Personal data protection policy

The protection of your personal data is a priority for Thales which ensures that your personal data is processed with complete transparency and security.

To this end, Thales has adopted Binding Corporate Rules (hereinafter the “BCR”).

The Thales BCR were approved by the French Data Protection Authority in deliberations No. 2023-144 and No. 2023-145 dated December 21, 2023. 

The BCR constitute the Thales Group's policy on the protection of personal data, defining the principles and procedures implemented by Thales in connection with any processing of personal data. You can access the Thales BCR by clicking here.
 

The purpose of this privacy notice is to provide you with information about the processing of your personal data collected via the www.thalesgroup.com website and its sub-domains (hereinafter the "Thales Website").

When you visit the Thales Website, Thales S.A., a limited company registered in the Nanterre Trade and Companies Register under number 552 059 024, whose registered office is located at 4 rue de la Verrerie, 92190, Meudon, France (hereinafter "Thales" or "we") may collect and process information about you.

In this case, Thales acts as data controller, i.e. Thales determines the purpose and manner of processing your personal data. 

When submitting an application or responding to a job offer online on the Thales Website, please refer to the specific recruitment information notice by clicking here.

Is the collection of your personal data mandatory when you visit the Thales Website?

The collection of personal data (notably cookies) during browsing, website audience measurement and use of online services is optional.
However, we do need to collect and process personal data about you to enable you to access certain areas of the Thales Website or specific online services, to respond to your requests for information and to ensure the security of the Thales Website, as explained below.

What personal data do we collect and process?

When you visit the Thales Website, we may collect and process the following information about you:

• Data relating to your identity such as your first and last names;
• Data relating to your functions; 
• Data relating to your contact details such as your e-mail address, phone number and country of residence; 
• Data relating to your browsing on the Thales Website (connection logs, IP address, technical data relating to the equipment and browser used, cookies and other tracers);
• Data relating to the management of contacts and technical services (time-stamp and purpose of requests, follow-up, action taken).

What are the purposes and legal basis for processing your personal data?

Your personal data is used for the purposes and on the legal basis described below:

*You may withdraw your consent at any time without affecting the lawfulness of the processing activities based on that consent prior to its withdrawal.

How long do we keep your personal data?

Your personal data collected from the Thales Website for communication and marketing purposes is kept for a maximum period of three (3) years from the date of collection.
Your personal data required for the technical management and security of the Thales Website is kept for a period of twenty-five (25) month from their date of collection. 

Who receives your personal data?

-    Thales Group companies

Thales is an international group with many affiliates. As a result, we may share your personal data with other Thales Group companies and their employees.
When your personal data is transferred by a Thales company established in the European Economic Area (hereinafter “the EEA”) or in the United Kingdom (hereinafter “the UK”) to a Thales company established outside the EEA or the UK, in a country that has not been recognized as offering an adequate level of protection by an adequacy decision of the European Commission or the UK, this transfer is based on the Binding Corporate Rules (hereinafter the “BCR”) adopted by Thales. 

Thanks to the Thales BCR, wherever your personal data is processed within the Thales Group, it benefits from the same standard of protection. You can access the Thales BCR by clicking here.

-    Thales external suppliers and service providers

Thales uses external suppliers and service providers to host and maintain the Thales Website and/or to carry out marketing and communication activities on its behalf.

Thales ensures that said third-parties who process personal data on behalf of Thales comply with Thales' instructions and implement appropriate protection measures.

When your personal data is transferred by a Thales company established in the EEA to a third-party established outside the EEA, in a third country that has not been recognized as offering an adequate level of protection by an adequacy decision of the European Commission, Thales relies on Standard Contractual Clauses as adopted by the European Commission (hereinafter the “SCC”).

You can obtain a copy of the SCC signed by Thales by clicking here.

When your personal data is transferred by a Thales company established in the UK to a third-party established outside the UK in a third country that has not been recognized as offering an adequate level of protection by the UK, Thales relies on the International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the SCC issued by the Information Commissioner’s Office.

-    Public, governmental and/or judicial authorities

Thales may be required to disclose your personal data to public, governmental and/or judicial authorities by law or in the context of litigation, legal proceedings or any other request from such an authority. In such cases, we will ensure that only strictly necessary data is disclosed.

Thales does not sell your personal data to third parties.

What security measures are in place to protect your data?

Thales undertakes to implement the technical, organizational and contractual security measures necessary to protect your personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access.

However, due to the public and unsecured nature of the Internet, Thales cannot be responsible for the security of personal data transmissions over the Internet.

In addition, the Thales Website may contain links to third-party websites. Thales makes no representations or warranties, express or implied, with respect to such third-party websites. The publishers and operators of third-party websites may collect, use or transfer personal data under terms and conditions different from those of Thales. 
 

What are your rights concerning your personal data?

You have the right to access your personal data.

You may also request the correction or deletion of your personal data. 

You also have the right to withdraw your consent or to object to the processing of your personal data and to request that such processing be restricted. 

Finally, you can request your personal data to be sent to you in a structured and standard format.

To exercise your rights or make a complaint, please use the dedicated form by clicking here.

You may also contact the Thales Group Data Protection Officer by sending an e-mail to dataprotection@thalesgroup.com.

In all cases, you have the right to lodge a complaint with the competent data protection authority.

Update of the Thales Website notice

The present notice of the Thales Website is updated regularly to take into account technological innovations as well as legislative and regulatory changes.

Date of last revision: June 2024