Meggitt PLC (“Meggitt”, “we”, “us”, or “our”) is a global organisation operating in a number of different countries. “Meggitt” means Meggitt PLC and any entity controlled by Meggitt PLC directly or indirectly.
This policy sets out the basis on which Meggitt will collect and process any personal data from individuals. The types of personal data that Meggitt collects and processes include information about current, past and prospective suppliers, customers, employees, and others that we communicate with. The personal data of individuals is subject to certain legal safeguards specified in the Data Protection Act 1998 (UK) (“the Act”), the General Data Protection Regulation (GDPR) and other regulations.
Personal data is data about an individual, who is identified or can be identified, and includes both facts and opinions. Meggitt is the data controller of all personal data used in Meggitt’s business for our commercial purposes. Data users are our employees who process personal data, while data processors include any other individual or organisation that processes personal data on our behalf, such as contractors and suppliers. Data processors and users are obliged to comply with this policy when processing personal data on Meggitt’s behalf.
To find out more please click on the relevant link below that relates to you.
We take the security of all the data we collect and process seriously. We attempt to adhere to internationally recognised information security standards such as ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements in place to protect the data and to comply with our data protection, confidentiality and security standards.
We are an international company and use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our customers and suppliers are located. This includes to countries outside the European Union (“EU”) and to countries that do not have laws that provide specific protection for personal data. Where we transfer personal data outside of the EU we carry out due diligence to ensure adequate data protection, confidentiality and security standards are in place.
Personal data held by us may be transferred to:
We may share personal data with other Meggitt companies where necessary for administrative purposes and to provide goods and services to our customers and receive goods and services from our suppliers. Our business contacts are visible to and used by Meggitt users from other Meggitt companies to learn more about a contact, client or opportunity they have an interest in (please see the Business contacts [link] section of this privacy statement for more information about our processing of this type of data).
We use third parties to support us in providing goods and services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers providing that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
The data controller is Meggitt PLC (the company registered in England under registration no. 432989 and with its registration address at Atlantic House, Aviation Park West, Bournemouth International Airport, Christchurch, Dorset BH23 6EW) and such other Meggitt company that is a contracting party for the purposes of providing or receiving good and services.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
Aviation Park West
Bournemouth International Airport
Phone: +44 (0)1202 597597
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
You have a right of access to personal data held by us as a data controller. To obtain any personal data we hold about you, you must make a formal request in writing, subject to an identity check. This right may be exercised by emailing us at email@example.com. We will aim to respond to any requests for information promptly, and in any event within one month.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
To update personal data submitted to us, you may email us at firstname.lastname@example.org.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis such as the legitimate interest of conducting and managing our business). To withdraw consent to our processing of your personal data please email us at email@example.com or, to stop receiving an email from a Meggittmarketing list, please click on the unsubscribe link in the relevant email received from us.
As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you wish to exercise any of these rights, please send an email to firstname.lastname@example.org.
If you wish to complain about our use of personal data, please send an email with the details of your complaint to email@example.com. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.
This privacy statement was last updated on 24 May 2018.