Privacy Notice

Privacy Notice concerning our
InfoTech
Data Processing Activity

(Boeing Data Processing Activity ID Number: 7198)

The Boeing Company and its group of companies seek to maintain the privacy, accuracy, and confidentiality of personal data that we collect and use.

We have established privacy and security measures both internally and (where applicable) in our relations with third parties to safeguard personal information in our data processing activities.

We hope that the following questions and answers addressing privacy issues related to our "InfoTech" data processing activity are as concise, transparent, and intelligible as possible. We welcome your suggestions for improvement of any of the content presented below.

Although not authoritative, this link to the presentation of this document in Google Translate is available for your convenience.

Question	Answer
What corporate entity determines the purposes and means of processing of the personal data in this activity? (This is the "Controller" under the EU General Data Protection Regulation and other applicable laws.)	The Boeing Company
Who represents this entity with regard to privacy issues?	The Boeing Global Privacy Office is responsible for privacy issues related to this activity. Contact information for the Boeing Global Privacy Office appears below this table. (The Boeing Global Privacy Office will route issues to the appropriate Data Protection Officer where applicable.)
What other entity may process this personal data on behalf of The Boeing Company (including its fully integrated subsidiaries around the globe)? (This is the "Processor" under the EU General Data Protection Regulation and other applicable laws.)	InfoTech, Carebook
Whose personal data is intended to be processed by this activity?	This activity is intended to process the personal information of: Employees Subsidiary Employees Spouses who are in the following locations: The United States Brazil Canada China Australia The European Union (EU) The European Economic Area (EEA) Argentina Hong Kong India Israel Japan Mexico New Zealand The Philippines Korea Singapore Switzerland Turkey The Ukraine The United Kingdom (UK) Uruguay It is not intended to process the personal information of individuals in other categories or locations.
What categories of personal data are processed by this activity?	Unstructured Highly-Sensitive Personally Identifiable Information (as may be entered free-form by the user) Sensitive Personally Identifiable Information: Age Biometric Information Gender or Gender Identity Real-time Geo-Location Sensitive Medical Information Special Category Personally Identifiable Information: Medical or Health Information Personal Information: Biometric screening results imported from Quest Diagnostics screening programs. Height, Weight, HDL/LDL/Total Cholesterol, waist circumference, Blood pressure.
What are the purposes of processing personal data in this activity?	The personal information will be used to produce an assessment of the individuals health that includes a well being age and recommendations on activities or programs that individuals can participate in to improve their health and well-being.
What is the legal basis for processing personal data in this activity?	The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
How may consent be withdrawn?	If not offered as a self-service capability within the "InfoTech" data processing activity or otherwise addressed in an answer here, consent may be withdrawn using https://boeing.com/privacy/rightsexerciseportal.
Is the data subject (the person to whom the data relates) required to provide personal information for this processing activity, and what would be the possible consequences of failing to do so?	Provision of personal information for this processing activity is not required. Failure to provide personal information hinders the ability to generate aggregate and de-identified data sent to Boeing Health and Well Being Operations/strategy and Artemis. The personal information will be used to produce an assessment of the individuals health that includes a well being age and recommendations on activities or programs that individuals can participate in to improve their health and well-being.
Who are the recipients of the personal data in this activity?	InfoTech receives the personal information and uses it to generate aggregate demographic reports that are sent to Boeing Health & Benefits Operations/Strategy personnel. This de-identified data is also sent to Artemis (data warehouse)to utilize in improving Boeing health management.
In what countries will the personal data be processed?	The personal information that Infotech receives will only be processed in Canada. InfoTech will send only U.S. aggregate data to Artemis. The personal information will only be stored in Canada
How long will the personal data be retained by this activity?	Data is retained through the life of the contract (initially 3 years 2019-2022). Per contract, when InfoTech ceases to perform Services for Boeing (and at any other time, upon request), they will, promptly either, at the option of Boeing, (i) securely return all Agreement Personal Data (and all media containing copies of the Agreement Personal Data) to Boeing, or (ii) securely purge, delete and destroy the Agreement Personal Data and securely delete any remaining copies and promptly certify (via a director or officer) when this exercise has been completed. Electronic media containing Agreement Personal Data will be disposed of in a manner that renders the Agreement Personal Data unrecoverable. InfoTech will provide Boeing with an Officer’s Certificate to certify its compliance with this provision. If InfoTech is required by applicable law to retain any Agreement Personal Data, InfoTech warrants that it shall (i) ensure the continued confidentiality and security of the Agreement Personal Data, (ii) securely delete or destroy the Agreement Personal Data when the legal retention period has expired, and (iii) not actively Process the Agreement Personal Data other than as needed for to comply with law.
What specific privacy rights may the individuals whose personal data is processed by this activity have, and how can they be exercised?	Anyone may have the right to lodge a complaint with a supervisory authority (https://boeing.com/privacy/authorities.html). Depending upon the jurisdiction(s) in which you live or work, you may have the following additional rights: to request access to and rectification or erasure of personal data or restriction of processing to object to processing to data portability to withdraw consent to not be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly affects you If not offered as a self-service capability within the "InfoTech" data processing activity or otherwise addressed in another answer above, any applicable privacy rights may be exercised using https://boeing.com/privacy/rightsexerciseportal.

If you have questions or concerns about privacy issues associated with our "InfoTech" data processing activity, you may contact the Boeing Global Privacy Office by:

Boeing Global Privacy Office
Email	Telephone	Mail
globalprivacy@boeing.com	+1-206-544-2406 +1-877-544-2407	Boeing Global Privacy Office Mail Code 11-503 7755 East Marginal Way S. Seattle, WA 98108

You may use https://boeing.com/privacy/rightsexerciseportal to exercise any applicable privacy rights for which a self-service capability has not been offered within the "InfoTech" data processing activity or for which other specific instructions do not appear above.

For customers and visitors to our web sites: This notice supplements the Boeing Privacy and Cookie Statement.

For employees, contract labor, retirees, and subsidiary employees: This notice supplements to the Boeing Employment-related Privacy Notice.

Boeing will periodically review and update the content of this notice at its discretion.
It was last updated 2024-02-07 16:08:28 (UTC).