Meggitt privacy notice

Introduction

Danish version – French version

Meggitt PLC (“Meggitt”, “we”, “us”, or “our”) is a global organisation operating in a number of different countries. “Meggitt” means Meggitt PLC and any entity controlled by Meggitt PLC directly or indirectly.

This policy sets out the basis on which Meggitt will collect and process any personal data  from individuals.  The types of personal data that Meggitt collects and processes include information about current, past and prospective suppliers, customers, employees, and others that we communicate with.  The personal data of individuals is subject to certain legal safeguards specified in the Data Protection Act 1998 (UK) (“the Act”), the General Data Protection Regulation (GDPR) and other regulations.

Personal data is data about an individual, who is identified or can be identified, and includes both facts and opinions. Meggitt is the data controller of all personal data used in Meggitt’s business for our commercial purposes. Data users are our employees who process personal data, while data processors include any other individual or organisation that processes personal data on our behalf, such as contractors and suppliers. Data processors and users are obliged to comply with this policy when processing personal data on Meggitt’s behalf.

Our processing activities

To find out more please click on the relevant link below that relates to you.

  1. Business contacts
  2. Corporate clients (and individuals associated with our corporate clients)
  3. Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)
  4. Others who get in touch with us
  5. Visitors to our offices and sites
  6. Employees
  7. Job applicants
  8. Visitors to our website

Security

We take the security of all the data we collect and process seriously.  We attempt to adhere to internationally recognised information security standards such as ISO/IEC 27001: 2013.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements in place to protect the data and to comply with our data protection, confidentiality and security standards.

We are an international company and use third parties located in other countries to help us run our business.  As a result, personal data may be transferred outside the countries where we and our customers and suppliers are located.  This includes to countries outside the European Union (“EU”) and to countries that do not have laws that provide specific protection for personal data.  Where we transfer personal data outside of the EU we carry out due diligence to ensure adequate data protection, confidentiality and security standards are in place.

Personal data held by us may be transferred to:

Other Meggitt companies

We may share personal data with other Meggitt companies where necessary for administrative purposes and to provide goods and services to our customers and receive goods and services from our suppliers.  Our business contacts are visible to and used by Meggitt users from other Meggitt companies to learn more about a contact, client or opportunity they have an interest in (please see the Business contacts [link] section of this privacy statement for more information about our processing of this type of data).

Third party organisations that provide applications/functionality, data processing or IT services to us

We use third parties to support us in providing goods and services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers providing that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

Auditors and other professional advisers

Law enforcement or other government and regulatory agencies or to other third parties as required by applicable law or regulation

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Changes to this privacy statement

We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.

Data controller and contact information

The data controller is Meggitt PLC (the company registered in England under registration no. 432989 and with its registration address at Pilot Way, Ansty Business Park, Coventry, CV7 9JU, UK) and such other Meggitt company that is a contracting party for the purposes of providing or receiving good and services.

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Data Protection Officer

Meggitt PLC
Pilot Way
Ansty Business Park
Coventry
CV7 9JU
UK

Email: <a href=”mailto:dpo@meggitt.com”>dpo@meggitt.com</a>

Individuals’ rights and how to exercise them

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.  Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

Access to personal data

You have a right of access to personal data held by us as a data controller.  To obtain any personal data we hold about you, you must make a formal request in writing, subject to an identity check. This right may be exercised by emailing us at dpo@meggitt.com.  We will aim to respond to any requests for information promptly, and in any event within one month.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Amendment of personal data

To update personal data submitted to us, you may email us at <a href=”mailto:dpo@meggitt.com”>dpo@meggitt.com.</a href=”mailto:dpo@meggitt.com”>

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

Withdrawal of consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time.  We do not generally process personal data based on consent (as we can usually rely on another legal basis such as the legitimate interest of conducting and managing our business).  To withdraw consent to our processing of your personal data please email us at dpo@meggitt.com or, to stop receiving an email from a Meggittmarketing list, please click on the unsubscribe link in the relevant email received from us.

Other data subject rights

As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.

If you wish to exercise any of these rights, please send an email to <a href=”mailto:dpo@meggitt.com”>dpo@meggitt.com.</a href=”mailto:dpo@meggitt.com”>

Complaints

If you wish to complain about our use of personal data, please send an email with the details of your complaint to dpo@meggitt.com.  We will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator).  For further information on your rights and how to complain to the ICO, please refer to the ICO website.

 

This privacy statement was last updated on 24 May 2018.