Privacy Declaration

Through their standard business operations, AOS Companies (“we” or “us”) may collect some personal information about you. This information is commonly known as personal data. Personal data can be related to your identity, your professional or personal life, your contact details, your interests, etc. 

Because your privacy is invaluable, there are many rules that we must follow when collecting, using, and storing personal data. One of the most important is to make sure that you are informed about what we do with your information. 

What you can expect from us:

      • We only collect what we need.
      • We may need your personal data for different purposes. For example: to communicate with you, to comply with our legal obligations, to arrange your visit to one of our facilities, etc.
      • We only share your personal data with our relevant staff and service providers. Your personal data is, therefore, never sold or exchanged with third parties.
      • We delete your personal data as soon as we no longer need it.
      • You have many rights to control how we use your personal data.
      • You can contact us for any questions about what we do with your personal data, or to exercise your data protection rights.

To know precisely what kind of information we may collect about you and how we may use it, you can read the following sections.

General Information

This section provides general information that we need to tell everybody.

Controller’s Information

Depending on why we need your personal information, the controller may be:

      • Airbus OneWeb Satellites LLC (for any group-wide processing)
        Delaware, USA
      • Airbus OneWeb Satellites North America LLC
        Delaware, USA
      • Airbus OneWeb Satellites Florida LLC
        Florida, USA
      • Airbus OneWeb Satellites SAS
        France

Data Protection Officer’s Contact

Our Data Protection Officer is based in France and can be contacted at [email protected].

If you wish to exercise your rights or if you have any questions regarding the processing of your personal data, please do not hesitate to reach out using the above address.

Getting Your Information

Generally speaking, we only process information that you have directly provided to us. This is the case when:

      • You contact us to request information.
      • You apply for a job in one of our companies.
      • You are representing your organization and you communicate with us as a business (for example, as our client, supplier, service provider, commercial partner, etc.)
      • You visit our facilities.

In very limited cases, we may receive your personal information indirectly. For example, if one of our employees gives us your contact details as an emergency contact or as a reference.

Your Rights

Right of Access

You have the right to ask us for copies of your personal information. To do so, you should contact our Data Protection Officer, as instructed above.

However, we will have to confirm your identity before giving you access to your information. Otherwise, a malicious person could impersonate you and retrieve your information (which would also constitute a data breach for us). As a result, we may ask you to provide us with proof of your identity, if necessary. In that case, we will delete any documents you may send us immediately after having reviewed them.

We will respond to your request within one calendar month of receiving it. However, we can extend this period up to an extra two months if your request is complex, or if we have received several other requests in the same time period. In this case, we will inform you of the delay, and why it is necessary, within the initial period of one month.

We may refuse to comply with your request if you have made several requests in a short time, or if your personal information has already been deleted.  In this case, we will contact you anyway to explain our reasoning.

You can find a template on the ICO (the supervisory authority of the United Kingdom) website to give you an example of what to write in your request:

Right to Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

However, we may refuse to correct your personal information if we believe it is accurate.

You can exercise this right under the same conditions as the right of access.

Right to Erasure

You have the right to ask us to erase your personal information in the following circumstances:

      • If we no longer need your information for the purpose for which we collected it.
      • If you initially consented to us using your information, but have now withdrawn your consent.
      • If we have collected or used your data unlawfully.
      • If you have objected to the use of your information.
      • If we have a legal obligation to erase your information.
      • If you were under 15 years old when we collected your information.

However, we may refuse to comply with your request if we have a legal obligation to keep your data, or if we need to keep it to protect ourselves in the event of a dispute.

You can exercise this right under the same conditions as the right of access, but you have to specify the data you want us to delete.

You can find a template on the ICO (the supervisory authority of the United Kingdom) website to give you an example of what to write in your request:

Right to Data Portability

You have the right to get your information in a commonly used and machine-readable format:

      • If we rely on your consent to use your information.
      • If your information is necessary for the performance of a contract you have with us.

This right allows you to keep your information for personal use or to pass it on to another organization.

This right only applies to information that we hold electronically and that you have provided to us, or that has been generated by your activity.

You can exercise this right under the same conditions as the right of access.

Right to Object

You have the right to object to the processing of your information when we use it:

      • For our legitimate interests.
      • For a task carried out in the public interest or for the exercise of official authority.
      • For scientific or historical research, or statistical purposes.

However, we may refuse to comply with your objection, if we can prove that we have strong and legitimate reasons to continue using your information, which outweigh your own reasons for objecting. We may also refuse if we are using your information for a legal claim.

You can also object to the processing of your information when we use it for direct marketing purposes. In that case, we cannot refuse your objection.

You can exercise this right under the same conditions as the right of access, but you must clearly explain why you are objecting.

You can find a template on the ICO (the supervisory authority of the United Kingdom) website to give you an example of what to write in your request:

Right to Restriction

You have the right to temporarily ask us to limit what we do with your information.

This right is complementary to your other rights. For example, if you exercise your right to rectification, using your right to restriction prevents us from using the incorrect data while we verify your identity. This right can also allow you to delay the erasure of your information if you wish to exercise any of your other rights over it.

You can exercise this right under the same conditions as the right of access.

Right to Complain

We always do our best to protect your privacy, but if you have any concerns or if you feel that we have mishandled your personal information, please contact us at [email protected].

If you remain unsatisfied, you have the right to lodge a complaint with a supervisory authority. The French supervisory authority is the CNIL, which you can reach:

Additional Rights

If we process your information on the basis of your consent, you may withdraw this consent at any time. Doing so means that we will have to stop any further use of your information.

You also have the right to decide the fate of your data after your death.

Special Category Data

Special category data is personal information that is considered especially sensitive. Such is the case for any information revealing your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your health, your sexual life or sexual orientation, etc.

We do not process special category data unless legally required for specific Human Resources purposes. When this is needed, we comply with applicable data protection laws and request your consent as appropriate.

Sharing Your Information

We never share your personal information with third parties for direct marketing purposes.

In most cases, your information is simply shared internally with our relevant personnel. For example, if you submit a job application, it will be processed by our human resources department.

We, however, use several service providers that may indirectly process your information. These providers are bound to us by contract and can only do what we have instructed them to do with your information. Most of the time, they won’t even have access to it.

Public authorities or court officials may also request access to your information in special circumstances. We handle these requests with extreme care, and our Data Protection Officer is always involved to ensure that your rights and freedoms are adequately protected.

Transferring your Information Overseas

When dealing with our French subsidiary, your personal information usually stays within the European Economic Area (EEA). However, we may have to share it with authorized personnel of AOS Companies based in the United States on a strict “need-to-know” basis. These transfers are covered by our Binding Corporate Rules.

We also work with several service providers, some of which are located outside the EEA or may need to transfer your information overseas for the sole purpose of providing their services to us. When this happens, we make sure that these transfers are only made to countries offering an adequate level of data protection or with appropriate safeguards. Most of the time, our providers and us will sign the standard contractual clauses adopted by the European Commission. These clauses contain legally binding obligations to ensure that your personal information remains protected, even after leaving the EEA. You can find their latest version here:

Keeping your Information

We only keep your information for as long as necessary to fulfill the purpose for which we collected it. We keep the following criteria in mind when deciding retention periods:

      • As long as we have a regular and ongoing business relationship with you.
      • For a year, or two, after we have stopped hearing from you.
      • To the extent necessary to meet our overall legal and contractual obligations.

Protecting your Information

We maintain physical, technical, and organizational safeguards to ensure the privacy of your personal information. These measures are laid out in our information system security policy and include the following:

      • We monitor access to our premises with CCTV cameras and badges.
      • All of our devices are encrypted to ensure the confidentiality of your information, even in the event of the theft or loss of our equipment.
      • We regularly update our software, and we are very attentive to security patches. We also use antivirus software.
      • We have a procedure in place in case of data breaches.
      • We take great care in selecting our service providers. They are subject to the same security and confidentiality requirements for your information as we are.
      • Our employees are under an obligation of confidentiality. They are also made aware of good IT practices and are trained on the importance of personal data protection.

Specific information

This section provides information about the personal data we may process when you visit our website or our facilities.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Our website is mostly cookie-free. However, YouTube videos embedded on our “Gallery” page may set cookies on your computer once you click on the video player. As we use YouTube’s privacy-enhanced mode, no cookies that track viewing behavior will be created.

Links to Third-party Websites

Our website may include links to other websites that are not operated by us. As such, this Privacy Declaration does not cover how these third parties may process your personal information. We highly encourage you to read the privacy statements on these other websites before providing your information to them.

Job Applications

When you send us a job application, we may process the following categories of data:

      • Identification data: first name, last name.
      • Professional life: resume and cover letter, as well as any information contained in these documents (education, awards, diplomas, foreign languages spoken, hobbies, etc.).
      • Contact details: phone number, email address, etc.

We use this information as part of our recruitment process because it is a necessary step before entering into a contract with you (article 6. 1. b of the General Data Protection Regulation).

This information is processed by authorized personnel of our human resources department and by our technical service providers. 

We keep this information for 2 years from the date of your last contact with us.

Contact Form

When you reach out to us using the contact form on our website, we may process the following categories of data:

      • Identification data: name.
      • Contact details: email address.
      • Content of your query.

We use this information on the basis of your consent (article 6. 1. a. of the General Data Protection Regulation) and for the sole purpose of contacting you back.

This information is processed by authorized personnel of our external communications department and by our technical service providers. Depending on why you contact us, your information will also be shared with other relevant internal departments.

We keep this information for 2 years from the date of your last contact with us.

On-site Visits (Toulouse facility)

To guarantee the security of our employees and our business, we have implemented a system to monitor visitor access to our premises. As part of this system, we may process the following categories of data:

      • Identification data: first name, last name, nationality, date of birth (for non-EU nationals).
      • Professional life: company name.
      • Date of your visit and date of departure.

Please note that, on the day of your visit, proof of identity will also be requested at the reception in exchange for your visitor’s badge.

We use this information to assess your visit request and to keep a record of it because we have a legitimate interest in ensuring the security of our premises (article 6. 1. f. of the General Data Protection Regulation).

This information is processed by authorized personnel of our industrial security department, by the person requesting your visit, and by our technical service providers. We also share it with authorized personnel of the B612 reception for the sole purpose of issuing your visitor’s badge.

We keep this information for 5 years from the date of your last visit.