Information Statement on the protection of personal data

Safran has installed functionality on its Internet site that leads to the processing of personal data.

This information statement on the protection of personal data indicates how the companies of the Safran Group process the personal data of people who subscribe to these services.

1. Definitions

Personal data: any information relating to an identified or identifiable natural person; a natural person who can be identified, directly or indirectly, is deemed to be an “identifiable natural person”.

2. Processing initiated based on the consent of the data subject

The types of processing listed below are based on consent:

• 
  
• a. Account management
  • 
    
  • Legal basis: consent of the data subject
  • Data collected: name, first name, email, telephone, media if the person declares himself to be a journalist, language of communication
  • Recipients: administrators, authorized persons from the Communications Department and the IT security team.
  
  
• b. Managing the delivery of news, newsletters and press releases
  • 
    
  • Legal basis: consent of the data subject
  • Data collected: Last name, First name, telephone, email, language of communication, Safran activities and topics in which said person is interested
  • Recipients: administrators, authorized persons from the Communications Department and the IT security team.
  
  
• c. Managing the accreditation of the graphic charter
  • 
    
  • Legal basis: consent of the data subject
  • Data collected: last name, first name, email address, language of communication, type and name of project, Group company involved in the project, log
  • Recipients: administrators, authorized persons from the Communications Department and the IT security team.
  
  
• d. Managing reservations for the Association of Friends of the Museum
  • 
    
  • Legal basis: consent of the data subject
  • Data collected: name, first name, phone number and email, language of communication, company, (institution, individual, company). If the booking is made in the name of a company: company, booking contact number (optional), space for comments
  • Recipients: people in charge of museum management, administrators and the IT security team.
  
  
• e. Contact form
  • 
    
  • Legal basis: consent of the data subject
  • Data collected:
    • 
      
    • Mandatory: email, subject and message.
    • Depending on the message and the recipient: offer number, user account, telephone, customer country, company name, part number.
    
    
  • Recipients: authorized persons from the Communications Department, person for whom the messages are intended, administrators and the IT security team.
  
  
• Retention period:
  • 
    
  • If there is no connection to the account after 2 years, an automatic email will be sent to the person concerned with a renewal link. If there is no response within 48 hours, their account will be automatically deleted.
  
  

3. Processing initiated based on Safran’s legitimate interests

Safran has installed functionality in order to protect the personal data of the persons concerned, to protect its information system and to comply with its legal obligations.

• 
  
• a. Securing the information system and the confidentiality of personal data
  • 
    
  • Legal basis: Legitimate interest: Safran has implemented appropriate security and confidentiality measures to protect personal data against any loss, alteration or disclosure to unauthorized third parties. Its procedures comply with current best practice and are regularly updated.
  • Data collected: connection logs, cookies and IP address
  • Retention period: 1 year
  • Recipients: administrators and the IT security team.
  
  
• b. Managing compliance with legal obligations and due-diligence obligations incumbent on Safran; managing its obligations to protect personnel; managing the rights of Safran and those of others as well as assets and information
  • 
    
  • Legal basis: Legitimate interest: Safran has installed functionality in order to ensure its compliance with international regulation, to defend its interests in a court of law or before an arbitrator, to manage the companies’ general operational activities, and to protect its staff, its assets and its information. Due diligence work carried out during negotiations for the sale or purchase of a company may involve sending personal data to the potential buyer or seller.
  • Data: any data necessary for the operation
  • Retention period: Data used in this regard is retained until the end of the operation concerned.
  • Recipients: persons authorized according to the operation
  
  

4. Information about the personal data collected

Personal data may be collected directly from the data subject by taking it from the form they complete or indirectly by taking it from his/her terminal.

The list of personal data collected may change in order to enable Safran to comply with local regulations.

Information fields marked with an asterisk or marked as mandatory must be completed in order to create the account. If the data subject wishes his/her data to be deleted, they will no longer receive news emails, press releases or newsletters. Any bookings he/she has will be canceled.

Personal data cannot be reused for purposes that are incompatible with the initial purposes.

Under no circumstances does Safran sell or transfer personal data to third parties for marketing or publicity purposes.

5. Transfers outside the European Union

Personal data is not transferred outside of the European Union.

6. Cookies

A cookie is a file that the visited site stores on the computer or on any peripheral used to browse the Internet, in order, for instance, to send session information for each page, or to record that a particular page has been accessed. The aim is to optimize browsing in terms of its convenience, efficiency and pertinence.

The information is stored in the cookie for a limited time. It is anonymous and relates to the pages visited and the time spent on each, the means used for browsing (operating system, browser and resolution, etc.), the searches made, and the IP address, in order to make rough groupings by geographical area etc.

For those affected, a module for managing cookie storage is available on the Safran Internet site.

7. Statement

In order to process someone’s personal data, he/she must agree to this Information Statement on personal data by ticking the box on the form used to create the account or the contact form.

The person concerned undertakes to provide complete, accurate and legitimate information in the form.

Please do not create an account before you have read and understood this Statement.

8. Rights of the data subject

The data subject has the right to access, rectify and erase personal data, and the right to restrict its processing, to data portability, and to object to processing. He/she may exercise the rights by contacting the Safran Personal Data Protection Officer safran.dpo@safrangroup.com.

In case of doubt as to the identity of the person concerned, proof of identity may be requested.

If Safran fails to respond or if its response is unsatisfactory, the data subject may also lodge a complaint with a supervisory authority for the protection of personal data.

For France, go to the site: https://www.cnil.fr/en/home.

9. Modification of the personal data protection information statement

Safran may change this Statement in order to remain compliant with the practices adopted and with the regulation relating to the protection of personal data. The data subject will be informed of substantial changes.