Privacy Statement

Warren Resources, Inc. Privacy Statement
Effective January 1, 2020

Warren Resources, Inc. (“Warren”) is committed to protecting your privacy and we want you to understand our practices with respect to the gathering and handling of your personal data. This Privacy Statement provides information regarding how we treat your personal data collected, and your associated rights when using our website and other services that link to this Privacy Statement, or when conducting business with or otherwise interacting with the Company or companies within the Warren Resources, Inc. group of companies (“Warren”, “we”, “us”, “our”).


Individuals To Whom This Privacy Statement Is Addressed

Specifically, this Privacy Statement applies to individuals including users, interest owners, and/or visitors to Warren’s website, recipients of electronic, physical, or other communications from Warren, viewers of our online content, or other individuals who interact with us through websites and applications. By accessing our services linked to this Privacy Statement, you consent to the terms described herein.

If you are an employee or applicant of Warren, please refer to the Warren California Consumer Privacy Act Employee and Applicant Disclosure posted in the HR Forms folder on the Public Data Drive and attached to a Warren Employment Application for information regarding your privacy with respect to personal data collected pursuant to your relationship with Warren.


Information from Children

Our services, including our website and applications, are not directed towards minors (as this term is defined by applicable law), we do not knowingly collect any personal data from minors, nor do we sell the personal information of minors. If we learn that we collected the personal data of a minor, we will use reasonable efforts to delete such information from our systems.


Warren’s Compliance With Data Protection Laws

Warren is committed to collecting and using personal data in a lawful manner. Warren will ensure that, when it collects or uses personal data, such collection or use is allowed under applicable data protection law, including, for example, the California Consumer Privacy Act, where such a law governs.

For more information on particular data processing activities, the purposes of this processing, and a description of the specific personal data, please review the table in the Personal Data Collection Section of the Privacy Statement.  Individuals may object to the processing of their personal data and we will consider such objections carefully where required by law. For more information about your rights with respect to how we process your personal data, please refer to the Contact Us Section of the Privacy Statement.


Personal Data Collection

In this table we describe the categories of information that we gather via the website and in connection with our business relationship with you. We also describe the purpose and legal basis, where applicable, for using and processing the information.

When Warren relies on its legitimate interest as a legal basis to process personal data, Warren will ensure that these interests do not disproportionately and adversely impact an individual’s rights and freedoms.

We obtain the categories of personal information listed below from the following sources:

  1. Directly from you. For example, from forms you complete or from communications between you and the Owner Relations Department or Investor Relations Department whether in person, by mail, by phone, online, via electronic communication or by any other means).
  2. From others. Specifically third party service providers or a Power of Attorney. For example, LexisNexis provides business research data on interest owners we may lose contact with due to invalid address, etc.
  3. From public sources. For example, we may collect information from public records.

Personal information is stored in both physical and electronic formats.

The types of information we collect depends on which service you use.


Categories of Data You Provide to Us or Our Service Providers

  • Personal unique Identifiers, such as real, full name, federal, state, or other national issued tax identification numbers including Social Security number.
  • Personal information, including contact details such as postal address, telephone number, email address, financial information such as account name and account number.
  • Information necessary to complete financial transactions, such as telephone number, social security number or other national/tax identification number.
  • Employment information, such as your job title, job function, company/organization name and information.
  • Demographic information, such as your country of residence.

You are not required to provide information we may request, but if you choose not to provide it, we may not be able to provide you the requested service or to complete your transaction.


Categories of Data Collected Automatically by Us or Our Service Providers

Web Server Logs

When you visit our website, we may track information about your visit and store that information in web server logs, which are records of the activities on our sites. The servers automatically capture and save the information electronically. Examples of the information we may collect include: (i) your unique Internet protocol address; (ii) the name of your unique Internet service provider; (iii) the town/city, county/state and country from which you access our website; (iv) the kind of browser or computer you use; (v) the number of links you click within the site; (vi) the date and time of your visit; (v) the web page from which you arrived at our site; and (vi) the pages you viewed on the site.

The information we collect in web server logs helps us administer the site, analyze its usage, protect the website and its content from inappropriate use and improve the user’s experience.

We may draw inferences from any of the categories of data above described or combine the information we receive from and about you through any of the above means and publicly available information to help us tailor our communications to you and improve our services.

Cookies

In order to offer and provide a customized and personal service, our websites and applications may use cookies to store and help track information about you. Cookies are simply small pieces of data that are sent to your browser from a Web server and stored on your computer’s hard drive. We use cookies to help remind us who you are and to help you navigate our sites during your visits. Cookies allow us to save passwords and preferences for you so you won’t have to re-enter them each time you visit and to improve the content of the website and increase user satisfaction.

The use of cookies is relatively standard. Most browsers are initially set up to accept cookies. However, if you prefer, you can set your browser to either notify you when you receive a cookie or to refuse to accept cookies. You should understand that some features of many sites may not function properly if you don’t accept cookies.


Our Use of Personal Data

We use your personal data for the following purposes only.

  • Owner Relations or Investment Relations. We use personal data to answer your questions and to respond to your requests made through our website, call center, applications, or through third-party websites
  • Commercial. We use personal data to deliver services or to execute transactions you request, such as transfers of ownership and facilitating use of our websites and applications.
  • Improve/Develop Services (including website(s) and application(s)). We use your personal data to determine how to best provide services to you and to improve our website(s) and application(s) to make them easier to use.
  • Account management and verification. We may use your personal data to manage your account with us.
  • Fraud and security. We use your personal data to protect the security and integrity of our services and our business, as well as to safeguard your personal data.
  • We may also use your personal data in other ways as required or permitted by law or with your consent prior to the point of collection.

We use your personal data only because it is necessary for the performance of oil and gas development related agreements with you, for our or a third party’s legitimate interests, or with your consent.

With Whom We Share Your Personal Data

We have disclosed to other parties all categories of personal data collected in the last 12 months as described below. We have not sold personal data in the last 12 months.

Service Providers. We disclose your personal data to our Service Providers for legitimate business purposes to provide services to us or on our behalf, such as data hosting, cloud services, sending out information and communications, processing transactions, analyzing data, technical support, and other business and professional services. We provide these companies with only those elements of personal data they need to provide their services to us.

To Third Parties for Transactions. We may also disclose personal data in connection with certain transactions, such as to financial institutions, government entities, and shipping companies or postal services involved in fulfilling transactions, or to other third parties to whom you or your agents authorize us to disclose your personal data in connection with products or services we provide to you.

Required Disclosures. We may disclose your personal data if required to do so by law or in our good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, and to protect our rights or those rights related to others’ property or safety.

Business Transfers. If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including your personal data, in connection with such transaction or in contemplation of such transaction (e.g. due diligence).


Accuracy of Personal Data

Warren endeavors to keep personal data that it collects accurate and complete. Warren relies on the individuals to maintain the accuracy and completeness of the personal data. Please inform Warren if your personal details change, including the context in which the personal data was provided, e.g. in connection with a specific service.

Personal Data Retention

To ensure compliance with applicable law and in accordance with the provisions of this Privacy Statement, Warren retains personal data as long as necessary: (1) to meet the purpose for which the data was collected; or (2) to exercise our legal rights should we have another lawful basis for retaining it beyond the purpose for which it was originally obtained.

Security Measures

We use, and we require our Service Providers to use, industry standard security measures for securing and protecting personal data, including without limitation encrypting data in transit and at rest, as well as limiting access to personal data on a least privilege basis (i.e., giving each user access only to personal data needed to perform their specific job duties).

Linked Websites

Our websites and applications may contain links to other websites, including those of other companies, organizations, and publications. These websites operate independently from our websites and applications, and we do not control and are not responsible for the content, security, or data privacy practices used by other entities. You should review the privacy statements of those websites to determine how they protect and use your personal data.


Your Rights

Applicable law may give you certain rights with respect to your personal data. We are committed to protecting your privacy. In California, users may have the right to delete their data, to access and port personal data collected, used, or disclosed by Warren, and to exercise these rights freely from discrimination.

Right to Access

You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive your verifiable user request, we will disclose to you:

  • the categories of personal data we collected about you;
  • the categories of sources for the personal data we collected about you;
  • the business purpose for collecting your personal data;
  • the categories of third parties with whom we share that personal data, and the categories of personal data disclosed;
  • the specific pieces of personal data we collected about you; and
  • if we disclosed your personal data for a business purpose, a separate list:
  • identifying the categories of personal data disclosed to which categories of third parties.

Right to Delete

You have the right to request that we delete any of your personal data we collected from or about you, subject to certain below-listed exceptions. Once we receive and confirm your verifiable user request, we will delete (and direct our service providers to delete) your personal data from our records unless an exception applies.

Exceptions

We may deny your deletion request if we are unable to verify your request or if retaining the personal data is necessary for us or our service providers to:

  • complete the transaction for which we collected the personal data, provide a product or service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • for certain business security practices, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities;
  • comply with the California Electronic Communications Privacy Act or other applicable laws;
  • enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us or the context in which the information was provided;
  • comply with a legal obligations, exercise legal claims or rights, or defend legal claims;
  • make other internal and lawful uses of that information that are compatible with the context in which you provided it.


Non-Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA. However, if you refuse to provide your personal information to us or ask us to delete your personal information, and that personal information is necessary for us to provide you with services, we may not be able to complete that transaction. Unless permitted by applicable law, we will not do any of the following should you choose to exercise your rights:

  • deny you services;
  • provide you a different level or quality of services; or
  • suggest that you may receive a different level or quality of services.

How to Exercise Your Rights

To exercise these rights, please contact us via one of the means specified in the Contact Us section of this Privacy Statement.

Only you, or a person you authorize to act on your behalf, may make a request related to your personal data. Please note that you must verify your identity and request before we take further action. As a part of this process, government identification may be required. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.

You may submit a request only twice within a 12-month period. Your request must provide information which sufficiently allows us to reasonably verify you are the person about whom we collected the personal data and must describe your request with enough detail to sufficiently allow us to properly understand, evaluate, and respond to it.


Our Response Process

We endeavor to respond to a verifiable user request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If applicable, our response will explain the reasons we cannot comply with your request. For access requests, we will select a format to provide your personal data that is readily usable and should allow you to transmit the personal data without hindrance.

We will not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine your request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to This Privacy Statement

We reserve the right to change this Privacy Statement at any time without notice at our discretion and will review and update it as may be necessary but will do so at least annually. When we make material changes to this Privacy Statement, we will post the changes on this page and update the revision date at the top of the Privacy Statement. We encourage you to review our Privacy Statement regularly for updates to the most recent privacy terms; your use of our services linked to this Privacy Statement after such changes have been posted constitutes your agreement to such terms.

Contact Us

If you have questions regarding this Privacy Statement or our handling of personal data, or to exercise your rights herein, please submit a request on our website here or call us at 1.877.587.9494.