Skip to main content

Privacy policy and data protection in Equinor

Photo: Øivind Haug

1. Introduction

This privacy policy provides an overview of how Equinor processes personal data. Privacy and data protection laws protect the integrity and confidentiality of a person’s personal information. Equinor is committed to protecting the privacy rights of our employees and everyone with whom we do business or cooperate with. We will only use personal data for appropriate purposes, and personal data will be processed in accordance with applicable data protection regulations and Equinor's Binding Corporate Rules.

Within the Equinor Group, the data controller will be Equinor ASA and/or the Equinor company(ies) you have your relationship with. You will find a list of Equinor legal entities processing personal data here. Equinor ASA operates equinor.com and is the controller for the processing of personal data generated from using the site, as well as a number of the processes described in section 2 below. The local Equinor entities are the controllers of personal data processed to provide local processes and local websites.

2. Equinor’s processing of personal data

3. Categories and collection of personal data

For easier understanding of this privacy policy, we have set up the following categories of personal data described here. This does not imply that all types of personal data within the categories will always be processed for each listed purpose.

The categories of personal data Equinor may collect and hold about data subjects include:

  • Contact information, such as names, addresses, telephone numbers, email addresses, titles.
  • Recruitment information, such as application, CV, references, background checks, interviews and assessments, immigration and relocation information, exit surveys.
  • Human resources information, such as details about an individual’s work experience and qualifications, date of birth, identification documentation, driver’s license details; national identity, social security number, employee number, position, organisation, bank account, next of kin, union membership, location, salary and leader.
  • Communication-related information, such as public political relations, positions, preferences related to marketing and events (including allergies/diets restrictions when provided by participants), and information related to user behaviour in own communication-channels (including IP-addresses).

Personal data may be collected in several ways, including:

  • directly by Equinor staff when establishing a business relationship or through operational dealings;
  • from a third-party service provider or agent, from a source of publicly available information (e.g. websites) or from an employer (e.g. where a supplier or contractor provides personal data about their employees);
  • through use of Equinor's website; or
  • data provided directly by you.

4. Transfer and sharing of personal data

Equinor will only transfer or share personal data where necessary and proportionate for a specific, stated purpose and supported by a valid legal basis. Intragroup transfers are governed by Equinor’s Binding Corporate Rules (BCR) and the Intragroup Personal Data Agreement (IPDA), which together provide the legal basis and safeguards for sharing within the Equinor group, including outside the EU/EEA.

When sharing with third parties:

  • Processors: Equinor uses Data Processing Agreements covering instructions, confidentiality, security, sub‑processor controls, audit rights, breach notification, and deletion/return at termination.
  • Independent controllers (e.g., banks, insurers, auditors, law firms, public authorities): Equinor ensures its own legal basis, limits disclosures to what is necessary, and provides clear information to data subjects about recipients or categories of recipients, purposes, and any international transfers.

International transfers to countries without an adequacy decision rely on valid mechanisms (e.g., BCR, Standard Contractual Clauses or equivalent) and a context‑specific transfer risk assessment with supplementary measures where needed. Contracts restrict onward transfers and require equivalent protection throughout the chain of service providers.

5. How to exercise your rights as a data subject and DPO contact information

National and international data protection laws and regulations give rights to data subjects. The data subjects have, under some circumstances and subject to the laws of the particular jurisdiction, the right to request access, rectification, erasure and/or restriction to processing of their data, or object to processing.

Where your personal data has been disclosed to third parties, you may request information about the categories of recipients and, where feasible, specific recipients.

If you have questions or want to exercise your rights as a data subject, please contact the Data Protection Officer in Equinor (email address: gm_dataprotection@equinor.com). You have a right to complain to the Norwegian or local Data Protection Authority if you believe that we have breached the data protection legislation, but we encourage you to first contact our Data Protection Officer, before filing such complaint.

6. Notice to California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our Privacy Notice for California Residents.

7. Notice to Japan Residents of data transfers

Equinor’s Japan branch, Equinor Japan G.K., may transfer personal data to Equinor ASA for their processing (kyodo-riyo) of personal data for the purposes described in this privacy policy. In such cases, Equinor New Energy, Japan branch is the party responsible for dealing with your exercise of rights as data subjects and other management of the personal data under Japanese law.

8. Notice to Brazilian Residents

If you are a Brazilian resident, Brazilian law may provide you with additional rights regarding our use of your personal information. To learn more about your Brazilian privacy rights, visit our Privacy Notice for Brazilian Residents.

9. Changes to this privacy policy

We may update this privacy policy from time to time. If such updates are not material, we may make such alterations without posting a specific notice on our website. If the changes are material and affects your rights or the way we process personal data, we will provide a specific notice on our website. Please review this privacy policy from time to time.

Last updated: 02.07.2026

Downloads