Last Updated: December 2023
This applicant privacy notice (“Notice”) is designed to provide information on how Hexcel Corporation or its applicable subsidiary (referred to as “we”, “us”, “our”) collects, uses, discloses or otherwise processes the personal data of job applicants and candidate (referred to as “you”, “your”) who apply for a job with us.
The company you apply to will be the primary “controller” of your personal data. You can find their contact information here.
As a “controller,” we are responsible for deciding how we process personal data about you. We take your privacy seriously and we are fully committed to providing transparency around our privacy practices and how we treat your personal data.
This privacy policy does not form part of any offer of employment and we may amend it at any time to reflect any changes in the way in which we process your personal data. We will post any changes to this Privacy Policy on Workday. If we make any changes to this Policy that materially affect our practices with regard to the personal data, we have previously collected from you, we will provide you with appropriate notice. We may also notify you in other ways from time to time about the processing of your personal data. We will obtain your consent to the updates if required by the applicable data protection laws.
Section 2: HOW DO WE COLLECT YOUR PERSONAL DATA?
We may collect your personal data in one or more ways:
Directly From You. During the application process, the majority of your personal data is provided directly by you – for example when you submit an application to us online via the Workday portal. Share your CV/resume with us, complete an application form, or otherwise communicate with us about your application and available positions, whether by phone, email, in person or otherwise.
You may also provide us with the personal data of third parties, for example, referees or emergency contact. We will process this information to progress your application and to contact your next-of-kin in an emergency.
This personal data may, exceptionally, include sensitive personal data, for example where you choose to disclose a disability or health condition to us, or if background checks we carry out reveal a criminal record (please see Section 4 below for further information about when we may carry out such checks).
Automatically. (1) When you enter a public area on one of our sites which is covered by CCTV or (2) by cookies and digital trackers when you visit the Hexcel Website and the Workday Careers portal. For more information on our use of cookies on the Hexcel Website please see the Hexcel Privacy Policy.
From Third Parties. We may obtain personal data (including in some cases sensitive personal data) about you from third party sources, such as recruitment agencies, job boards, publicly available sources such as LinkedIn, third party platforms that you us to apply for a position or submit your CV/resume, from recruitment assessment centers, occupational health professionals and background check providers, and from any references you provide. These third parties may be acting as an independent controller/PI handler of your personal data and therefore we advise you to read their respective privacy notice and/or data protection policy for information on how they process your data.
We may also collect personal data from other sources in order to verify the information you have provided as a part of your application (such as your education and prior employment and credential) or to conduct background checks and screenings, where permitted or required by applicable law. Where we receive such information from these third parties, we will use it in accordance with this Privacy Policy.
Section 3: WHAT PERSONAL DATA DO WE COLLECT?
We typically process the below types of personal data (including sensitive personal data) about you. However, the actual personal data we collect about you may vary depending upon your role and responsibilities, as well as your relationship to us.
CATEGORY OF PERSONAL DATA | DATA ELEMENTS |
Contact details |
|
Professional and education-related Information |
|
Formal identification documentation |
|
Eligibility to work |
|
Notes |
|
Credit and background check information |
|
Communications |
|
Video/CCTV recordings |
|
Emergency contact information |
|
Telephone recordings |
|
Network and information security data |
|
Health and medical information |
|
Equal Opportunities Monitoring Data |
|
Section 4: HOW DO WE USE YOUR PERSONAL DATA?
When you apply for a role and during the recruitment process with any of the Hexcel Corporation entities, we process your personal data for a number of related purposes, including as set out in the table below:
Purpose | Typical Activities | Personal data typically processed |
To carry out mandatory identity and right to work checks |
|
|
To progress your application and communicate with you about the recruitment process |
|
|
To confirm the accuracy of information you have provided and obtain additional information (including carrying out background/credit checks where this is required or permitted by applicable law) |
|
|
To identify the best individual for the role |
|
|
To contact you in the event that similar jobs or roles become available |
|
|
To carry out any necessary medical/health assessments |
|
|
For safety and security purposes |
|
|
To promote diversity and prevent discrimination |
|
|
We may also on occasion need to process your personal data for other purposes, including for example:
Section 5: LAWFUL BASIS FOR PROCESSING
Where required by applicable data protection laws, we will only process your personal data where we have a lawful basis to do so (including, where appropriate, where we have obtained your consent). Please see Appendix 1 for details of the lawful basis relied on for different processing activities and different jurisdictions (specifically the U.K., Member States of the European Economic Area and China).
Section 6: HOW WE DISCLOSE YOUR PERSONAL DATA
We may disclose your personal data (including sensitive personal data):
Recipient/Relationship to Us | Category of Personal Data | Purpose for Disclosure |
Background/credit check providers | Identifiers such as name, DOB, and address (they will also collect additional information from you): we only receive the results of the check back. | To allow our providers to carry out, and provide us with the results of, background/ credit checks. |
IT service providers for Hexcel website careers page and Workday portal | Applicant provided personal information for example CV, name, address, IP address | To support, maintain and host our information systems, including the software and hardware infrastructure required for it to operate/be accessible online and to keep a backup of your personal data. We also use online IT service providers to provide contract execution services. |
Recruitment Agencies | Identifiers such as name, CV, work history, social media profile | To assist with recruitment into our organization |
Legal and other professional advisors (e.g. auditors, consultants) | Applicant provided personal information for example CV, name, address, IP address | To provide us with advice in relation to our business, including our legal, financial and other obligations and claims |
Section 7: RECIPIENTS
These recipients will usually be located in the same jurisdiction or region as the Hexcel Group company they support, with the exception of IT services (including Website Analytics provider, IT support service providers and Cloud Services providers) which are provided on a global basis. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data.
We may also disclose your personal data (including sensitive personal data) to other third parties such as:
In some cases, recipients may have their independent purposes and means of processing your personal data (including sensitive personal data) and thus constitute separate controllers for some or all purposes. We therefore advise you to read their privacy notice and/or data protection policy: they will usually provide this to you. You may contact us at dataprivacy@hexcel.com for more information about the identities and contact information of the recipients, the specific types of personal data and sensitive personal data shared and the purposes of sharing. We will share with you the relevant information unless the disclosure is prohibited or restricted by applicable law.
Section 8: INTERNATIONAL TRANSFERS OF PERSONAL DATA
The Hexcel corporate group is a global group of companies, and accordingly we may transfer your personal data to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not include equivalent levels of data protection as the country you are based in.
When we transfer personal data within the Hexcel Corporate group or to authorized third parties located outside of your country, we will take organizational, contractual, and technical measures to safeguard your personal data as required by applicable data protection laws. Where required by applicable local laws, we will obtain separate consent.
Transferring Information Outside of the EEA
If you are in the European Economic Area or the United Kingdom (collectively referred to herein as “EEA”) and we transfer your personal information to a jurisdiction located outside of the EEA , which may not have similar data protection laws to the EEA and may not be recognized by the European Commission and/or the U.K. Government (or other relevant regulatory body) as providing an adequate level of data protection, we will take steps to ensure that appropriate security and other safeguards are in place to ensure that your privacy rights continue to be protected as outlined in this policy.
These safeguards include imposing contractual obligations, such as the European Commission approved standard contractual clauses (available here) and the U.K. Addendum thereto (available here), on the recipient of your personal information. Please contact us at dataprivacy@hexcel.com for more information about the protections that we put in place and to obtain a copy of the relevant documents.
Transferring Information Outside of China
If we transfer your personal data (including any sensitive personal data outside of China, we will provide you with prior information in relation to the transfer and obtain your separate consent. You may contact us at dataprivacy@hexcel.com for more information about the identities and contact information of these overseas recipients, the specific types of personal data and Sensitive personal data shared, the purposes of sharing and the mechanisms via which you may raise requests to these overseas recipients.
Transfers to any Hexcel affiliates will be subject to the intra-group agreement with any Hexcel affiliates that may have access to the personal data, which incorporates the standard contract as stipulated by the Cyberspace and Information Administration of China.
Section 9: DATA STORAGE AND SECURITY
Section 10: HOW LONG WE KEEP YOUR PERSONAL DATA
Section 11: YOUR DUTIES
We encourage you to update your information on the applicant Workday portal to ensure that the personal data that we hold about you for the purposes of your application or for the purposes of considering you for any similar roles is accurate and up to date by keeping us informed of any changes to your personal data.
Section 12: YOUR RIGHTS
You may make a formal request for a copy of the personal data (including any sensitive personal data) that we hold about you at any time. Such a request must be made in writing and we will respond within the time period required under applicable privacy and data protection laws. We may also charge a reasonable fee based on administrative costs where in our view your request is manifestly unfounded, excessive or a request for further copies.
Depending on the data protection law that applies, and subject to the conditions and limitations of such law, you may have one or more of the following rights with respect to your personal data:
Correcting and Updating Your Personal data
The accuracy of your information is important to us and we encourage you to update your personal information on the Workday portal (as set out in Section 10). If the personal data we hold on you is inaccurate or incomplete, you are entitled to request that we make corrections.
Withdrawing Your Consent
Where you have previously provided your consent and that is our legal basis for processing your personal data (see Appendix below), you may withdraw your consent at any time. Please note that if you do withdraw your consent, our use of your personal data before you withdrew your consent remains lawful.
Objecting to Our Use of Your Personal Data and Purely Automated Decisions Made About You
Erasing Your Personal Data or Restricting its Processing
Transferring Your Personal data in a Structured Data File
If we rely on your consent as the legal basis for processing your personal data (see Appendix 1), or if your request is otherwise supported by the applicable data protection laws, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that information.
Right Against Discrimination
If you are a California resident, please see the California Privacy Supplement at the end of this Notice for additional information about your rights under California privacy laws.
How to Exercise Your Rights
Section 13: QUESTIONS AND COMPLAINTS
If you are located in a Member State of the EEA, or in the United Kingdom (UK), or if our processing of your personal data is otherwise regulated by EEA and/or UK data protection laws, the lawful basis for each processing activity is set out in the following table.
Lawful Basis (including legitimate interest where relevant) | |
To carry out mandatory identity and right to work checks |
|
To progress your application and communicate with you |
|
To confirm the accuracy of the information you have provided and obtain additional information (including using providers to carry out background or credit checks where this is required or permitted by applicable law) |
Please note that you may be asked for your consent to carry out background or credit checks where this is required under applicable local law, but this is not a consent for UK / EU data protection purposes. |
To identify the best individual for the role (including assessing your suitability for the role you are applying for, and deciding whether to offer you a job) |
|
To contact you in the event that similar jobs or roles become available |
|
To carry out any necessary medical/health assessments – for some job roles |
|
For safety and security purposes |
|
To promote diversity and prevent discrimination (including statistical equal opportunities monitoring) |
|
CHINA
If you are located in the People’s Republic of China (for the purpose of this policy only, excluding Hong Kong, Macau and Taiwan) (“China”) or if our processing of your personal data is otherwise regulated by the Chinese data protection laws, then where “Legitimate Interests” is listed in the table above as the lawful basis, we in fact rely on your consent as the legal basis for processing your personal data for the relevant purpose(s).
CALIFORNIA RESIDENTS (CCPA APPLICANT ADDENDUM)
Introduction
This section (the “CCPA Applicant Addendum”) provides additional information to applicants who are California residents (“CA Applicant” “you” “your”) regarding the categories of personal information (as defined under the CCPA) we collect and process and their rights under the California Consumer Privacy Act and the regulations issued thereto, each as amended (collectively, the “CCPA”).
Scope
This CCPA Applicant Addendum applies, generally, to the personal information that we collect and otherwise process about CA Applicants, in the context of reviewing, assessing, considering, managing, storing or processing their applications or otherwise considering them for a position with us.
This CCPA Applicant Addendum does not address or apply to our collection of personal information that is: (a) exempt from or not subject to the CCPA, such as consumer credit reports and background checks, publicly available data, or other information that is exempt under the CCPA; (b) personal information we collect from contractors or employees, which is subject to different privacy notices; or (c) the personal information we collect about customers subject to our Privacy Policy.
Categories of Personal Information Collected and Disclosed
The specific personal information that we collect, and our use and disclosure of such personal information may vary depending on the circumstances, such as the position(s) or location for which you apply, as well as the associated qualifications and responsibilities. The table below generally identifies the categories of personal information about CA Applicants that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. In some cases (such as where required by law), we may ask for to consent or give you certain choices prior to collecting or using certain personal information.
Categories | Description | Third Party Disclosures for Business or Commercial Purposes |
Identifiers | Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, and other government identifiers. |
|
Categories of Personal Information Described in Cal. Civ. Code § 1798.80 | Records containing personal information, such as name, signature, photo, contact information, education and employment history, Social Security number and other government identifiers, financial or payment information, medical information. |
|
Internet or Other Electronic Network Activity Information | Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information related to your use of any Hexcel device, network or other information resource. |
|
Biometric Information | physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including fingerprint/ handprint (in accordance with applicable laws.) |
|
Geolocation Data | Location information about a particular individual or device. |
|
Characteristics of Protected Classifications Under California and Federal Law | Such as such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts and reporting obligations or where otherwise required by law.) |
|
Sensory Data | Audio, electronic, visual, or similar information, such as, CCTV/video footage, photographs, call recordings, and other audio recording (e.g., online interviews or webinars). |
|
Professional or Employment-related Information. | Such as performance information, professional membership records, references, assessment records, resumes, cover letters and work history, attendance records, conduct information (including disciplinary and grievance records), and termination data. |
|
Education Information | Such as degrees earned, educational institutions attended, transcripts, training records and other information about your educational history or background that is not publicly available personally identifiable information as defined under the Family Educational Rights and Privacy Act. |
|
Inferences and Profiles | Such as inferences drawn from any of the information identified above to create a profile about an individual regarding her or his preferences, characteristics, predispositions, behaviors, and personality tests and profiles reflecting skill and aptitude. |
|
Sensitive Personal Information | Such as: (a) Social Security number and other government identifiers; (b) financial account and payment information (e.g., for reimbursement purposes); (c) racial or ethnic origin or sexual orientation (e.g., on a voluntary basis to support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law, or union membership); (d) biometrics (e.g., for access controls); and (e) health information (e.g., as necessary to provide reasonable accommodations). |
|
We do not sell or share (as defined by the CCPA) personal information or sensitive personal information related to CA Applicants, including those we know who are under the age of 16.
Sources of Personal Information
We retain the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to administer your application and talent pool, to comply with our tax, accounting and recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations. Generally, we will retain CA Applicant information for a period of up to twelve (12) months, unless we hire you (in which case your application file will become part of your personnel record) or you consent to participate in our talent pool.
Purposes for Collecting, Using, Disclosing and Processing Personal Information
Subject to applicable legal restrictions, generally we collect, use, disclose and process CA Applicant personal information as reasonably necessary for the following general purposes, which are described in more detail in Section 4 of the main Privacy Policy above:
Sensitive Personal Information
Notwithstanding the purposes described above, we do not collect, use or disclose of sensitive personal information about CA Applicants beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(l) of the CCPA regulations). Accordingly, we only use and disclose sensitive personal information about CA Applicants as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Your CCPA Privacy Rights and Choices. CA Applicants have certain rights under the CCPA with respect to their personal information, subject to certain limitations and exceptions
Submitting CCPA Requests. CA Applicants may submit a request to us in order to exercise their CCPA rights to know/access, to delete and to correct their personal information held by us by submitting a privacy request to us online at our Webform or via phone our San Ramon office at (800) 688-7734.
We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must (a) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (i.e., by completing all required fields on our webform if you choose to submit a request in that manner); (b) describe your request with sufficient details that allows us to properly understand, evaluate, and respond to it.
In some cases, we may request additional information in order to verify your request or where necessary to process your request. Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
Contact Us. For additional details, or if you have questions regarding our use of your personal information as described in this CCPA Applicant Addendum, you may contact us at Dataprivacy@hexcel.com.