Privacy Notice 


Purpose of this privacy notice 

BAE Systems, Inc. (“the Company”, “we”, “our” or “us”) is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect, use, and share personal information about you before, during, and after your working relationship with us, in accordance with applicable data protection laws (together the “
Data Protection Laws”).

It applies to visitors to all permanent and temporary employees, workers, contractors and any other individuals who are working for the Company but who are not directly employed (“
staff member” or “you”).

Please read this privacy notice carefully. If you have questions, please contact privacy@baesystems.com.


1. Information we collect about you 

For the purposes of this privacy notice, “personal information” means any information about an identified or identifiable natural person regardless of whether it is held in paper, electronic or any other format.

We collect, maintain, and use different types of personal information in the context of our relationship or potential relationship with you. We also collect certain “special categories” of more sensitive personal information where permitted by applicable law.

The following provides examples of the type of information that we collect from you and how we use the information.

ContextCategories of InformationPrimary Purpose for Collection and Use of Information
BenefitsWage and benefit information, including but not limited to salary, bonus, additional pay, variable compensation, annual leave, pension and related compensation history and benefits information.To perform our contractual obligation to provide employee benefits, including compensation, health insurance, expense reimbursements, etc. Our legitimate interest in maintaining accurate business accounts.
CCTVCCTV footage and other information obtained through electronic means such as swipe card records.Our legitimate interest in protecting the Company’s assets and property and maintaining the security of information held by the Company.
Certifications and Qualifications We collect information from individuals who have access to our facilities and equipment including licensing and certification, and when applicable, nationality and citizenship.We have a legitimate interest in securing our facilities and equipment, and tracking those individuals with access to either for security and maintenance purposes.  In some jurisdictions, we are also required by law to validate and record information about the individuals that access our facilities and equipment. 
Contact DetailsPersonal contact details such as name, title, addresses, telephone numbers, and work and personal email address.We have a legitimate interest in communicating with you. In some jurisdictions, we are also required to collect this information to comply with law.
Electronic CommunicationsInformation about your use of our information and communications systems. Information about your computer, including your IP address, operating system and browser type, traffic data, location data, weblogs, and other communication data and resources you access in accordance with our Cookie Policy.Our legitimate interest in monitoring your use of our information and communication systems, providing for security of the IT system to ensure compliance with our policies and applicable law, and to optimize your website experience. For information on how we collect information regarding the use of our website, please see our Cookie Policy.
Government IdentificationSocial security numbers, taxpayer identification numbers, passportOur legitimate interest to comply with applicable law.
Health RelatedInformation about your health, including any medical condition, health and sickness records, details of any absences from work (other than holidays), including time on statutory parental leave and sick leave.Our legitimate interest in ascertaining your fitness to work, managing sickness absence, to comply with legal obligations related to health and safety, and to perform our obligation to provide health benefits such as insurance.
IdentificationName, date of birth, and driver’s license.Our legitimate interest in identifying you personally.
InvestigationsDetails of any disciplinary investigations and proceedings or of investigations following an alert.Our legitimate interest in gathering evidence for possible grievance or disciplinary matters or to make arrangements for the termination of our working relationship if warranted. Our legitimate interest in determining whether you, or another employee, has complied with our policies, procedures, and protocols. 
Other Special Categories Of Sensitive InformationInformation about your gender, race, ethnicity, sexual orientation, religious beliefs, health and disability data, veteran status, and trade organization data.To comply with government regulations and our legitimate interest in promoting and monitoring equal opportunities and diversity (if permissible under applicable law).
Payroll, Pension, and TaxesPayroll information, including but not limited to social security number or equivalent, tax status information (i.e., marital status, dependents, etc.), payroll records, bank account details, direct deposit/credit arrangements, and information about pension plans.To perform our contractual obligation to calculate and pay your salary, tax, social security, and pension contributions. In some jurisdictions, to comply with legal obligations.
PhotographsPhotographsOur legitimate interest in maintaining external and internal directories and/or a security badge (if applicable).
RecruitmentRecruitment information, including copies of right to work documentation such as citizenship, work permit or visa; references and other information included in a CV, resume, or cover letter or as part of the application process; criminal background; references and  interview notes; letters of offer and acceptance of employment, and employment agreements.Our legitimate interest in making a decision about your recruitment or employment. In some jurisdictions, to comply with legal requirements to verify you are legally entitled to work in the country in which you are applying.
Terms of Employment

Employment records including job titles/duties, job location, working arrangements, seniority data, employee identification number, performance ratings, hire/re-hire date, termination date, job history, training records, professional memberships, and business travel arrangements.

Our legitimate interest in business management and planning, including accounting and auditing; conducting performance reviews, managing performance and determining performance requirements; making decisions about salary reviews and compensation; assessing qualifications for a particular job or task, including decisions about promotions; making decisions about your continued employment or engagement. To perform our contractual obligation to provide salary and benefits to certain employees.
TrainingWe collect information from individuals concerning the training that they receive from us or from third parties.Our legitimate interest in understanding and recording the qualifications and training of the individuals that work with us.  We may also be required by law, or by contract, to share the training or qualification of certain staff with third parties such as regulators or clients.  We may also choose to share the training or qualification of certain staff with third parties as part of our effort to develop business. We have a legitimate interest in complying with any statutory, regulatory, or contractual obligation to disclose the training of our staff, and we have a legitimate interest in using the qualifications of our staff to help develop business.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.  For example, if you submit a job application or become an employee, we may conduct a background check or collect information from your references or previous employers.


2. How we collect your personal information

We collect personal information about staff members through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider where background checks are permitted. In addition, we may sometimes collect additional information from third parties including former employers, personal and professional references, credit reference agencies or other background check agencies, or government agencies (where permitted).

We will also collect additional personal information in the course of job-related activities throughout the period of you working for us. This may include monitoring communications and use of Company’s IT equipment and systems, or from other staff members or supervisors.


3. Monitoring use of the Company's information technology ("IT") equipment and systems

In the course of conducting our business, we may – under conditions permitted by applicable law- monitor employee activities and our premises and property. For example, some of our locations are equipped with surveillance cameras. Where in use, surveillance cameras are for the protection of employees and third parties, and to protect against theft, vandalism and damage to the Company’s property. They do not aim to control the working activity of the individual staff member. Recorded images are typically destroyed and not shared with third parties unless there is suspicion of a crime or wrongdoing, in which case they may be turned over to law enforcement, other appropriate government agency, or other appropriate third parties. If recorded, the images will be kept with a maximum of one month, except if law authorizes, expressly or explicitly, a longer period or prescribes a shorter period. 

Additionally, pursuant to BAE Systems, Inc. Management Policy 901 (Acceptable Use of Information Resources) and where permitted by law, the Company has the ability to monitor all employee’s activities using the Company’s IT Assets and communications systems including, without limitation, phone, email, instant messaging, VoIP, and internet browsing. For the purposes of your own personal privacy, you need to be aware that such monitoring might reveal personal information about you. By carrying out such activities using our facilities and assets you acknowledge that personal information about you may be revealed to the Company by such monitoring. 


4. How we use your personal information

In addition to the purposes and uses described above, we use your personal information for the following purposes:
  • To administer your relationship with us, including fulfilling any obligation that we have to provide you with compensation or benefits;
  • To carry out our business effectively;
  • To comply with applicable laws or regulations;
  • To comply with our contractual obligations;
  • To detect and prevent fraud or crime;
  • To enforce, exercise, or defend legal claims;
  • To investigate potential misconduct;
  • To keep your personal information and that of other staff members secure and to prevent unauthorised access, loss, damage, destruction or corruption of data. This may include monitoring communications and use of the Company’s IT equipment and systems;
  • To plan, organize, and carry out administration tasks within and across the Company; and
  • To protect the legitimate interest of the Company, including protecting the Company property.

Note that this privacy notice may be updated to notify you of additional purposes for which we process your personal information.

5. Sharing your personal information 

In addition to the specific situations discussed elsewhere in this policy, we share your personal information in the following situations:

  • Affiliates and Business Transfers. We may share information with our corporate affiliates (e.g., parent company, subsidiaries, joint ventures, or other companies under common control) in the course of our normal business operations. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage. 
  • Legal or Regulatory Requests and Investigations. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws or regulations.  We may also need to share your personal information with tax authorities, courts, regulators, the police and other governmental authorities where we are required or permitted to do so by law.
  • Other Third-Parties. We may disclose certain information such as name, work contact details (including your workplace ID photo), training and qualification records, certifications, and other information about your work arrangements to other third parties, such as customers, subcontractors, business partners, professional advisers (including lawyers, auditors and accountants), professional bodies, and regulatory authorities in the normal course of business.
  • Other Disclosures with Your Consent. We may ask to share your information with other third parties who are not described elsewhere in this privacy notice.
  • Protection of the Company or Others. We may share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
  • Third-Party Service Providers. We may share your information with service providers. For example, we may share your personal information with payroll administrators, pension administrators, IT service providers, training providers, benefits providers, marketing/events agencies, and recruitment agencies.

6. Data Security

We maintain reasonable physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to help protect your personal information against loss, unauthorized access or disclosure, modification, or destruction. While we use reasonable efforts to protect your personal information, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any privacy or security event relating to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

7. Registration, Passwords and Security

If you choose, or you are provided with, a user identification code, password or any other piece of information as part of our security procedures for one of the registration-only sections of the Company’s website, you are responsible for maintaining the confidentiality of your password and user name for the website and you are responsible for all activities that are carried out under them. We do not have the means to check the identities of people using the website and we will not be liable where your password or user name is used by someone else. We have the right to disable any user identification code or password at any time.

8. Your rights in relation to your personal information

Under applicable Data Protection Laws, you may have the right to request access to your personal information. If required by law, upon request, we will grant you reasonable access to your personal information. There may be instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information we hold about you. To inquire, please contact bae.privacy@baesystems.com.

9. Miscellaneous

The following additional information relates to our privacy practices.:
  • Changes to this Privacy Notice.  We may change our privacy policy and practices over time.  To the extent that our policy changes in a material way, the policy that was in place at the time that you submitted personal information to us generally will govern that information.
  • Information for California Residents.  California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether certain categories of information are “sold” or transferred for an organization’s “business purpose” as those terms are defined under California law. You can find a list of the categories of information that we share on the next page. Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself.

California Information Sharing Disclosure

California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicates that companies should disclose whether the following categories of information are collected, transferred for consideration, or transferred for an organization’s “business purpose” as that term is defined under California law.  Note that while a category may be marked that does not necessarily mean that we have information in that category about you.  For example, while we transfer bank account numbers for our business purpose in paying some staff members (e.g., direct deposit) we do not collect or transfer bank account numbers of staff members that do not utilize direct deposit. 
Category of Personal InformationIs information collected?Is information transferred for valuable consideration?Is information transferred for business purposes?
Audio, electronic, visual, thermal, olfactory, or similar informationü
ü
Bank account numberü
ü
Biometric informationü
ü
Characteristics of protected classifications (e.g., age, sex, race, ethnicity, physical or mental handicap, etc.)ü
ü
Commercial information (e.g., products or services purchased, or other purchasing or consuming histories or tendencies)


Credit card numberü
ü
Debit card numberü
ü
Driver’s License Number / State IDü
ü
Educationü
ü
Electronic network activity (e.g., browsing history)ü
ü
Email addressü
ü
Employmentü
ü
Employment historyü
ü
Geolocation dataü
ü
Health insurance informationü
ü
Identifiers (e.g., name or alias)ü
ü
Insurance Policy Numberü
ü
Medical informationü
ü
Online identifier (e.g. IP address)ü
ü
Other financial informationü
ü
Passport Numberü
ü
Physical Characteristicsü
ü
Postal addressü
ü
Signatureü
ü
Social Security Numberü
ü
Telephone Numberü
ü
Transaction informationü
ü