Enabling the Extraordinary
To Fly To Power To Live

SMART Support for Meggitt’s products and systems

Enabling operational excellence for our customers worldwide.

Our Services & Support team is dedicated to keeping Meggitt’s global customers airborne and operational.

  • Spare parts
  • Repairs
  • Exchange pool
  • Upgrades
Find out more

Aftermarket Support

UK +44 (0) 330 363 0006
International +1 305 477 4711
US toll-free +1 877 666 0712

Home/PrivacyPrivacy

Privacy

Introduction

Danish versionFrench version

Meggitt PLC (“Meggitt”, “we”, “us”, or “our”) is a global organisation operating in a number of different countries. “Meggitt” means Meggitt PLC and any entity controlled by Meggitt PLC directly or indirectly.

This policy sets out the basis on which Meggitt will collect and process any personal data  from individuals.  The types of personal data that Meggitt collects and processes include information about current, past and prospective suppliers, customers, employees, and others that we communicate with.  The personal data of individuals is subject to certain legal safeguards specified in the Data Protection Act 1998 (UK) (“the Act”), the General Data Protection Regulation (GDPR) and other regulations.

Personal data is data about an individual, who is identified or can be identified, and includes both facts and opinions. Meggitt is the data controller of all personal data used in Meggitt’s business for our commercial purposes. Data users are our employees who process personal data, while data processors include any other individual or organisation that processes personal data on our behalf, such as contractors and suppliers. Data processors and users are obliged to comply with this policy when processing personal data on Meggitt’s behalf.

Our processing activities

To find out more please click on the relevant link below that relates to you.

  1. Business contacts
  2. Corporate clients (and individuals associated with our corporate clients)
  3. Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)
  4. Others who get in touch with us
  5. Visitors to our offices and sites
  6. Employees
  7. Job applicants
  8. Visitors to our website
  9. Shareholders

Security

We take the security of all the data we collect and process seriously.  We attempt to adhere to internationally recognised information security standards such as ISO/IEC 27001: 2013.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements in place to protect the data and to comply with our data protection, confidentiality and security standards.

We are an international company and use third parties located in other countries to help us run our business.  As a result, personal data may be transferred outside the countries where we and our customers and suppliers are located.  This includes to countries outside the European Union (“EU”) and to countries that do not have laws that provide specific protection for personal data.  Where we transfer personal data outside of the EU we carry out due diligence to ensure adequate data protection, confidentiality and security standards are in place.

Personal data held by us may be transferred to:

Other Meggitt companies

We may share personal data with other Meggitt companies where necessary for administrative purposes and to provide goods and services to our customers and receive goods and services from our suppliers.  Our business contacts are visible to and used by Meggitt users from other Meggitt companies to learn more about a contact, client or opportunity they have an interest in (please see the Business contacts section of this privacy statement for more information about our processing of this type of data).

Third party organisations that provide applications/functionality, data processing or IT services to us

We use third parties to support us in providing goods and services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers providing that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

Auditors and other professional advisers

Law enforcement or other government and regulatory agencies or to other third parties as required by applicable law or regulation

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Changes to this privacy statement

We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.

Data controller and contact information

The data controller is Meggitt PLC (the company registered in England under registration no. 432989 and with its registration address at Atlantic House, Aviation Park West, Bournemouth International Airport, Christchurch, Dorset BH23 6EW) and such other Meggitt company that is a contracting party for the purposes of providing or receiving good and services.

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Data Protection Officer
Meggitt PLC
Aviation Park West
Bournemouth International Airport
Christchurch
Dorset
BH23 6EW

Email: dpo@meggit.com

Phone: +44 (0)1202 597597

Individuals’ rights and how to exercise them

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.  Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

Access to personal data

You have a right of access to personal data held by us as a data controller.  To obtain any personal data we hold about you, you must make a formal request in writing, subject to an identity check. This right may be exercised by emailing us at dpo@meggitt.com.  We will aim to respond to any requests for information promptly, and in any event within one month.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Amendment of personal data

To update personal data submitted to us, you may email us at dpo@meggitt.com.

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

Withdrawal of consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time.  We do not generally process personal data based on consent (as we can usually rely on another legal basis such as the legitimate interest of conducting and managing our business).  To withdraw consent to our processing of your personal data please email us at dpo@meggitt.com or, to stop receiving an email from a Meggitt marketing list, please click on the unsubscribe link in the relevant email received from us.

Other data subject rights

As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.

If you wish to exercise any of these rights, please send an email to dpo@meggitt.com .

Complaints

If you wish to complain about our use of personal data, please send an email with the details of your complaint to dpo@meggitt.com.  We will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator) or equivalent authority within the EU. For further information on your rights and how to raise a complaint with the authorities, please refer to the ICO website or local equivalent.

 

1. Business contacts

Collection of personal data

Meggitt processes personal data about contacts (existing and potential Meggitt clients and/or individuals associated with them) using a customer relationship management system (the “Meggitt CRM”).

The collection of personal data about contacts and the addition of that personal data to the Meggitt CRM is initiated by a Meggitt user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the Meggitt CRM may collect data from Meggitt email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between Meggitt users and contacts or third parties.

Use of personal data

Personal data relating to our business contacts is used for the legitimate interests of learning more about an account, client or opportunity. Where legitimate interest may not apply we will obtain your consent.

Personal data relating to business contacts may be visible to and used by Meggitt users for the following purposes:

  • Administering, managing and developing our businesses and services
  • Providing information about us and our range of services
  • Making contact information available to Meggitt users
  • Identifying clients/contacts with similar needs
  • Describing the nature of a contact’s relationship with Meggitt
  • Performing analytics, including producing metrics for Meggitt leadership, such as on trends, relationship maps, sales intelligence and progress against business goals

Meggitt does not sell or otherwise release personal data contained in the Meggitt CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

Data retention

Personal data will be retained on the Meggitt CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact).

2. Corporate clients (and individuals associated with our corporate clients)

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data where it is strictly needed for those purposes.  The data we collect and process from our clients will include name, employer name, contact title, phone, email and other business contact details.

Where we need to process personal data to provide goods and services, we ask our clients to provide the necessary information to the data subjects regarding its use.

Use of personal data

We use personal data about our corporate clients where the processing is necessary for the performance of a contract related to the provision of goods or services, or in order to take steps at your request prior to entering into a contract. Data may also be processed for the legitimate interests of: administering, managing and developing our businesses and services; security, quality and risk management activities; or providing clients with information about us and our range of services. Data may also be processed where necessary to help us meet our legal obligations. More detail about the way personal data about our corporate clients is processed is outlined below:

Providing goods and services

We provide a diverse range of goods and services that require us to process personal data.

Administering, managing and developing our businesses and services

We process personal data in order to run our business, including:

  • managing our relationship with clients;
  • developing our businesses and services;
  • maintaining and using IT systems;
  • hosting or facilitating the hosting of client events; and
  • administering and managing our website and systems and applications.

Security, quality and risk management activities

We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats.  Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.  We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file.  We collect and hold personal data as part of our client engagement and acceptance procedures.  As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).

Providing our clients with information about us and our range of services

Unless we are asked not to, we use client business contact details to provide information that we think will be of interest about us and our products.  For example, other products or services that may be relevant and invites to events.

Complying with any requirement of law, regulation or a professional body of which we are a member

We are subject to legal, regulatory and professional obligations.  We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Where agreed with our clients, we may use information that we receive in the course of providing goods and services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new Meggitt technologies and offerings.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

3. Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors)

Collection of personal data

We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide goods and services to our clients.

Use of personal data

We use data about our suppliers for the performance of a contract to receive goods or services or provide good and services to client or in order to take steps at your request prior to entering into a contract. Data may also be processed for the legitimate interests of: helping us administering, managing and developing our businesses; security, quality and risk management activities; or providing information about us and our range of services. Data may also be processed where necessary to help us meet our legal obligations. More detail about the way personal data about our corporate clients is processed is outline below:

Receiving goods and services

We process personal data in relation to our suppliers and their staff as necessary to receive their goods and services. For example, where a supplier is providing us with materials, we will process personal data as part of the logistics of receiving those materials.

Providing goods and services to clients

Where a supplier is helping us to deliver goods and services to our clients, we process personal data about the individuals involved in providing the goods and services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such goods and services to our clients.

Administering, managing and developing our businesses

We process personal data in order to run our business, including:

  • managing our relationship with suppliers;
  • developing our businesses and services
  • maintaining and using IT systems;
  • hosting or facilitating the hosting of events; and
  • administering and managing our website and systems and applications.

Security, quality and risk management activities

We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats.  Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.  We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers.  We collect and hold personal data as part of our supplier contracting procedures.  We monitor the services provided for quality purposes, which may involve processing personal data.

Providing information about us and our range of services

Unless we are asked not to, we use business contact details to provide information that we think will be of interest about us and our services.  For example, industry updates and insights, other services that may be relevant and invites to events.

Complying with any requirement of law, regulation or a professional body of which we  are a member

We are subject to legal, regulatory and professional obligations.  We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

4. Others who get in touch with us

We collect personal data when an individual gets in touch with us with a question, complaint, comment or feedback (such as name, contact details and contents of the communication).  We will use the data for the purpose of responding to the communication for the legitimate interests of us performing our obligations and exercise our rights and duties as a company.

5. Visitors to our offices and sites

Collection of personal data

We have security measures in place at our offices and sites, including CCTV and building access controls.

There are signs at our offices and sites showing that CCTV is in operation.  The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident).  CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

We require visitors to our offices and sites to sign in at reception and provide details such as name, business information details, vehicle registration. We keep a record of visitors for a short period of time.  Our visitor records are securely stored and only accessible on a need to know basis (e.g. to investigate an incident).

Depending on the level or security at our sites, the nature of your visit and the duration, you may also be required to provide formal ID and information required for background checks to enable our trade compliance teams to check security clearance requirements. Information held for the purposes of trade compliance checks will be held securely and for the length of time necessary in accordance with the required regulations and guidelines.

Use of personal data

We collect personal data about site visitors for the legitimate interests of performing our obligations and exercising any rights, duties and discretions as a company to ensure adequate site security measures are in place. We may process your personal data to carry out background checks. This is necessary to help is satisfy our legal obligations due to the nature of the work that we carry out, the industry that we work in and the types or contracts that we have in place with certain clients that require specific security clearance on some sites.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

6. Employees

We collect personal data concerning our own employees as part of the administration, management and promotion of our business activities.

Employees should refer to the MC² website, the MC² mobile application or their manager for how and why their personal data is collected and processed.

7. Job applicants

When applying online for a job at Meggitt, please submit your application via our recruitment websites. Applicants should refer to the information for details about why and how personal data is collected and processed.

When you provide your personal data to us when applying for a position, you consent to Meggitt processing that data.

For more details about our recruitment processes, please visit https://www.meggitt.com/careers/ .

For more details about our graduate recruitment process, please visit https://www.meggitt-graduate.com/ .

8. Visitors to our website

Through visits to our website, we may collect Information about you, including your name, email address and telephone number.  We only collect data that you specifically make available.  By providing such data you consent to Meggitt processing it.

When a visitor to our website provides personal data to us, we will use it for the purposes for which it was provided to us as stated at point of collection, such as to enquire about further information about our goods and services.

We also collect information about your computer and about your visits to, and use of, the website (including your IP address and number of page views). We capture limited personal data automatically via the use of cookies on our website.

To view our cookie policy please visit https://www.meggitt.com/cookies/. Please refer to the specific website that you are using to see the cookies in use on that site.

Our website does not collect or compile personal data for the dissemination or sale to outside parties for marketing purposes or host mailings on behalf of third parties.

Personal data collected via our websites will be retained by us for as long as it is considered necessary for the purpose it was collected (including as required by applicable law or regulation).

9. Shareholders

Collection of personal data

We may collect and process data relating to you during the course of our relationship with you. Such data may include:

  • your name and contact details, including your address, phone number and email address;
  • your date of birth;
  • your nationality;
  • your bank account details, including your account number and sort code;
  • your tax details;
  • a statement of the shares held by you in Meggitt and the amount paid on the shares;
  • details regarding dividend, interest or any other moneys paid to you where relevant;
  • the date on which you were entered onto the company’s register of members;
  • the date on which you cease to be a shareholder in the company;
  • your IP address; and
  • any other personal information you have provided directly to us.

Use of personal data

We, and third party service providers acting on our behalf, will use personal data relating to you for the purposes of:

  • maintaining and administering Meggitt’s register of members;
  • filing annual returns and associated financial statements with regulatory bodies;
  • maintaining and administering a register of beneficial ownership;
  • analysing beneficial and legal shareholdings for tax and jurisdictional purposes and/or to facilitate shareholder consultations or proxy solicitations;
  • maintaining records of member meetings, votes and resolutions and providing voting and proxy services;
  • offering shareholder and investor services;
  • contacting you in order to give you notice of the company meetings and to provide you with company documents;
  • contacting you to arrange meetings with you or invite you to attend investor conferences;
  • soliciting voting proxies in relation to resolutions being put to members at a company meeting;
  • engaging in consultations with shareholders on company issues;
  • determining whether you would like to participate in certain equity offerings such as private placements, rights offerings, etc.;
  • processing shareholder requests in relation to change of address, change of mandate and/or merging shareholdings;
  • dealing with notifications of the death of a shareholder;
  • paying you a dividend, interest or any other moneys payable where relevant;
  • processing the purchase or sale of shares in the company and registering transfers of shares;
  • any reorganisation of the share capital of the company which affects your rights as a shareholder;
  • anti-money laundering, fraud prevention, investigation and detection;
  • complying with market abuse law and regulation applicable to Meggitt including pursuant to the Market Abuse Regulation;
  • facilitating or implementing a business re-organisation or a transfer/sale of all or part of our assets or business of Meggitt or a general investment;
  • dealing with routine correspondence with the London Stock Exchange, Euroclear, and Companies House and handling shareholders’ or their agent’s enquiries via telephone, letter or email;
  • establishing, exercising or defending legal claims; or
  • complying with any obligations imposed on Meggitt by applicable law.

The legal bases on which we collect, process and transfer your personal data are:

  • that this is necessary for compliance with a legal obligation that applies to us;
  • that this is necessary for the performance of our contract with you through the constitution of the company;
  • that this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we provide your personal data. We will not process your personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests, rights and freedoms.  The legitimate interests for which we process your personal data include our legitimate interests in:
    • conducting our business in a responsible and commercially prudent manner;
    • preventing, investigating or detecting theft, fraud or other criminal activity; and
    • pursuing our corporate and social responsibility objectives.

Recipients of Data

We may disclose your personal data to third party recipients in connection with the above purposes, including:

  • to third parties who we engage to provide services to us, such as professional advisers, auditors and outsourced service providers;
  • to our investment manager, its affiliates and their respective service providers from time to time;
  • to our share registrar and its service providers;
  • to our depositary and custodian and its service providers;
  • to our sponsor, broker and financial advisors;
  • to other members of our corporate group;
  • to financial intermediaries and lenders;
  • to business partners and/or possible acquirers of Meggitt or investors (and our and/or their advisors); or
  • to competent regulatory authorities and bodies as requested or required by law.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

This privacy statement was last updated on 27 July 2018.