bombardier-eservices-bba-wcm

Actions

Personal Data Protection Policy

BOMBARDIER PRIVACY STATEMENT

Last revision on September 26, 2022

About this privacy statement

Bombardier Inc. and all its business segments, divisions and subsidiaries (collectively “Bombardier”, “we” or “our”) are committed to conducting business in a way that complies with applicable data protection laws and regulations in every country in which Bombardier operates.

Generally, the Bombardier entity that operates the Site you visit or the entity that you interact with offline is the entity that acts as controller of any personal data collected through your interaction and is the entity that is primarily responsible for how that personal data is used. Bombardier Inc. also acts as data controller in respect of certain centralized data processing activities.

For your information and convenience, our Sites may contain links to other websites or apps run by other organizations, which we do not control. This privacy statement does not apply to those other websites and apps‚ so we encourage you to read their privacy statements to stay informed of how they use your personal data.

Which personal data we collect

The personal data we collect depends on the ways in which you interact with Bombardier and it may include the following:

  1. Your name, address and contact details, including email address, telephone number, and other similar contact information.
  2. Passwords, password hints, answers to security questions, and similar credentials used for authentication and account access.
  3. Your age, gender, country, income, preferred language, level of education, occupation, and similar demographic information.
  4. Data necessary to process your payment if you make purchases, such as your credit card number and the security code associated with your credit card.
  5. Your location, including the location derived from your IP address.
  6. Your interests and preferences including the languages or cities you prefer, your preferred products and services, and other similar data that helps us build up a picture of your interests and preferences./li>
  7. Data about your device (including device identifiers) and how you and your device interact with our Sites./li>
  8. Photographs or security camera images if you enter a Bombardier facility or attend a Bombardier event.
  9. Other information you provide to us and the content of messages you send to us when you submit feedback, or when you make personal data inquiries, request products or services, contact us for customer support or account information changes, or complete surveys.

We do not knowingly collect personal data from anyone under the age of 16.

4. Policy Content

4.1 Application of Personal Data Protection Laws

This Policy follows internationally accepted principles. If a country’s laws impose stricter rules than this Policy, those laws will take precedence.

4.2 Privacy Principles

  • Accountability: Bombardier is responsible for Personal Data under its control.
  • Lawfulness, Fairness, and Transparency: Data is processed lawfully and fairly.
  • Purpose Limitation: Data is collected for specified, legitimate purposes.
  • Necessity: Data processing is limited to what is required for its purpose.
  • Accuracy: Data is kept accurate and up-to-date.
  • Retention Limitation: Data is not kept longer than necessary.
  • Security and Confidentiality: Data is protected by security measures.
  • Access Limitation: Data access is limited on a “need-to-know” basis.

4.3 Legitimacy of Processing

  • Consent: The Data Subject has given consent.
  • Contract: Processing is necessary for contract performance.
  • Legal Obligation: Required for compliance with legal obligations.
  • Vital Interest: Required to protect an individual’s vital interests.
  • Public Interest: Processing is necessary for public tasks.
  • Legitimate Interests: Necessary for Bombardier or third-party interests.

4.4 Personal Data Lifecycle

  • Collection: Data is gathered by lawful means.
  • Use and Access: Data is used for intended purposes only.
  • Disclosure: Data is disclosed to third parties only when necessary.
  • Retention and Destruction: Data is deleted when no longer needed.

4.5 Privacy Impact Assessment (PIA)

When required, Bombardier conducts PIAs to assess and mitigate data protection risks.

4.6 Personal Data Confidentiality and Security

Personal Data is treated confidentially and protected against unauthorized access, modification, or loss.

4.7 Rights of the Data Subject

  • Right to access and rectify data.
  • Right to request deletion and withdraw consent.
  • Right to object to data processing.

4.8 Sanctions

Non-compliance with this Policy may result in disciplinary measures up to termination.

5. Policy Approval & Overall Responsibility

5.1 Approval Authority: The Senior VP, General Counsel, and Corporate Secretary approve this policy.

5.2 Delegation of Authority: This Policy falls under Category C and is approved by the most senior responsible executive.

5.3 Roles and Responsibilities

  • Data Privacy Officer (DPO): Implements and enforces this Policy.
  • Chief Information Security Officer: Ensures security measures.
  • Chief Information Officer: Implements data security measures.
  • Global Chief Security Officer: Ensures physical security.
  • Human Resources: Conducts privacy awareness training.
  • Corporate Audit Services: Audits policy compliance.
  • Employees and Service Providers: Ensure data protection compliance.

6. Periodic Review

This Policy is reviewed every two (2) years by the DPO.

If you have any questions or suggestions about this privacy statement or about how we use your personal data, please contact us at :

Corporate Legal Affairs
Phone: +1 (514) 855-5001
Email: corporatelegalaffairs@bombardier.com

Please let us know if you are unhappy with how we use your personal data. We will respond to your complaint within 30 days.