|
Question |
Answer |
| What
corporate entity determines the purposes and means of processing of the personal data in this activity?
(This
is the "Controller" under the EU General Data Protection Regulation and other applicable
laws.) |
The
Boeing Company |
| Who
represents this entity with regard to privacy issues? |
The Boeing Global Privacy Office is responsible
for privacy issues related to this activity.
Contact information for the Boeing Global Privacy Office
appears below this table.
(The Boeing Global
Privacy Office will route issues to the appropriate Data
Protection Officer where applicable.)
|
| Whose
personal data is intended to be processed by this
activity? |
This
activity is intended to process the personal information
of:
-
Employees
- Non-Boeing Individuals with BEMS IDs (consultants,
purchased services, suppliers, etc.)
It is not intended to process the personal
information of individuals in other categories. |
| What
categories of personal data are processed by this
activity? |
Sensitive
Personally Identifiable Information:
- Job Performance or
Corrective Action Records
Personal Information: Name, BEMSID, performance assessment ratings and narrative performance characterizations related to individual pilots (de-identified) and to airline operations. |
| What
are
the purposes of
processing personal data in this activity? |
The general information collected in the Operational Review Application Enhanced Excel File (ORA EEC) will be used to assess the overall operational safety of an airline with the objective of assisting that airline in improving its safety posture. Personal data (name, ID, and performance characterizations) will be collected on the GEP Assessor (the Boeing representative conducting the assessment of the airline's safety posture and recording findings in the ORA EEC) only. The purpose of collecting this data is to support inter-rater reliability assessments to determine how various GEP Assessors are scoring various aspects of airline operational safety vs. an established Boeing standard. |
| What is
the legal basis for processing personal data in this
activity? |
Processing
is necessary for the performance of a contract to which
the data subject is a party or in order to take steps at
the request of the data subject prior to entering into a
contract.
|
| Is the
data subject (the person to whom the data relates)
required to provide personal information for this
processing activity, and what would be the possible
consequences of failing to do so? |
Provision of personal information
for this processing activity is required.
The Boeing GEP Assessor is required to document his/her name in ORA EEC per established Boeing GEP policy for airline assessments documented in ORA EEC. |
| Who are
the recipients of the personal data in this activity? |
The recipients of the personal information in this activity may include:
- Boeing Global Engagement Pilot (GEP) / Test & Evaluation (BT&E) Staff
- Boeing Airline Operational Efficacy Program (AOEP) staff
- Purchased Services Agency(ies)employing staff performing as GEP Assessors
- Boeing Learning Design management and staff
- Boeing Flight Services staff
- Boeing Flight Deck Design and Air Crew Operations staff
- Boeing Enterprise Safety staff
- Boeing Training & Professional Services (T&PS)
- BCA Management
Personal data disclosure to other 3rd parties, beyond those identified above, will be accommodated only when required by law or allowed by governing contract/agreement. Such disclosure shall only be made with the implicit or explicit consent of the data subject. Such 3rd parties may include, but are not limited to:
• Regulators / National Aviation Authorities
• EASA
• 3rd Party Airlines
• Other External Organizations (e.g. IATA, ICAO, etc.) |
| In what
countries will the personal data be processed? |
All countries across the globe.
The master copy of the personal information will be stored on the Boeing Enterprise Network in the United States. Offline copies of the tool will be allowed to be stored on Boeing laptops and iPADs utilized by Boeing representatives across the globe to facilitate data collection.
|
| How long
will the personal data be retained by this activity? |
Data will be retained for 6 years in accordance with Boeing Global Record Retention Schedule (GRRS) Record Series Code (RSC) PSS020 - Safety Management System - Safety Assurance. |
|
What specific privacy rights may the individuals whose
personal data is processed by this activity have, and
how can they be exercised? |
Anyone may have the right to
lodge a complaint with a
supervisory authority (https://boeing.com/privacy/authorities.html).
Depending upon the jurisdiction(s)
in which you live or work, you may have the
following additional rights:
- to request access to and
rectification or erasure of personal data or
restriction of processing
- to object to processing
- to data portability
- to not be subject to a
decision based solely on automated processing
which produces legal effects concerning you or similarly affects
you
If not offered as a
self-service capability within the "Operations Review Application Enhanced Excel File (ORA EEC)"
data processing activity or otherwise addressed in
another answer above, any applicable privacy rights
may be exercised using
https://boeing.com/privacy/rightsexerciseportal. |
