02. Information We Collect
We collect different types of information depending on your interaction with us.
2.1 Information You Provide Directly
Depending on the service, you may provide:
2.2 Information Collected Automatically (Via Technology)
When you interact with our Website or TOS Platform, we may automatically collect:
Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and time spent.
Device Data: Information about your computer or mobile device.
Usage Data: How you use our Website and platform features.
Cookies and Tracking Technologies: As detailed in Section 5.
2.3 Information from Integrations (APIs, Odoo ERP, PLCs)
Due to the nature of our TOS Platform, we may receive data from:
OT/PLC Systems: Real-time flow rates, tank levels, and sensor data integrated via OPC UA/TSN protocols.
Odoo ERP: As our core ERP system, Odoo processes data related to sales, inventory, accounting, and HR modules .
Third-Party Platforms: Data from integrated platforms (e.g., Stripe for payments, Google for analytics, Microsoft for email) as described in Section 8.
04. Legal Basis for Processing (EEA and UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom, our processing of your personal data is based on the following legal bases under the GDPR:
Performance of a Contract: Where processing is necessary to provide you with our Services (e.g., managing your terminal operations, executing a trade).
Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., tax laws, anti-money laundering regulations).
Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., improving our platform, network security, direct marketing) and your interests and fundamental rights do not override those interests.
Consent: Where you have given explicit consent (e.g., for certain marketing cookies).
05. Cookie Policy and Tracking Technologies
5.1 Our Use of Cookies
We use cookies and similar technologies (web beacons, pixels) to distinguish you from other users, remember your preferences, and analyze how our Website performs.
5.2 Types of Cookies We Use
Because our Website is built on Odoo, we utilize standard Odoo cookies along with others for functionality and marketing:
5.3 Third-Party Cookies
Some cookies are placed by third-party services that appear on our pages, such as Google, LinkedIn, or Stripe (for payment processing). We do not control these cookies.
5.4 Your Consent and Control
Cookie Banner: Upon your first visit, a banner will inform you about cookies and request your consent for non-essential cookies.
Browser Controls: You can block or delete cookies through your browser settings. However, if you disable all cookies (including strictly necessary ones), some parts of our Website may not function properly.
06. Data Sharing and Disclosures
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:
6.1 Within the HSO Group
We may share your information with our subsidiaries and affiliates (e.g., Huron Smith Oil Co., Inc.) for internal business purposes consistent with this Privacy Policy.
6.2 Service Providers and Sub-processors
We engage third-party companies to facilitate our Services. These providers process data on our behalf and are contractually bound to protect your information. Key sub-processors include:
6.3 OT/PLC Hardware Vendors
To provide seamless integration, we may share configuration data with hardware vendors (e.g., Emerson, Siemens, ABB) solely for the purpose of ensuring compatibility and support.
6.4 Legal and Compliance Disclosures
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
6.5 Business Transfers
In the event of a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your data becomes subject to a different privacy policy.
07. International Data Transfers
7.1 Cross-Border Processing
HSO Terminals operates globally. Your personal information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.
7.2 Safeguards for EEA/UK Data
When we transfer personal data from the EEA or UK to countries not deemed adequate by the European Commission (e.g., the United States), we rely on:
Standard Contractual Clauses (SCCs): approved by the European Commission.
Other Transfer Mechanisms: Such as Binding Corporate Rules or adequacy decisions where applicable.
7.3 Data Location
Odoo Data: By default, Odoo hosts data in specific regions based on your contract. We ensure our agreement with Odoo includes data processing terms compliant with GDPR.
TOS Platform Data: Operational data may be processed in our secure cloud infrastructure (AWS/GCP) with options for data residency depending on client requirements.
08. Integrations, APIs, and Third-Party Platforms
8.1 Odoo ERP Integration
Our Website and core business processes run on Odoo. This means that data you submit via web forms, your client profile, invoices, and support tickets are processed within the Odoo ecosystem. Odoo acts as a data processor on our behalf. We recommend you also review Odoo's Privacy Policy for more information on their security practices.
8.2 API Integrations (TOS Platform)
Our TOS Platform connects to external systems via APIs. This includes:
SCADA/PLC Systems: To read operational data (flow rates, tank levels).
ERP Systems: To sync inventory and financial data with our clients' internal systems.
Government Portals: To submit regulatory documentation (e.g., customs, environmental agencies) automatically.
When you use these integrations, the data shared is governed by your agreement with the third party and their privacy policies. We are not responsible for the privacy practices of these external systems.
8.3 Third-Party Logins (SSO)
If you choose to log in to our platform using a Single Sign-On (SSO) service (e.g., Google, Microsoft), you are authorizing us to access certain information from that provider (like your email address). This information is used solely for authentication and account setup.
09. Data Security
9.1 Our Security Measures
We have implemented appropriate technical and organizational security measures designed to protect your personal information from accidental loss and unauthorized access, use, alteration, or disclosure. These include:
Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Controls: Strict role-based access controls (RBAC) for all employees and systems.
Regular Audits: We conduct regular security audits and penetration testing of our infrastructure.
Compliance: Our platform is designed with security standards like IEC 62443 (for OT security) in mind .
9.2 Your Responsibilities
The security of your information also depends on you. Where we have given you (or you have chosen) a password for access to our platform, you are responsible for keeping this password confidential. Please do not share your password with anyone.
10. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
11. Your Privacy Rights
11.1 Your Rights (GDPR, CCPA, and Others)
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten): Request deletion of your data, subject to legal holds.
Right to Restrict Processing: Request we limit the processing of your data.
Right to Data Portability: Request transfer of your data to another service provider (in a structured, machine-readable format).
Right to Object: Object to our processing of your data for direct marketing or on grounds relating to your situation.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising any of your privacy rights.
11.2 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: legal@hsoterminals.com
Address: Legal Department, Huron Smith Oil Co., Inc., 204 Hays St, Batesville, Mississippi, 38606, USA
We will respond to all legitimate requests within 30 days (or as required by applicable law). We may need to request specific information from you to confirm your identity before processing your request.
11.3 California Privacy Rights (CCPA)
California residents have the right to request that we disclose what personal information we collect, use, and disclose. You can also request deletion of your data. We do not "sell" personal information as defined by the CCPA.
12. Children's Privacy
Our Services are not intended for individuals under the age of 18 (or the applicable age of majority in their jurisdiction). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational frameworks (e.g., new integrations with Odoo or other platforms). The updated version will be indicated by an updated "Effective Date" and will be posted on this page. We encourage you to review this Privacy Policy periodically.
14. Contact Information
If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact our Data Protection Officer (DPO) or Legal Team:
Appendix A: Key Definitions
TOS Platform (Terminal Operating System): Our proprietary SaaS solution for managing fuel terminal operations, including automation, compliance, and reporting.
Procurement Trade Desk (PTD): The commercial arm of HSO Terminals that facilitates fuel sourcing, trade enablement, tank leasing, and logistics optimization.
Odoo ERP: The integrated business management software suite that powers our website, CRM, and back-office operations.
Controller: The entity that determines the purposes and means of processing personal data (HSO Terminals).
Processor: An entity that processes data on behalf of the controller (e.g., Odoo, AWS, Stripe).
03. How We Use Your Information
We use your personal information for the following purposes, based on our legitimate business interests, the performance of a contract, compliance with a legal obligation, or your consent:
3.1 To Provide and Manage Services (Contractual Necessity)
For TOS Platform Users: To grant access, manage terminal operations (scheduling, inventory reconciliation, automated BOL generation), and ensure system security .
For PTD Counterparties: To facilitate trade enablement, conduct due diligence (KYC), process procurement transactions, manage tank leasing, and distribute revenue shares .
User Account Management: To create and manage your accounts, provide customer support, and communicate service updates.
3.2 To Improve and Analyze Our Services (Legitimate Interests)
To understand how users interact with our Website and TOS Platform.
To develop new features, enhance user experience, and optimize our technology architecture (Edge-Cloud, AI modules) .
To conduct data analysis, testing, and research.
3.3 To Communicate with You (Legitimate Interests/Consent)
To send administrative information (changes to terms, security alerts).
To send marketing communications, newsletters, and updates about our services (you may opt-out at any time).
3.4 To Comply with Legal Obligations
To maintain records for regulatory compliance (API, NFPA, MARPOL, ISO) as required by law .
To respond to lawful requests from public authorities, including meeting national security or law enforcement requirements .
To enforce our Terms and Conditions and other legal rights.
3.5 For Security and Fraud Prevention
To protect against, identify, and prevent fraud, unauthorized transactions, claims, and other liabilities .
To monitor and investigate suspicious activity on our platform.