Search

Our business involves the manufacture and use of products and technologies that are subject to trade controls under UK, EU and U.S. law. To comply with our obligations under these laws, we are required to collect certain personal data from our employees and visitors regarding their nationality and any contacts with countries that are subject to trade controls and embargoes under UN Security Council resolutions or otherwise under UK, EU or U.S. law.

This purpose of this policy is to ensure that we comply with our legal obligations regarding our collection and use of such personal data from our employees and visitors. It is intended to supplement other personal data policies and notices issued by Curtiss Wright (“ us”, “ we”, “ our”) from time to time .

For the purposes of this policy, the following terms have the following meanings:

Controllers : means the organisation(s) which determine the manner in which any personal data is processed and are responsible for establishing practices and policies to ensure compliance with the law.

Data : is any information which is stored electronically or in paper-based filing systems. In respect of compliance screening, this generally means personal data regarding nationality, background and personal contacts provided in response to our screening questionnaire.

Data users : are those of our employees whose work involves ensuring legal compliance, particularly with those laws governing access to technical information subject to export control regulation. Data users must protect the data they handle in accordance with this policy and our Privacy Policy.

Individuals : means all living individuals about whom we hold personal data as a result our compliance screening procedures.

Personal data : means Data about or relating to an individual who can be identified from that data (or other data in our possession).

Processors : means any organisations that are not data users (or employees of a Controller) and that process data on our behalf and in accordance with our instructions (for example, a supplier which handles data on our behalf).

Processing : is any activity which involves the use of data. It includes obtaining, recording or holding data, or carrying out any operation on the data including organising, amending, retrieving, using, disclosing or destroying it. Processing also includes transferring personal data to third parties.

This policy covers all employees, contractors and other individuals working at or visiting any of our premises.

We currently collect certain personal data from our employees and visitors to determine their contacts, if any, with countries that are subject to an embargo or other trade controls under UN Security Council resolutions or otherwise under UK, EU or U.S. law. The screening process evaluates each person’s nationality (including any dual-nationality), regular travel destinations, international business and personal contacts, overseas residential or commercial interests, financial connections in other countries, continued citizenship or allegiance, and any other relationships or actions indicating a risk of diversion of controlled products or data to a country subject to an embargo or other trade controls.

This policy outlines how and why we will process such data to ensure we are compliant with applicable data protection law.

We recognise that information that we hold about individuals is subject to data protection legislation. We are committed to complying with our legal obligations.

This policy is non-contractual and does not form part of the terms and conditions of any employment or other contract. We may amend this policy at any time without consultation. The policy will be regularly reviewed to ensure that it meets applicable legal requirements.

A breach of this policy may, in appropriate circumstances, be treated as a disciplinary matter. Following investigation, a breach of this policy may be regarded as misconduct leading to disciplinary action, up to and including dismissal.

The Privacy Manager has overall responsibility for ensuring compliance with relevant legislation and the effective operation of this policy. Day-to-day management responsibility for deciding what information is recorded, how it will be used and to whom it may be disclosed has been delegated to the Privacy Manager. Day-to-day operational responsibility for CCTV cameras and the storage of data recorded is the responsibility of the Privacy Manager.

Responsibility for keeping this policy up to date has been delegated to the Privacy Manager.

We currently collect background personal data from our employees, contractors and visitors to our premises to comply with our legal obligations under UK, EU and U.S. trade control law. In particular, we use such data to fulfil our obligations to assess whether such individuals have substantial contacts with any country subject to trade controls that represent a risk of diversion of controlled products or data to that country.

We may also require visitors and/or employees to provide us with access to their passports or other identification documents for the purposes of verifying their identity and nationality. We may require a copy to be taken of such identification documents for our safekeeping.

Employees, contractors and other individuals working at or visiting any of our premises may be asked to complete a questionnaire to provide information regarding some of all of the following: nationality and citizenship (including any dual-nationality), regular travel destinations, international business and personal contacts, overseas residential or commercial interests, and financial connections and/or allegiances with other countries.

The personal data collected from the questionnaire will be used to assess whether the person has substantial contracts in or with a country subject to trade controls that represent a risk of diversion of controlled products or data to that country. The information collected may also be screened against a data base of names of persons and individuals who are subject to an asset freeze, travel ban or trade restrictions imposed under UN Security Council resolutions or otherwise under UK, EU or U.S. law.

Personal data collected under this policy will be stored digitally using a cloud computing system and retained in accordance with our Privacy Policy.

Individuals may make a request to exercise their rights under applicable data protection laws. Any such individual rights request is subject to the statutory conditions from time to time in place and should be made in writing, in accordance with our Privacy Policy.