Privacy Policy
June 27, 2022
 
General

NuStar Energy L.P, is a publicly traded pipeline and terminal operator ("NuStar", "we", "us" or "our"). Our principal office is at 19003 IH-10 West, San Antonio, TX 78257. This web site www.nustarenergy.com (the "Site") is operated by NuStar Energy L.P. and its affiliates and subsidiaries ("NuStar Affiliates"). NuStar is committed to protecting the privacy and security of your personal data.

This Privacy Policy discloses our information gathering and dissemination practices for our Site, for when you do business with NuStar (whether as a customer or vendor), and when you access our facilities and how we handle information we learn about you from your visit to our Site, your business interactions with NuStar, or your visit to our facilities. This Privacy Policy should be read in conjunction with our Terms of Use. Please note that this Privacy Policy does not apply to personal data of NuStar employees and non-employee workers. Please refer to the NuStar Employee and Non-Employee Workers Privacy Policy about how we handle information from NuStar employee and non-employee workers.

Please read this Privacy Policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with this Privacy Policy, your choice is not to use the Site, to not do business with us (whether as a customer or vendor), or to not access our facilities. By accessing or using the Site, doing business with us (whether as a customer or vendor), or accessing our facilities, you indicate that you understand, accept, and consent to our policies and practices described in this Policy. This Policy may change from time to time. Your continued use of Site, continued practice of doing business with us (whether as a customer or vendor), or continued access to our facilities, after we make changes indicates that you accept and consent to those changes, so please check the Privacy Policy periodically for updates.

Privacy Statement
 
Sources of information

We obtain information about you when you use our Site, when you do business with NuStar (whether as a customer or vendor), or when/where/how you access our facilities. For example, when you fill in forms on our Site, subscribe to any service, contact us about NuStar services or further services, or visit our facilities. If you contact us, we may keep a record of that correspondence. We may also collect details of your visits to our Site including traffic data, location data, weblogs and other communication data, and the resources that you access. We may also collect personal data from internet service providers, data analytics providers, advertising networks, government entities, operating systems and platforms, and drone cameras/sensors. If you visit our facilities, we may collect personal details about you and the purpose of your visit.

The information that we receive and use depends on what you do when you visit our Site, how you do business with NuStar (whether as a customer or vendor), or when/where/how you access our facilities.

Information we collect

We may collect the following categories of personal data:

  • Personal Identifiers (such as name, alias, IP address, email address, or mailing address);
  • Customer/Vendor Records (such as telephone number, physical characteristics, or descriptions; for sole proprietors, this may also include a social security number or tax id number and other information to process payments);
  • Personal Characteristics or Traits (such as demographic data);
  • Commercial Information (such as services provided, products or services purchased or considered);
  • Internet Usage Information (such as browsing history, search history, or interactions with our Site or services regarding what pages from the Site are accessed and when);
  • Geolocation Data (such as general physical location);
  • Sensory Information (such as audio, thermal, or visual information from CCTV cameras/scanners and drones); a
  • Inferences derived from personal data; and
  • Information from visits to our facilities including Systematic Monitoring (CCTV cameras/scanners and drones, access card records, network use, equipment use including, but not limited to, the geolocation of computers, external storage, tablets, servers, and cellphones), Visual Records (photographs and visual documentation, including that of person, personal property, and projects), and Biometric Data (fingerprint or facial scans in certain circumstances).

We may use the personal data we collect about you with information obtained from other sources, such as public databases, social media platforms, and other third parties. The information we collect depends on your use of our Site, how you do business with NuStar (whether as a customer or vendor), or when/where/how you access our facilities and interactions with us. For example, if you are an investor or fill out an online form, you may provide certain types of information that will be used for business purposes.

For more details on the examples of personal data that may be collected and how that data may be disclosed for business purposes, see below section "Sharing personal data."

IP Address

When your web browser or e-mail application requests a web page or e-mail from another computer on the Internet, it automatically gives that computer the address where it should send the information. This is called your computer's internet protocol address ("IP Address"). For most users accessing the Internet from a dial-up Internet service provider, the IP Address will be different every time you log on.

Cookies

NuStar may collect information about you and our Site by using cookies, tracking pixels and other technologies (collectively, "Tools"). We use this information to better understand, customize and improve user experience with our web sites, services and offerings. For example, we use web analytics services that leverage these Tools to help us to understand how visitors engage with and navigate our Site, e.g., how and when pages in a site are visited and by how many visitors. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, which you can control through your browser or mobile settings.

Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, web sites that are cookie-enabled will not recognize you when you return to the web site, and some web site functionality may be lost. The Help section of your browser may tell you how to prevent your browser from accepting cookies. To find out more about cookies, visit www.aboutcookies.org.

Given that there is not an industry or legal standard for recognizing Do Not Track (DNT) signals, as of the effective date, we do not respond to DNT signals.

Use of personal data

We may use your information, including your name and email address, in order to:

  • fulfill the purposes for which you provided the information or that were described when it was collected, or any other purpose for which you provide it, including to facilitate or process existing business interactions and transactions and facilitate the creation of new business;
  • ensure that content from our Site is presented in the most effective manner for you and for your computer;
  • provide you with information, publications and marketing communications about our products and services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
  • seek your opinions on the services we provide;
  • carry out our obligations arising from any agreements entered into between you and us;
  • allow you to participate in interactive features of our service, when you choose to do so;
  • notify you about changes to our products or services;
  • ensure a safe and healthy work environment;
  • conduct audits and quality assurances related to our current interactions with you;
  • create usage data;
  • debug our Site and service to identify and repair errors that impair existing intended functionality;
  • perform services, including customer service, processing or fulfilling transactions, processing payments, advertising and marketing services, analytic services or other similar services;
  • respond to law enforcement requests, court orders, government regulations, or otherwise comply with legal and regulatory requirements;
  • ensure the proper functioning of company infrastructure and facilities; and
  • evaluate or conduct a merger, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Site users is among the assets transferred.

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We may aggregate and/or de-identify data about visitors to our Site and use it for any purpose, including product and service development and improvement activities.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing personal data

Depending on the jurisdiction you are located in, we may disclose the following categories of personal data to service providers and third parties. Category Examples Disclosed for a business purpose A. Identifiers.

Category Examples Disclosed for a business purpose
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. YES
B. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal data included in this category may overlap with other categories.
YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. YES
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal data. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES
 

Does NuStar sell my personal data?
NuStar does not sell your personal data for money. As mentioned, NuStar may use tools that may provide data, which may be treated as personal data, to other parties that may use it for their own purposes or direct benefit. While there is not yet a consensus, we do not believe that data practices of third-party cookies and tracking devices associated with our Site or services constitute a sale of personal information by us and therefore we do not currently treat these activities as a sale. We encourage you to exercise control over browser-based cookies by adjusting your browser and mobile device settings.

Does NuStar share my personal data with third parties?
NuStar may disclose personal data with third parties for a business purpose. "Third parties" includes government authorities and agencies, third-party service providers (including contractors and designated agents) and other NuStar Affiliates who carry out the following business purposes: information technology, human resources, operations, operator qualifications, and contract management. From time to time, we may share your personal data with third parties for a third party's own direct benefit including, for example, organizations we work with to conduct market research.

Do third-parties protect my personal data?
The agreements we enter into with our third-party service providers require them to take appropriate security measures to protect your personal data, and prohibit them from using your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfer
The majority of our computer systems, networks, and devices are currently based in the United States. As we operate internationally, your personal data may be processed in the United States or elsewhere. In that case, the personal data is subject to the law of the jurisdiction in which it is used or stored, including any law permitting or requiring disclosure of the information to the government, government agencies, courts and law enforcement in that jurisdiction.

Your Rights

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with all applicable data protection laws. We will not discriminate against individuals for exercising their applicable rights.

Certain consumer rights you may have include:

  • the right to request access to the personal data we have about you, by which you can request simple or electronic copies of your personal data;
  • the right to rectification, we can correct some of the personal data we have about you;
  • the right of objection, under certain circumstances, you may object to the processing of your personal data, and as a result, we must discontinue the processing of your personal data;
  • the right to request that we cancel or delete the personal data we have about you;
  • the right to opt-out of our use, transfer, exchange, or disclosure (including to third parties) of personal data about you; and
  • the right not to be discriminated against based upon whether you decide to exercise your rights, as described above.

In some jurisdictions, applicable law may entitle you to receive disclosures relating to:

  • the categories and specific pieces of information we have collected;
  • the categories of sources from which the personal data is collected;
  • the business or commercial purpose for collecting personal data; and
  • the categories of third parties with whom we share personal data

If you wish to access, opt-out, or request deletion of your personal data, we will ask you to verify your identity. If we are unable to verify your identity, suspect fraud, or fulfilling your request will infringe upon our or another person's rights or conflict with applicable law, we may deny your request. If you are an authorized agent or parent/guardian making a request on behalf of a consumer or your child, we may require and request additional information to verify that you are authorized to make the request. We will explain the reason(s) for the denial of any request.

You may exercise any of your rights in relation to your personal data by contacting us using the details provided under the “Questions, Concerns, or Comments?” section.

Children's Privacy

The Site, doing business with NuStar (whether as a customer or vendor), or accessing our facilities is not directed to individuals under the age of eighteen (18) years, and we do not knowingly collect personal data from individuals under the age of (18) years. According to our terms, children are not permitted to use our Site.

Withdrawing Your Consent

Where you have provided your consent to the collection, use, and transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us using the details below. Please note that if you withdraw your consent, we may not be able to provide you with particular services. We will explain the impact to you at the time to help you with your decision.

Links to Third-Party Sites

The Site may contain links to other websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Site links. The inclusion of a link on the Site does not imply endorsement of the linked site or service by us. We encourage you to read the legal notices posted on those sites, including their privacy policies.

California's "Shine the Light" Law

California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal data to third parties for their direct marketing purposes in the previous calendar year. We do not share personal data with third parties for their own direct marketing purposes without obtaining your consent or providing the ability to opt-out.

Security Statement

NuStar maintains reasonable security measures, including physical, administrative, and technical safeguards which are designed to secure personal data, and to prevent negligent or accidental loss or destruction, improper use, alteration or unauthorized access.

Despite these precautions, no data security safeguards are foolproof. Identity thieves, hackers and other unauthorized individuals may find ways to obtain personal data. Although this is unlikely, NuStar has put in place procedures to deal with any suspected and/or actual data security breach and will notify the affected users and any applicable regulator of a breach where we are legally required to do so and take steps to mitigate harm.

Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or any other medium through which you provide us with your personal data.

Intellectual Property

All trademarks depicted are the intellectual property of their respective owners. Please see our Terms of Use for more information.

Changes to this Privacy Policy

Any changes we may make to this Privacy Policy will be posted on this web page. NuStar will update the Privacy Policy's effective date to let you know when the Policy has been updated.

When NuStar deems it appropriate, other forms of notice, such as e-mail or other forms of electronic communication, may be also given concerning any substantive changes to this Policy or as otherwise required under applicable laws.

Questions, Concerns or Comments?

If you have any questions, concerns or comments about this Privacy Policy, the practices of this Site, or your dealings with this Site, you can contact our Governance, Ethics and Compliance Officer at:

Mail:
c/o Governance, Ethics and Compliance Officer
NuStar Energy L.P.
19003 IH-10 West
San Antonio, TX 78257
USA
Phone:
1-800-866-9060 and request to speak to our Governance, Ethics and Compliance Officer