|
Question |
Answer |
| What
corporate entity determines the purposes and means of processing of the personal data in this activity?
(This
is the "Controller" under the EU General Data Protection Regulation and other applicable
laws.) |
The
Boeing Company |
| Who
represents this entity with regard to privacy issues? |
The Boeing Global Privacy Office is responsible
for privacy issues related to this activity.
Contact information for the Boeing Global Privacy Office
appears below this table.
(The Boeing Global
Privacy Office will route issues to the appropriate Data
Protection Officer where applicable.)
|
| Whose
personal data is intended to be processed by this
activity? |
This
activity is intended to process the personal information
of:
-
Employees
- Contract Labor
- Subsidiary Employees
- Customers
- Non-Boeing Individuals with BEMS IDs (consultants,
purchased services, suppliers, etc.)
- Government Regulators
- Students (over 18 years of age)
- Children (under 18 years of age)
It is not intended to process the personal
information of individuals in other categories. |
| What
categories of personal data are processed by this
activity? |
Highly-Sensitive
Personally Identifiable Information:
Full Date of Birth
Sensitive
Personally Identifiable Information:
- Data about Children
- Citizenship
- Home Address
- Security Clearance
Personal Information: The following data elements are processed:
1. Birth month and day
2. Subject photo
3. BEMS ID
4. Chosen name
|
| What
are
the purposes of
processing personal data in this activity? |
In order to process and print Secure Badge and to ensure proper security in compliance with Boeing policies and applicable laws and regulations. |
| What is
the legal basis for processing personal data in this
activity? |
Processing
is necessary for purposes of legitimate interests
pursued by
The Boeing Company:
-
The
detection and prevention of fraud and other criminal
behavior -
Information, system, network and cyber security -
Fulfilling
it's corporate duties of due diligence -
Physical Security
|
| Is the
data subject (the person to whom the data relates)
required to provide personal information for this
processing activity, and what would be the possible
consequences of failing to do so? |
Provision of personal information
for this processing activity is not required.
A Boeing photo badge can not be fabricated and issued without the required information. |
| Who are
the recipients of the personal data in this activity? |
Boeing Enterprise Security Organization, users of BSB system, and certain 3rd party operators responsible for badging operations of Boeing and non-Boeing employees. |
| In what
countries will the personal data be processed? |
All countries where Boeing and Non-Boeing employees reside. The server where data is stored is hosted in US only.
Data will be stored in the United States.
|
| How long
will the personal data be retained by this activity? |
Duration of employment (to include employee, non-employee and subsidiary)plus 10 years. |
|
What specific privacy rights may the individuals whose
personal data is processed by this activity have, and
how can they be exercised? |
Anyone may have the right to
lodge a complaint with a
supervisory authority (https://boeing.com/privacy/authorities.html).
Depending upon the jurisdiction(s)
in which you live or work, you may have the
following additional rights:
- to request access to and
rectification or erasure of personal data or
restriction of processing
- to object to processing
- to data portability
- to not be subject to a
decision based solely on automated processing
which produces legal effects concerning you or similarly affects
you
If not offered as a
self-service capability within the "Boeing SecureBadge (BSB)"
data processing activity or otherwise addressed in
another answer above, any applicable privacy rights
may be exercised using
https://boeing.com/privacy/rightsexerciseportal. |
