Meggitt PLC (‘Meggitt’, ‘we’, ‘us’, or ‘our’) is a global organisation operating in a number of different countries. ‘Meggitt’ means Meggitt PLC and any entity controlled by Meggitt PLC directly or indirectly.
This policy sets out the basis on which Meggitt will collect and process any personal data from individuals. The types of personal data that Meggitt collects and processes include information about current, past and prospective suppliers, customers, employees, and others that we communicate with. The personal data of individuals is subject to certain legal safeguards specified in the Data Protection Act 1998 (UK) (‘the Act’), the General Data Protection Regulation (GDPR) and other regulations.
Personal data is data about an individual, who is identified or can be identified, and includes both facts and opinions. Meggitt is the data controller of all personal data used in Meggitt’s business for our commercial purposes. Data users are our employees who process personal data, while data processors include any other individual or organisation that processes personal data on our behalf, such as contractors and suppliers. Data processors and users are obliged to comply with this policy when processing personal data on Meggitt’s behalf.
To find out more please click on the relevant link below that relates to you.
We take the security of all the data we collect and process seriously. We attempt to adhere to internationally recognised information security standards such as ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements in place to protect the data and to comply with our data protection, confidentiality and security standards.
We are an international company and use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our customers and suppliers are located. This includes to countries outside the European Union (EU) and to countries that do not have laws that provide specific protection for personal data. Where we transfer personal data outside of the EU we carry out due diligence to ensure adequate data protection, confidentiality and security standards are in place.
Personal data held by us may be transferred to:
We may share personal data with other Meggitt companies where necessary for administrative purposes and to provide goods and services to our customers and receive goods and services from our suppliers. Our business contacts are visible to and used by Meggitt users from other Meggitt companies to learn more about a contact, client or opportunity they have an interest in (please see the Business contacts section of this privacy statement for more information about our processing of this type of data).
We use third parties to support us in providing goods and services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers providing that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
The data controller is Meggitt PLC (the company registered in England under registration no. 432989 and with its registration address at Pilot Way, Ansty Business Park, Coventry CV7 9JU) and such other Meggitt company that is a contracting party for the purposes of providing or receiving good and services.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
Meggitt PLC
Pilot Way
Ansty Business Park
Coventry
CV7 9JU
Phone: +44 (0)2476 826900
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
You have a right of access to personal data held by us as a data controller. To obtain any personal data we hold about you, you must make a formal request in writing, subject to an identity check. We will aim to respond to any requests for information promptly, and in any event within one month.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis such as the legitimate interest of conducting and managing our business). To stop receiving an email from a Meggitt marketing list, please click on the unsubscribe link in the relevant email received from us.
As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK data protection regulator) or equivalent authority within the EU. For further information on your rights and how to raise a complaint with the authorities, please refer to the ICO website or local equivalent.
Meggitt processes personal data about contacts (existing and potential Meggitt clients and/or individuals associated with them) using a customer relationship management system (the ‘Meggitt CRM’).
The collection of personal data about contacts and the addition of that personal data to the Meggitt CRM is initiated by a Meggitt user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the Meggitt CRM may collect data from Meggitt email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between Meggitt users and contacts or third parties.
Personal data relating to our business contacts is used for the legitimate interests of learning more about an account, client or opportunity. Where legitimate interest may not apply we will obtain your consent.
Personal data relating to business contacts may be visible to and used by Meggitt users for the following purposes:
Meggitt does not sell or otherwise release personal data contained in the Meggitt CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.
Personal data will be retained on the Meggitt CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact).
Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data where it is strictly needed for those purposes. The data we collect and process from our clients will include name, employer name, contact title, phone, email and other business contact details.
Where we need to process personal data to provide goods and services, we ask our clients to provide the necessary information to the data subjects regarding its use.
We use personal data about our corporate clients where the processing is necessary for the performance of a contract related to the provision of goods or services, or in order to take steps at your request prior to entering into a contract. Data may also be processed for the legitimate interests of: administering, managing and developing our businesses and services; security, quality and risk management activities; or providing clients with information about us and our range of services. Data may also be processed where necessary to help us meet our legal obligations. More detail about the way personal data about our corporate clients is processed is outlined below:
We provide a diverse range of goods and services that require us to process personal data.
We process personal data in order to run our business, including:
We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
Unless we are asked not to, we use client business contact details to provide information that we think will be of interest about us and our products. For example, other products or services that may be relevant and invites to events.
We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
Where agreed with our clients, we may use information that we receive in the course of providing goods and services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new Meggitt technologies and offerings.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide goods and services to our clients.
We use data about our suppliers for the performance of a contract to receive goods or services or provide good and services to client or in order to take steps at your request prior to entering into a contract. Data may also be processed for the legitimate interests of: helping us administering, managing and developing our businesses; security, quality and risk management activities; or providing information about us and our range of services. Data may also be processed where necessary to help us meet our legal obligations. More detail about the way personal data about our corporate clients is processed is outline below:
We process personal data in relation to our suppliers and their staff as necessary to receive their goods and services. For example, where a supplier is providing us with materials, we will process personal data as part of the logistics of receiving those materials.
Where a supplier is helping us to deliver goods and services to our clients, we process personal data about the individuals involved in providing the goods and services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such goods and services to our clients.
We process personal data in order to run our business, including:
We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
Unless we are asked not to, we use business contact details to provide information that we think will be of interest about us and our services. For example, industry updates and insights, other services that may be relevant and invites to events.
We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
We collect personal data when an individual gets in touch with us with a question, complaint, comment or feedback (such as name, contact details and contents of the communication). We will use the data for the purpose of responding to the communication for the legitimate interests of us performing our obligations and exercise our rights and duties as a company.
We have security measures in place at our offices and sites, including CCTV and building access controls.
There are signs at our offices and sites showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
We require visitors to our offices and sites to sign in at reception and provide details such as name, business information details, vehicle registration. We keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to investigate an incident).
Depending on the level or security at our sites, the nature of your visit and the duration, you may also be required to provide formal ID and information required for background checks to enable our trade compliance teams to check security clearance requirements. Information held for the purposes of trade compliance checks will be held securely and for the length of time necessary in accordance with the required regulations and guidelines.
We collect personal data about site visitors for the legitimate interests of performing our obligations and exercising any rights, duties and discretions as a company to ensure adequate site security measures are in place. We may process your personal data to carry out background checks. This is necessary to help is satisfy our legal obligations due to the nature of the work that we carry out, the industry that we work in and the types or contracts that we have in place with certain clients that require specific security clearance on some sites.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
We collect personal data concerning our own employees as part of the administration, management and promotion of our business activities.
Employees should refer to the MC² website or their manager for how and why their personal data is collected and processed.
When applying online for a job at Meggitt, please submit your application via our recruitment websites. Applicants should refer to the information for details about why and how personal data is collected and processed.
When you provide your personal data to us when applying for a position, you consent to Meggitt processing that data.
For more details about our recruitment processes, please visit https://www.meggitt.com/careers/ .
For more details about our graduate recruitment process, please visit https://www.meggitt.com/careers/graduates/
Supplemental information for applicants based in California can be found here.
Through visits to our website, we may collect Information about you, including your name, email address and telephone number. We only collect data that you specifically make available. By providing such data you consent to Meggitt processing it.
When a visitor to our website provides personal data to us, we will use it for the purposes for which it was provided to us as stated at point of collection, such as to enquire about further information about our goods and services.
We also collect information about your computer and about your visits to, and use of, the website (including your IP address and number of page views). We capture limited personal data automatically via the use of cookies on our website.
To view our cookie policy please visit https://www.meggitt.com/cookies/. Please refer to the specific website that you are using to see the cookies in use on that site.
Our website does not collect or compile personal data for the dissemination or sale to outside parties for marketing purposes or host mailings on behalf of third parties.
Personal data collected via our websites will be retained by us for as long as it is considered necessary for the purpose it was collected (including as required by applicable law or regulation).
We may collect and process data relating to you during the course of our relationship with you. Such data may include:
We, and third party service providers acting on our behalf, will use personal data relating to you for the purposes of:
The legal bases on which we collect, process and transfer your personal data are:
We may disclose your personal data to third party recipients in connection with the above purposes, including:
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
This is the California Consumer Privacy Act of 2018, Notice and Policy (CCPA Policy) for Meggitt-USA, Inc., and its affiliates (any corporation, company, partnership, limited liability company or group, that directly, or indirectly through one or more intermediaries, controls, is controlled by or is under common control with or by Meggitt-USA, Inc. directly or indirectly) (collectively, ‘Meggitt’). This CCPA Policy provides certain information to California residents about Meggitt’s data processing practices that is supplemental to the disclosures in Meggitt’s existing Privacy Policy.
If you have a visual disability, you may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents of this CCPA Policy.
You can download a PDF version of the policy here.
In this CCPA Policy, Meggitt provides disclosures for the 12 months preceding January 1, 2020 as required by the CCPA for California residents who are not acting as a job applicant or employee nor those who constitute an owner, director, officer, or contractor of a company, partnership, sole proprietorship, non-profit, or government agency (a Business Representative) with whom Meggitt is conducting business transactions.
Meggitt does not and will not sell California residents’ personal information. This applies to all California residents covered by this CCPA Policy, including minors under 16 years of age.
California residents have the right to request that we disclose what personal information we collect, use, disclose and sell about you specifically (right to know). To submit a request to exercise the right to know, please populate the webform accessible here, submit an email request to ccpa@meggitt.com and include ‘California Request to Know’ in the subject line. Please specify in your request the details you would like to know, including any specific pieces of personal information you would like to access.
We will ask that you provide certain information to verify your identity, such as a code sent to an email address that you provide for this purpose. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. We will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.
Our Personal Information Handling Practices in 2019
We have set out below the categories of personal information we have collected about California residents in the preceding 12 months and, for each category of personal information collected, the categories of sources from which that information was collected, the business or commercial purposes for which the information was collected, and the categories of third parties with whom we shared the personal information for a business purpose.
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, signature, physical characteristics or description, telephone number or credit card number.
From you via websites and/or mobile applications (including IP addresses and cookies), email, telephone, or in-person.
Commercial information, including services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.
From you via websites and/or mobile applications (including IP addresses and cookies), email, telephone, or in-person.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application or advertisement.
From you via websites and/or mobile applications (including IP addresses and cookies), email, telephone, or in-person.
Characteristics of protected classifications, (e.g., national origin)
Geolocation data
From you via websites and/or mobile applications (including IP addresses and cookies), email, telephone, or in-person
Audio, electronic, visual or similar information.
From you via websites and/or mobile applications (including IP addresses and cookies), email, telephone, or in-person
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities and aptitudes.
From you via websites and/or mobile applications (including IP addresses and cookies), email, telephone, or in-person
California residents have a right to request the deletion of personal information that we collect or maintain about you. To submit a request to delete personal information, please populate the webform accessible here or submit an email request to ccpa@meggitt.com and include ‘California Request to Delete’ in the subject line. Please specify in your request the personal information about you that you would like to have deleted, which can be all of your personal information as required by the CCPA.
We will ask that you provide certain information to verify your identity, such as a code sent to an email address that you provide to us for this purpose. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. Once we have verified your identity, we will ask you to confirm that you wish to have your personal information deleted. Once confirmed, we will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.
You have the right to opt-out of the sale of your personal information by a business. We do not and will not sell your personal information.
You may not be discriminated against because you exercise any of your rights under the CCPA.
California residents can designate an authorized agent to make a request under the CCPA on your behalf if:
If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please have the authorized agent take the following steps in addition to the steps described in Sections 2 and 3 above:
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
If you have questions or concerns regarding our privacy policy or practices, you may contact us using the following details:
Email address: ccpa@meggitt.com
Postal address:
Meggitt-USA, Inc
1955 N. Surveyor Ave.
Simi Valley, CA 93063,
Attn: Legal Department
This privacy statement was last updated on August 2022