Last updated on September 26, 2022
About this privacy statement
Bombardier Inc. and all its business segments, divisions and subsidiaries (collectively “Bombardier”, “we” or “our”) are committed to conducting business in a way that complies with applicable data protection laws and regulations in every country in which Bombardier operates.
This privacy statement sets out how we collect, store, use and safeguard your personal data. It applies to the personal data we collect through our online interaction, such as when you visit our websites, customer portals, applications or when you register to a webcast (collectively, our “Sites”), as well as our offline interaction, such as when you attend one of our events (e.g. marketing event, trade show or sales meeting).
Generally, the Bombardier entity that operates the Site you visit or the entity that you interact with offline is the entity that acts as controller of any personal data collected through your interaction and is the entity that is primarily responsible for how that personal data is used. Bombardier Inc. also acts as data controller in respect of certain centralized data processing activities.
For your information and convenience, our Sites may contain links to other websites or apps run by other organizations, which we do not control. This privacy statement does not apply to those other websites and apps‚ so we encourage you to read their privacy statements to stay informed of how they use your personal data.
Which personal data we collect
The personal data we collect depends on the ways in which you interact with Bombardier and it may include the following:
- Your name, address and contact details, including email address, telephone number, and other similar contact information.
- Passwords, password hints, answers to security questions, and similar credentials used for authentication and account access.
- Your age, gender, country, income, preferred language, level of education, occupation, and similar demographic information.
- Data necessary to process your payment if you make purchases, such as your credit card number and the security code associated with your credit card.
- Your location, including the location derived from your IP address.
- Your interests and preferences including the languages or cities you prefer, your preferred products and services, and other similar data that helps us build up a picture of your interests and preferences.
- Data about your device (including device identifiers) and how you and your device interact with our Sites.
- Photographs or security camera images if you enter a Bombardier facility or attend a Bombardier event.
- Other information you provide to us and the content of messages you send to us when you submit feedback, or when you make personal data inquiries, request products or services, contact us for customer support or account information changes, or complete surveys.
We do not knowingly collect personal data from anyone under the age of 16.
How we collect your personal data
Bombardier collects your personal data from you, from third parties and through cookies.
- Data obtained from you: You provide personal data directly to us when you purchase our products or register for our services, create an account on our Sites, interact with us on social media, click an advertising link that we put on someone else’s website, submit a query to us via our Sites, contact us for support, provide a testimonial, comment on blogs or articles featured on our Sites, register for our events (including webcast events), enter our competitions, sign up for our special offers, participate in our research panels or fill in our surveys.
- Data obtained from third parties: We obtain personal data about you from third parties, including data brokers from whom we purchase market intelligence: (Wealth-X Pte. Ltd., JetNet LLC, Amstat, Inc., PrivCo Media, LLC, Thomson Reuters, Descartes Systems (USA) LLC, Dun & Bradstreet Companies of Canada ULC, S&P Global Inc.), business partners and service providers that help us determine a location based on your IP address in order to customize certain messaging to your location and publicly-available sources such as open government databases or other data in the public domain (e.g. on third party social media platforms, like Instagram, Facebook, Twitter, or LinkedIn).
Why we collect your personal data and our lawful bases for processing it
Bombardier processes your personal data for different purposes, during and after the end of your relationship with us. These purposes include:
- Providing you the Sites and offline interactions.
- Enabling or administering our business, including administering customer accounts, responding to supplier inquiries and monitoring quality assurance.
- Understanding and improving our business or customer relationship generally with a view to improving our products and services and developing new ones.
- Communicating with you and serving you tailored advertising both on and off our Sites (in circumstances where your consent is not required). For information on how we use your personal data to advertise to you, please see the ‘Marketing and advertising’ section.
- Protecting you, us or others from threats, such as security threats or fraud.
- Managing corporate transactions (e.g. mergers and acquisitions, strategic partnerships).
We will only use your personal data where we have lawful bases for doing so. Lawful bases include, among others, each one of the following:
- Consent (where you have given consent).
- Contract (where using your personal data is necessary for the performance of a contract with you).
- Legal obligation (where using your personal data is necessary for compliance with laws that apply to us).
- Vital interests (where using your personal data is necessary to provide urgent safety notices or product recalls).
- Legitimate interests (where we have legitimate interests and they do not outweigh your privacy rights).
Where we rely on your consent to use your personal data, you have the right to withdraw or decline your consent at any time. Please see the ‘Your rights regarding your personal data’ section for further details on how you can do this.
If you have any questions about, or objections to, the lawful bases upon which we use your personal data, please contact our data privacy officers in any of the ways described at the end of this privacy statement.
Marketing and advertising
We use your personal data to send you marketing information directly from us by post, email or SMS, where you gave your consent to such use (unless there is another lawful bases for using your personal data for marketing and advertising purposes in your jurisdiction, which does not require your consent). We also use your personal data and information inferred from your personal data to tailor ads to your interests and preferences. This allows us to improve the relevance of our ads to you.
You have the right to object to our use of your personal data for marketing and advertising purposes, or – where we rely on your consent to use your personal data for marketing and advertising purposes – to withdraw your consent. Please see the ‘Your rights regarding your personal data’ section for further details.
How we store, process, transfer and protect your personal data
The personal data we collect about you will be stored in a range of different places, including on our servers and in our information management systems and databases (e.g. Bombardier’s marketing databases and customer support systems).
Because we are a global business, we may process your personal data in different geographical locations (including outside the European Economic Area).
We only share your personal data on a need-to-know basis as follows:
- Internally, with various Bombardier departments, including, for example communications, marketing, sales, finance, legal, procurement and information technology (“IT”).
- Externally, with third parties that help us run our business, including, for example, third parties that manage our IT systems, serve advertisements, collect customer accounts and verify customer credit.
To ensure that your personal data is adequately protected no matter where it is processed, we have internal policies and controls in place to prevent your personal data from being lost, accidentally destroyed, misused, unintentionally disclosed, or accessed other than by our employees or third parties hired by Bombardier.
For example, we request that Bombardier employees familiarise themselves with our IT policies governing data security. When we engage third parties to process personal data on our behalf, we require that they do so on the basis of Bombardier’s written instructions, under a duty of confidentiality, and in accordance with technical and organisational measures that are appropriate to ensure the security of your personal data.
Your rights regarding your personal data
You have a number of rights regarding your personal data. You may also have additional rights depending on your jurisdiction.
- Accessing your personal data. You can request a copy of the personal data we hold about you.
- Correcting and updating your personal data. You can ask us to correct or update your personal data at any time if you discover that any of it is inaccurate or out of date.
- Erasing your personal data. You can require Bombardier to erase personal data in certain circumstances and we will take reasonable steps to inform other controllers that are processing the data that you have requested the erasure of any links to, copies or replication of the data. Your personal data will be removed from Bombardier systems within a reasonable time and will be deleted. However, Bombardier may retain a copy of your personal data (i) if and as long as required by law, regulation, administrative or court order or for internal auditing purposes, or (ii) as electronic data stored due to automatic archiving and back-up procedures. Please note that in the event of a legal dispute between you and Bombardier, your personal data may be retained until final settlement of the legal dispute.
- Objecting to or restricting the processing of your personal data. You can ask us to stop using all or some of your personal data (e.g. if we have no lawful basis to keep using it) or restrict how we process it.
- Withdrawing your consent. Where we rely on your consent as the legal basis for processing your personal data, you can withdraw your consent at any time and you can prevent further processing if there is no other legal basis upon which Bombardier can process your personal data.
- Porting your personal data. You can ask us to transfer the personal data that we hold about you to a third party electronically.
If you would like to exercise any of these rights, please advise Bombardier by sending us an email at: firstname.lastname@example.org. You can also raise a complaint about our data processing practices with the data protection regulator in your jurisdiction. Please see the ‘How you can contact us about this privacy statement or make a complaint section below.
You may also have additional rights depending on your jurisdiction. If you are a California resident, you can find more details on your rights and how to exercise them here.
How long we keep your personal data
The period for which your personal data is held is determined by a number of factors including the purpose for which we use that personal data and our legal obligations. We do not generally retain personal data in an identifiable form for longer than is necessary, though in some cases we may choose to retain certain personal data in a depersonalized or aggregated form.
How we make changes to this privacy statement
Should we elect to change this privacy statement, we will post the changes here, so please check this page from time to time to ensure that you are informed of any changes.
Data Privacy Officers contact details and responsible regulator
If you have any questions or suggestions about this privacy statement or about how we use your personal data, please contact our data privacy officer:
Please let us know if you are unhappy with how we use your personal data. Our data privacy officer will respond to your complaint within 30 days.
If you are not satisfied with the way we handled your complaint, you may refer your complaint to your local data protection regulator. For example, in Canada this is the Office of the Privacy Commissioner. For a complete list of data protection regulators within the European Union, please visit this site.