right to be forgotten)
• Restrict the processing of your personal data in certain circumstances
• Object to the processing of your personal data in certain circumstances

In addition, where the processing is being performed on the basis of your consent you have the right to withdraw this consent at any time. This withdrawal will not affect the lawfulness of the processing carried out before consent was withdrawn.

If you believe that we have not complied with the requirements of GDPR in relation to the processing of your personal data you have the right to submit a complaint to the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (www.ico.org.uk).

Data Privacy Coordinator 
Capricorn Energy PLC
50 Lothian Rd
Edinburgh EH3 9BY

Telephone (office main switchboard) +44 1314753000

Contact us