Global Applicant Privacy Notice

Last Updated: December 2023

Section 1: INTRODUCTION

This applicant privacy notice (“Notice”) is designed to provide information on how Hexcel Corporation or its applicable subsidiary (referred to as “we”, “us”, “our”) collects, uses, discloses or otherwise processes the personal data of job applicants and candidate (referred to as “you”, “your”) who apply for a job with us.

The company you apply to will be the primary “controller” of your personal data. You can find their contact information here.

As a “controller,” we are responsible for deciding how we process personal data about you. We take your privacy seriously and we are fully committed to providing transparency around our privacy practices and how we treat your personal data.

This privacy policy does not form part of any offer of employment and we may amend it at any time to reflect any changes in the way in which we process your personal data. We will post any changes to this Privacy Policy on Workday. If we make any changes to this Policy that materially affect our practices with regard to the personal data, we have previously collected from you, we will provide you with appropriate notice. We may also notify you in other ways from time to time about the processing of your personal data. We will obtain your consent to the updates if required by the applicable data protection laws.

Section 2: HOW DO WE COLLECT YOUR PERSONAL DATA? 

We may collect your personal data in one or more ways:

Directly From You. During the application process, the majority of your personal data is provided directly by you – for example when you submit an application to us online via the Workday portal. Share your CV/resume with us, complete an application form, or otherwise communicate with us about your application and available positions, whether by phone, email, in person or otherwise.

You may also provide us with the personal data of third parties, for example, referees or emergency contact. We will process this information to progress your application and to contact your next-of-kin in an emergency.

This personal data may, exceptionally, include sensitive personal data, for example where you choose to disclose a disability or health condition to us, or if background checks we carry out reveal a criminal record (please see Section 4 below for further information about when we may carry out such checks).

Automatically. (1) When you enter a public area on one of our sites which is covered by CCTV or (2) by cookies and digital trackers when you visit the Hexcel Website and the Workday Careers portal. For more information on our use of cookies on the Hexcel Website please see the Hexcel Privacy Policy.

From Third Parties. We may obtain personal data (including in some cases sensitive personal data) about you from third party sources, such as recruitment agencies, job boards, publicly available sources such as LinkedIn, third party platforms that you us to apply for a position or submit your CV/resume, from recruitment assessment centers, occupational health professionals and background check providers, and from any references you provide.  These third parties may be acting as an independent controller/PI handler of your personal data and therefore we advise you to read their respective privacy notice and/or data protection policy for information on how they process your data.

We may also collect personal data from other sources in order to verify the information you have provided as a part of your application (such as your education and prior employment and credential) or to conduct background checks and screenings, where permitted or required by applicable law. Where we receive such information from these third parties, we will use it in accordance with this Privacy Policy.

Section 3: WHAT PERSONAL DATA DO WE COLLECT? 

We typically process the below types of personal data (including sensitive personal data) about you. However, the actual personal data we collect about you may vary depending upon your role and responsibilities, as well as your relationship to us.

CATEGORY OF PERSONAL DATA

DATA ELEMENTS

Contact details
  • Name, address, telephone number (including mobile number) and personal email address
Professional and education-related Information
  • Such as your CV, any education history, employment records, professional qualifications and certifications
Formal identification documentation
  • Such as passport or driver’s license to the extent permitted by applicable law and as needed. For example, we may collect your driver’s license information if your job role involves driving vehicles
Eligibility to work
  • Such as passport and visa documentation, working permits and other information related to determine your eligibility to work in the country where you are applying for a position
Notes
  • Any interview-related notes made by us during or following an interview with you, and any notes about negotiations with you regarding pay and benefits
Credit and background check information
  • The results of a credit check, background check or other screening, e.g., regarding your criminal conviction history. (Where permitted by applicable law)
Communications
  • Such as voicemails, emails, correspondence, and other communications created, stored or transmitted by you on or to our computer or communications equipment
Video/CCTV recordings
  • Such as CCTV footage of your onsite visits
Emergency contact information 
  • Name and contact details
Telephone recordings
  • During recruitment process our recruiters may record your telephone conversations with your knowledge and consent, where permitted by applicable laws.
Network and information security data
  • Data collected by online digital trackers such as cookies on our Hexcel and Workday websites. This includes, but is not limited to, location data, Site usage data, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Services.
Health and medical information
  • Occasionally, we collect information about physical and mental health as well as disability information. For example, we collect this information to make reasonable adjustments to your interview process and/or working conditions);
Equal Opportunities Monitoring Data
  • On a voluntary basis, we also collect information in support of our equal opportunities monitoring, such as regarding your race, ethnic origin, sex, sexual orientation or religion.


Section 4: HOW DO WE USE YOUR PERSONAL DATA?

When you apply for a role and during the recruitment process with any of the Hexcel Corporation entities, we process your personal data for a number of related purposes, including as set out in the table below:  

Purpose

Typical Activities

Personal data typically processed

To carry out mandatory identity and right to work checks
  • Confirming your identity and checking your eligibility to work in the country in which you are applying
  • Passport and visa documentation, working permits
To progress your application and communicate with you about the recruitment process
  • To keep you updated about the progress of your application and to provide feedback on your performance
  • To ask you for additional information, to attend or complete an interview or assessment
  • Contact details such as your name, address, telephone number and personal email address
  • Information about the progress of your application and feedback on your performance
  • Voicemails, emails, correspondence, recorded telephone calls and other communications created, stored or transmitted by you on or to our computer or communications equipment
To confirm the accuracy of information you have provided and obtain additional information
(including carrying out background/credit checks where this is required or permitted by applicable law)
  • Carrying out checks on your education and employment history and professional qualifications
  • Contacting referees/ checking references
  • Carrying out background checks (where this is relevant to your role and where we are required or permitted to do so by applicable law)
  • Carrying out credit checks (where this is relevant to your role and required or permitted by applicable law)
  • Checking driving licence category and status (where relevant for your role)
  • Your full name, residential address, date of birth, passport/identity card details
  • Name and contact details of referees
  • Your education history, employment records, professional qualifications and certifications, and references
  • Results of background checks (these are carried out by a third party and we only see the results),
  • Results of credit checks (these are carried out by a third party and we only see the results)
  • Driving license details (where relevant to your role)
To identify the best individual for the role
  • Assessing your suitability for the role you are applying for
  • Deciding whether to offer you a job
  • Your CV, any education history, employment records, professional qualifications and certifications, and references
  • Details of the job role you are applying for, recorded telephone calls and any interview notes we have made
  • Details of any pay and benefit discussions we have had with you
  • Results of any background or credit checks (where permitted or required by applicable law)
  • Results of any driving license checks
To contact you in the event that similar jobs or roles become available
  • To identify whether you may be suitable for an available similar job/role
  • To contact you in relation to such opportunity
  • All information contained in your application
To carry out any necessary medical/health assessments
  • To assess whether any reasonable adjustments are required for you during the recruitment process
  • To assess whether any reasonable adjustments to your working conditions are required (if we offer you a job)
  • To carry out any medical assessment required for your role, pension and any insurance benefits
  • Your name, residential address and date of birth (where required for identification processes)
  • Relevant details about the recruitment process/ requirements of the role you have applied for
  • Information about your physical or mental health, or disability status
For safety and security purposes
  • To ensure the security and safety of visitors to our sites, including for health and safety reasons
  • For the protection of our property
  • To allow us to protect your information against loss, theft or unauthorised access
  • CCTV Footage
  • Attendance/building access logs
  • Network and Information security data (e.g. user logs)
To promote diversity and prevent discrimination
  • Carrying out statistical equal opportunities monitoring
  • Gender, race, ethnic origin or religion
  • Information about the role applied for (including title and salary) and the stage you reached in the recruitment process
  • (Note that all information will be anonymised or pseudonymized and used only for statistical purposes: it will not be used in relation to your application for employment with us).


We may also on occasion need to process your personal data for other purposes, including for example:

  • for purposes related to the possible or actual sale or restructuring of the business (including negotiations thereof);
  • to investigate, prevent, or take action regarding actual or suspected illegal activities or fraud, situations involving potential threats to the safety or legal rights of Hexcel or any person or third party, or violations of applicable agreements;
  • where we consider such processing to be required by law, or to be reasonably necessary or appropriate to comply with applicable legal obligations or legal processes, including making disclosures to law enforcement, other governmental authorities, regulators or the courts;
  • to establish, defend or exercise legal claims in an employment tribunal or court of law.

Section 5: LAWFUL BASIS FOR PROCESSING

Where required by applicable data protection laws, we will only process your personal data where we have a lawful basis to do so (including, where appropriate, where we have obtained your consent). Please see Appendix 1 for details of the lawful basis relied on for different processing activities and different jurisdictions (specifically the U.K., Member States of the European Economic Area and China).

Section 6: HOW WE DISCLOSE YOUR PERSONAL DATA 

We may disclose your personal data (including sensitive personal data):

  • To Hexcel Group Companies: We may disclose your personal data and sensitive personal data to other companies within our Group. This may be for the following purposes: (i) as part of our regular reporting activities on performance, (ii) in the context of a business reorganization or group restructuring exercise for systems maintenance support and hosting of data and (iii) for the purposes set out in this notice in a need to know basis. For example, to HR employees, hiring managers, advisors and other appropriate persons involved in the recruitment process for the job(s) you are applying for. Please see Global Locations for the details of those of our group companies with whom we may share your personal data and sensitive personal data.
  • To Third Party Suppliers: We may disclose your personal data (including sensitive personal data) collected for the purposes listed above to third parties, agents, subcontractors and other organisations (as set out in the table below) which provide services to us or directly to you on our behalf:

Recipient/Relationship to Us

Category of Personal Data

Purpose for Disclosure

Background/credit check providers
Identifiers such as name, DOB, and address (they will also collect additional information from you): we only receive the results of the check back.
To allow our providers to carry out, and provide us with the results of, background/ credit checks.
IT service providers for Hexcel website careers page and Workday portal
Applicant provided personal information for example CV, name, address, IP address
To support, maintain and host our information systems, including the software and hardware infrastructure required for it to operate/be accessible online and to keep a backup of your personal data. We also use online IT service providers to provide contract execution services.
Recruitment Agencies
Identifiers such as name, CV, work history, social media profile
To assist with recruitment into our organization
Legal and other professional advisors (e.g. auditors, consultants)
Applicant provided personal information for example CV, name, address, IP address
To provide us with advice in relation to our business, including our legal, financial and other obligations and claims


Section 7: RECIPIENTS

These recipients will usually be located in the same jurisdiction or region as the Hexcel Group company they support, with the exception of IT services (including Website Analytics provider, IT support service providers and Cloud Services providers) which are provided on a global basis. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data.

We may also disclose your personal data (including sensitive personal data) to other third parties such as:

  • mortgage providers, property rental providers or prospective future employers with your consent or at your direction;
  • a potential or confirmed purchaser of the business in relation to a possible or actual sale or restructuring of the business (including negotiations thereof), or any other relevant recipient for the purposes set out in Section 4 above.

In some cases, recipients may have their independent purposes and means of processing your personal data (including sensitive personal data) and thus constitute separate controllers for some or all purposes. We therefore advise you to read their privacy notice and/or data protection policy: they will usually provide this to you. You may contact us at dataprivacy@hexcel.com for more information about the identities and contact information of the recipients, the specific types of personal data and sensitive personal data shared and the purposes of sharing. We will share with you the relevant information unless the disclosure is prohibited or restricted by applicable law.

Section 8: INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Hexcel corporate group is a global group of companies, and accordingly we may transfer your personal data to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not include equivalent levels of data protection as the country you are based in. 

When we transfer personal data within the Hexcel Corporate group or to authorized third parties located outside of your country, we will take organizational, contractual, and technical measures to safeguard your personal data as required by applicable data protection laws. Where required by applicable local laws, we will obtain separate consent.

Transferring Information Outside of the EEA

If you are in the European Economic Area or the United Kingdom (collectively referred to herein as “EEA”) and we transfer your personal information to a jurisdiction located outside of the EEA , which may not have similar data protection laws to the EEA and may not be recognized by the European Commission and/or the U.K. Government (or other relevant regulatory body) as providing an adequate level of data protection, we will take steps to ensure that appropriate security and other safeguards are in place to ensure that your privacy rights continue to be protected as outlined in this policy.

These safeguards include imposing contractual obligations, such as the European Commission approved standard contractual clauses (available here) and the U.K. Addendum thereto (available here), on the recipient of your personal information. Please contact us at dataprivacy@hexcel.com for more information about the protections that we put in place and to obtain a copy of the relevant documents.

Transferring Information Outside of China

If we transfer your personal data (including any sensitive personal data outside of China, we will provide you with prior information in relation to the transfer and obtain your separate consent. You may contact us at dataprivacy@hexcel.com for more information about the identities and contact information of these overseas recipients, the specific types of personal data and Sensitive personal data shared, the purposes of sharing and the mechanisms via which you may raise requests to these overseas recipients.

Transfers to any Hexcel affiliates will be subject to the intra-group agreement with any Hexcel affiliates that may have access to the personal data, which incorporates the standard contract as stipulated by the Cyberspace and Information Administration of China.

Section 9: DATA STORAGE AND SECURITY

  • Your personal data and sensitive personal data are stored in a variety of locations, including: electronically on our secure servers/in hard copy form in access-restricted, locked filing cabinets.
  • We take appropriate technical and organizational security measures and have rules and procedures in place designed to guard against unauthorized access, improper use, alteration, disclosure and destruction and accidental loss of your personal data.
  • Providing us with your sensitive personal data increases the risk that you may suffer harm to your personal safety or dignity or your reputation, or loss or damage to your property if your sensitive personal data is accessed, used, or divulged without authorization while it is in our custody. We will take enhanced security measures to protect your sensitive personal data. But please understand that no security measures can be entirely flawless, and we cannot guarantee that your sensitive personal data will never be accessed or used without authorization.

Section 10: HOW LONG WE KEEP YOUR PERSONAL DATA 

  • We keep your personal data (including any sensitive personal data) for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless we are legally required to retain your data for a longer period of time.
  • When applying for a job with us, we compile and keep a manual file containing information about you which relates to your application for a job with us (including your application and interview records). Your information will be kept secure and will be used for the purposes of your job application, as explained above.
  • If your application is unsuccessful, we usually keep it for 12 months (to allow us to defend against potential legal claims), unless otherwise specified in the Terms and Conditions, or you consent to us holding it for longer for the purpose of contacting you in the event that any similar jobs / roles become available from time to time.
  • If you are offered and you accept a job with us, your personal data will be stored in a combination of digital and manual personnel files. Digital files will be kept in access-restricted and encrypted files. Any hard copy personnel file will be kept in access-restricted, locked filing cabinets. Your personal data will be permanently and securely deleted/destroyed at the end of its set retention period.
  • In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use and retain such information without further notice to you, as it falls outside of the definition of personal data under applicable data protection law.

Section 11: YOUR DUTIES

We encourage you to update your information on the applicant Workday portal to ensure that the personal data that we hold about you for the purposes of your application or for the purposes of considering you for any similar roles is accurate and up to date by keeping us informed of any changes to your personal data.

Section 12: YOUR RIGHTS

You may make a formal request for a copy of the personal data (including any sensitive personal data) that we hold about you at any time. Such a request must be made in writing and we will respond within the time period required under applicable privacy and data protection laws. We may also charge a reasonable fee based on administrative costs where in our view your request is manifestly unfounded, excessive or a request for further copies.  

Depending on the data protection law that applies, and subject to the conditions and limitations of such law, you may have one or more of the following rights with respect to your personal data:

Correcting and Updating Your Personal data

The accuracy of your information is important to us and we encourage you to update your personal information on the Workday portal (as set out in Section 10). If the personal data we hold on you is inaccurate or incomplete, you are entitled to request that we make corrections. 

Withdrawing Your Consent

Where you have previously provided your consent and that is our legal basis for processing your personal data (see Appendix below), you may withdraw your consent at any time. Please note that if you do withdraw your consent, our use of your personal data before you withdrew your consent remains lawful.

Objecting to Our Use of Your Personal Data and Purely Automated Decisions Made About You

  • Where we rely on our legitimate business interests as the legal basis for processing your personal data for any purpose(s), as set forth in Section 4 above, you may object to us using your personal data for these purposes. Except for the purposes for which we are sure we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.
  • Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing (including profiling to the extent that it is related to such marketing).
  • If you make such objection, we will no longer process your personal data for direct marketing purposes.
  • You may also contest a decision made about you based purely using automated processing by contacting us. However, we do not currently engage in any such automated decision-making.

Erasing Your Personal Data or Restricting its Processing

  • In certain circumstances, you may ask for your personal data to be removed from our systems. Unless there is a lawful reason which allows us to use your personal data for longer, we will make reasonable efforts to comply with your request. For example, if we need to retain your personal data to complete a transaction or provide you with a service.
  • You may also ask us to restrict processing your personal data where you believe it is unlawful for us to continue processing, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

Transferring Your Personal data in a Structured Data File

If we rely on your consent as the legal basis for processing your personal data (see Appendix 1), or if your request is otherwise supported by the applicable data protection laws, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that information.

Right Against Discrimination

  • You have the right not to be discriminated against for exercising any of the rights granted to you under any applicable law in relation to your personal data.
  • Please be aware that these rights are not absolute, and the way we process your personal data, legal basis on which we rely to process it (where a legal basis is required under applicable privacy and data protection law) and the country/region you are based in may affect the extent to which these rights apply.

If you are a California resident, please see the California Privacy Supplement at the end of this Notice for additional information about your rights under California privacy laws.

How to Exercise Your Rights

  • If you would like to exercise any of these rights, please email your request to us at Dataprivacy@hexcel.com.
  • If you exercise any of your rights, we may need to request additional information from you to help us to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure designed to ensure that personal data is not disclosed to any person who has no right to receive it.
  • You can have a third party submit a request on your behalf. The third party must provide us with evidence that it has your valid authorization (such as a signed permission from you), and we may still ask you to verify your identity and that you have given permission to such third party. We may also need to verify the identity of the third party.

Section 13: QUESTIONS AND COMPLAINTS

  • If you have any questions about any matter relating to data protection or the personal data that we process about you, please contact the Data Protection Committee at Dataprivacy@hexcel.com Hexcel Composites Limited, Ickleton Rd, Duxford, Cambridge CB22 4QB or call 01223 833141.
  • Although you have the right to complain to the applicable data protection authority (in the country where you work or live or where your legal rights have been infringed), we encourage you to contact us first at Dataprivacy@hexcel.com before making any complaint with a view to letting us help in resolving any queries or questions.

__________________________________________

APPENDIX: LAWFUL BASIS FOR PROCESSING 

EEA / UK  

If you are located in a Member State of the EEA, or in the United Kingdom (UK), or if our processing of your personal data is otherwise regulated by EEA and/or UK data protection laws, the lawful basis for each processing activity is set out in the following table.

Purpose

Lawful Basis (including legitimate interest where relevant)

To carry out mandatory identity and right to work checks
  • Compliance with our legal obligations
To progress your application and communicate with you
  • Our legitimate interests in employing the best possible individuals, and in processing applications efficiently and in accordance with applicable law and regulation.
To confirm the accuracy of the information you have provided and obtain additional information
(including using providers to carry out background or credit checks where this is required or permitted by applicable law)
  • To the extent that a relevant background check is required by law, compliance with our legal obligations.
  • To the extent that relevant processing is not required by law, we rely on our legitimate interests in employing the best possible individuals, and in processing applications efficiently and in accordance with applicable law and regulation.
  • To the extent that personal data relating to criminal convictions or allegations is processed, we do so in reliance on the relevant provision of applicable member state law providing for appropriate safeguards for the rights and freedoms of data subjects.
Please note that you may be asked for your consent to carry out background or credit checks where this is required under applicable local law, but this is not a consent for UK / EU data protection purposes.
To identify the best individual for the role
(including assessing your suitability for the role you are applying for, and deciding whether to offer you a job)
  • Our legitimate interests in employing the best possible individuals, and in processing applications efficiently and in accordance with applicable law and regulation.
To contact you in the event that similar jobs or roles become available
  • Your consent (and explicit consent where your application file contains special category/sensitive personal data).
  • You can withdraw this at any time by contacting us using the details in section 13 above.
To carry out any necessary medical/health assessments – for some job roles
  • To comply with our legal obligations, and additionally in relation to any health or disability information, our legal obligations in respect of employment, social security or social protection law to make reasonable adjustments to working conditions.
  • When assessing whether any reasonable adjustments are required for you during the recruitment process, and when carrying out any medical assessment required for your role, pension or any insurance benefits, we carry out such processing:
  • For compliance with our legal obligations and, to the extent that such processing is not strictly required for compliance with applicable law, our legitimate interests in carrying out such assessments; and additionally, in respect of any health or disability information, where necessary for occupational health reasons or to assess your working capability  (subject to appropriate confidentiality safeguards).
For safety and security purposes
  • To comply with our legal obligations to ensure the safety of all visitors to our sites.
  • To the extent that our processing goes beyond that strictly required by law, our legitimate interest in ensuring the safety and security of our staff, visitors, information and property.
To promote diversity and prevent discrimination
(including statistical equal opportunities monitoring)
  • We consider that the promotion of diversity and prevention of discrimination is in the Public Interest.
  • To the extent that Special Categories of personal data are processed, we also consider this processing is necessary for statistical purposes.

 

CHINA

If you are located in the People’s Republic of China (for the purpose of this policy only, excluding Hong Kong, Macau and Taiwan) (“China”) or if our processing of your personal data is otherwise regulated by the Chinese data protection laws, then where “Legitimate Interests” is listed in the table above as the lawful basis, we in fact rely on your consent as the legal basis for processing your personal data for the relevant purpose(s).

CALIFORNIA RESIDENTS (CCPA APPLICANT ADDENDUM)

Introduction

This section (the “CCPA Applicant Addendum”) provides additional information to applicants who are California residents (“CA Applicant” “you” “your”) regarding the categories of personal information (as defined under the CCPA) we collect and process and their rights under the California Consumer Privacy Act and the regulations issued thereto, each as amended (collectively, the “CCPA”). 

Scope

This CCPA Applicant Addendum applies, generally, to the personal information that we collect and otherwise process about CA Applicants, in the context of reviewing, assessing, considering, managing, storing or processing their applications or otherwise considering them for a position with us.  

This CCPA Applicant Addendum does not address or apply to our collection of personal information that is: (a) exempt from or not subject to the CCPA, such as consumer credit reports and background checks, publicly available data, or other information that is exempt under the CCPA; (b) personal information we collect from contractors or employees, which is subject to different privacy notices; or (c) the personal information we collect about customers subject to our Privacy Policy.

Categories of Personal Information Collected and Disclosed 

The specific personal information that we collect, and our use and disclosure of such personal information may vary depending on the circumstances, such as the position(s) or location for which you apply, as well as the associated qualifications and responsibilities.  The table below generally identifies the categories of personal information about CA Applicants that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.  In some cases (such as where required by law), we may ask for to consent or give you certain choices prior to collecting or using certain personal information.

Categories

Description

Third Party Disclosures for Business or Commercial Purposes

Identifiers
Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, and other government identifiers.
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • recruitment agencies
  • affiliates and subsidiaries
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Categories of Personal Information Described in Cal. Civ. Code § 1798.80
Records containing personal information, such as name, signature, photo, contact information, education and employment history, Social Security number and other government identifiers, financial or payment information, medical information.
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • recruitment agencies
  • affiliates and subsidiaries
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Internet or Other Electronic Network Activity Information
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information related to your use of any Hexcel device, network or other information resource.
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • affiliates and subsidiaries
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Biometric Information
physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including fingerprint/ handprint (in accordance with applicable laws.)
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • affiliates and subsidiaries
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Geolocation Data
Location information about a particular individual or device.
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • affiliates and subsidiaries
  • recruitment agencies
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Characteristics of Protected Classifications Under California and Federal Law
Such as such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts and reporting obligations or where otherwise required by law.)
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • affiliates and subsidiaries
  • recruitment agencies
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Sensory Data
Audio, electronic, visual, or similar information, such as, CCTV/video footage, photographs, call recordings, and other audio recording (e.g., online interviews or webinars).
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • affiliates and subsidiaries
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Professional or Employment-related Information.
Such as performance information, professional membership records, references, assessment records, resumes, cover letters and work history, attendance records, conduct information (including disciplinary and grievance records), and termination data.
  • service providers
  • advisors and agents (incl. legal, accounting and audit services)
  • affiliates and subsidiaries
  • recruitment agencies
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Education Information
Such as degrees earned, educational institutions attended, transcripts, training records and other information about your educational history or background that is not publicly available personally identifiable information as defined under the Family Educational Rights and Privacy Act.
  • service providers
  • advisors and agents
  • affiliates and subsidiaries
  • recruitment agencies
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Inferences and Profiles
Such as inferences drawn from any of the information identified above to create a profile about an individual regarding her or his preferences, characteristics, predispositions, behaviors, and personality tests and profiles reflecting skill and aptitude.
  • service providers
  • advisors and agents
  • affiliates and subsidiaries
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.
Sensitive Personal Information
Such as: (a) Social Security number and other government identifiers; (b) financial account and payment information (e.g., for reimbursement purposes); (c) racial or ethnic origin or sexual orientation (e.g., on a voluntary basis to support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law, or union membership); (d) biometrics (e.g., for access controls); and (e) health information (e.g., as necessary to provide reasonable accommodations).
  • service providers
  • advisors and agents
  • affiliates and subsidiaries
  • recruitment agencies
  • regulators, government entities and law enforcement
  • internet service providers, operating systems, and platforms others as required by law.


We do not sell or share (as defined by the CCPA) personal information or sensitive personal information related to CA Applicants, including those we know who are under the age of 16.

 Sources of Personal Information 

  • As stated in the Notice above, in general, we may collect the CA Applicant personal information identified in the table above directly from you and from the following categories of third-party sources:
  • Recruiters and recruiting platforms;
  • Referrals and references;
  • Publicly available information;
  • Service providers, representatives and agents; and
  • Affiliates and subsidiaries

Retention

We retain the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to administer your application and talent pool, to comply with our tax, accounting and recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations. Generally, we will retain CA Applicant information for a period of up to twelve (12) months, unless we hire you (in which case your application file will become part of your personnel record) or you consent to participate in our talent pool.

Purposes for Collecting, Using, Disclosing and Processing Personal Information 

Subject to applicable legal restrictions, generally we collect, use, disclose and process CA Applicant personal information as reasonably necessary for the following general purposes, which are described in more detail in Section 4 of the main Privacy Policy above:

  • to administer our recruiting programs, including to review, assess, recruit, consider or otherwise manage CA Applicants and job applications;
  • to communicate with Applicants;
  • to verify CA Applicant information and carry out reference checks in order to determine suitability for the role;
  • to consider, make and negotiate offers of employment;
  • to secure, evaluate and improve our recruitment process and the processes and systems we use to manage CA Applicants, CA Applicant personal information and our recruiting programs;
  • in support of our diversity and inclusion initiatives;
  • to conduct appropriate screenings of CA Applicants prior to entering or accessing certain of our locations or premises;
  • to consider CA Applicants for future positions (if you have consented to this);
  • to comply with applicable laws and for other legal, regulatory and security purposes;
  • to protect and defend our legal rights and the rights of others (including to respond to actual or anticipated legal claims); and
  • otherwise with your express consent (where permitted by applicable law).

Sensitive Personal Information

Notwithstanding the purposes described above, we do not collect, use or disclose of sensitive personal information about CA Applicants beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(l) of the CCPA regulations).  Accordingly, we only use and disclose sensitive personal information about CA Applicants as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you. 

Your CCPA Privacy Rights and Choices.  CA Applicants have certain rights under the CCPA with respect to their personal information, subject to certain limitations and exceptions

  • Deletion: the right to request deletion of their personal information that we have collected about them. 
  • Know/access: the right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
  • Correction: the right to request correction of inaccurate personal information we maintain about them.
  • Opt out of sales and sharing: the right to opt-out of the sale and sharing of their personal information.  However, as discussed above we do not sell or share CA Applicant personal information.
  • Limit use/disclosure of sensitive personal information: the right to request to limit certain uses and disclosures of sensitive personal information.  However, as discussed above, we do not use or disclose CA Applicant sensitive personal information beyond the purpose authorized by the CCPA.
  • Non-discrimination: not to be subject to discriminatory treatment for exercising their rights under the CCPA. 

Submitting CCPA Requests. CA Applicants may submit a request to us in order to exercise their CCPA rights to know/access, to delete and to correct their personal information held by us by submitting a privacy request to us online at our Webform or via phone our San Ramon office at (800) 688-7734.

We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must (a) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (i.e., by completing all required fields on our webform if you choose to submit a request in that manner); (b) describe your request with sufficient details that allows us to properly understand, evaluate, and respond to it.

In some cases, we may request additional information in order to verify your request or where necessary to process your request.  Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Contact Us. For additional details, or if you have questions regarding our use of your personal information as described in this CCPA Applicant Addendum, you may contact us at Dataprivacy@hexcel.com.