CUSTOMER DATA PRIVACY POLICY

CAE Technology Services Limited, Customer Data Privacy Notice

 CAE Technology Services Limited (“CAE”) respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you

It’s likely that we’ll need to update this privacy notice from time to time. Please check this page regularly for changes to this notice.

This version was last updated on 21st May 2018.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

 

1.     What we need

 CAE will be known as the ‘Data Processor’ and the Customer will be known as the ‘Data Controller’ of the personal data the Customer provides to us.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and credit history.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Profile Data includes purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our websites, products and services.
  • Preference Data includes your preferences in receiving marketing from us and our third parties, your communication preferences, and dietary information.

 

2.  Where we collect your information from

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact, Preference and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for or purchase products or services from us;
  • create an account with us;
  • when you ask to attend an event;
  • subscribe to a service from us or our partners;
  • request marketing, product or event information to be sent to you;
  • enter a competition, promotion or survey; or
  • give us some feedback.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • advertising networks and marketing companies;
  • search information providers
  • vendor partners and reseller partners;
  • credit reference, fraud prevention or government agencies;
  • providers of technical, payment and delivery services
  • data brokers or aggregators;
  • publicly availably sources such as Companies House.

 

3.  Why we need it 

We will only use your personal data when the law allows us to. We only use your personal data in the following circumstances:

  • Contract – Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interests – Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal Obligation – Where we need to comply with a legal or regulatory obligation.
  • Consent – Where you consent to it.

 

on a contractual basis; 

  1. About your contact information to agree and sign support contracts, to manage contractual service level agreements, log service calls, send invoices, conduct service review meetings, to despatch deliveries to the correct contact

 

for a legitimate business interest; 

  1. about your basic contact information to provide quotations, provide details of service offerings and enhancements, to send relevant marketing communications and updates that facilitate a personalised ongoing relationship, to send invitations to events;

 

to comply with legal obligations; 

  1. retain payment details to comply with HMRC regulations, call and transaction details to comply with the statute of limitations;

  where you have provided consent

  1. and in each case where you have not opted out of receiving a communication

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and we are unable to process your personal data, we may not be able to perform the contract we have or are trying to enter into with you or it may suffer a degradation in service (for example, to provide you with goods or services). In this case, we will notify you at the time.

 

4.  What we do with it 

  1. basic contact information is processed by CAE employees for conducting normal business operations with the customer
  2. basic contact information may be sent to an equipment vendor for support or warranty benefit registration
  3. basic contact information may be sent to a subcontractor to log and resolve a service call
  4. basic contact information may be sent to a subcontractor in order to fulfil product or spares delivery

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

5.  Who we share it with 

  1. basic contact information may be shared with an equipment vendor for support or warranty benefit registration
  2. basic contact information may be shared with a subcontractor to provide specialist services not delivered directly by CAE

Where we share basic contact information with equipment vendors it may involve transferring such information outside of the EEA.  Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it.

 

 6.  How long we keep it

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

This is expected to be for the period a customer has a valid contract with CAE and for a further six years afterwards in order to comply with UK tax law and the statute of limitations.

 

7.  Who to contact

You have a right to access data, to rectify, erase (where the legal basis for processing allows) and restrict personal data, to object to processing, to request a transfer of data to a third party, and, if processing is based on consent, to withdraw consent.

For all queries regarding your data please contact us either by:

Email at:     privacy@thisiscae.com

Post at: The Privacy Office, CAE House, Colonial Way, Watford, Herts, WD24 4PT

 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.