Automated decision making

means a decision made by automated means without any human involvement. 

Data controller

means a natural or legal person (such as a company) which determines the means and purposes of processing of personal information.  For example, the BAE Systems entity which contracts with you will be your data controller as it determines how it will collect personal information from you, the scope of data which will be collected, and the purposes for which it will be used. 

Data processor

means a natural or legal person (such as a company) that is responsible for processing personal information on behalf of a controller.


means the European Economic Area, which includes all EU countries and also Iceland, Liechtenstein and Norway. 

EU countries

are Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

GDPR and applicable local law

means the General Data Protection Regulation (GDPR), which is the law governing data privacy in the European Union, and the applicable data protection law in each jurisdiction. These laws apply to our processing and management of your personal information within the EU countries.

Personal information

is information that relates to a living individual. It includes information that may identify a person by name and contact details, or refer to associated information such as account activity, or personal preferences that can directly or indirectly identify an individual. 
Processing means any and all actions we take with respect to your personal information, including (without limitation) managing, viewing, holding, storing, deleting, changing, using and saving. 

Special category personal information

means any personal information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership.  


Categories of personal information

The following definitions are not exhaustive and are intended to illustrate the types of personal information that we process with reference to the broard categories described below.
  • Business information: your business contact details (e.g. address, telephone number, e-mail), your job title, your employer and any other relevant information
  • Contact information: home address, email address and telephone number/s
  • Data related to your employment with the Company: work contact details (e.g. address, telephone number, e-mail), work location default hours, default language, time zone and currency for location, your worker ID and various system IDs, your performance review information, your work biography, your reporting line, your employee/contingent worker type, your hire/contract begin and end dates, your cost centre, your job title and job description, your working hours and patterns, whether you are full or part time; your termination/contract end date; the reason for termination; your last day of work; exit interviews, references, status (active/inactive/terminated); position title; the reason for any change in job and date of change; your benefit coverage start date
  • Employment claims, complaints and disclosures data: termination arrangements and payments, subject matter of employment based litigation and complaints, employee involvement in incident reporting and disclosures
  • Financial data: credit card information, bank account details and other relevant information about your payment information
  • HR processes data: allegations, investigations and proceeding records and outcomes, colleague and line management feedback, appraisals, talent programmes, formal and informal performance management processes, flexible working processes, restructure and redundancy plans, consultation records, selection and redeployment data, health and safety audits, risk assessments, incident reports, data relating to training and development needs or training received
  • Identity information: your title, forename and surname, preferred name, photographic images and any additional names
  • Immigration information: gender, nationality, second nationality, civil/marital status, date of birth, age, national ID number, immigration data, languages spoken and next-of-kin/dependent contact information
  • Leave information: absence records (including dates and categories of leave/time-off), holiday dates and information related to family leave
  • Monitoring data (to the extent permitted by applicable laws): Closed Circuit television footage, system and building login and access records, keystroke, download and print records, call recordings, data caught by IT security programmes and filters
  • Share information: number of shares held, date joined the register, date left the share register, dividends paid/not cashed; bank mandate details; share transactions;  nationality and AGM / Proxy voting 
  • Staff related data: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, gender, nationality, second nationality, civil/marital status, date of birth, age, home contact details (e.g. address, telephone number, e-mail), national ID number, immigration and eligibility to work data, languages spoken, next-of-kin/dependent contact information, passport details, driving licence and car registration details
  • Recruitment data: qualifications,  references, CV and application, interview and assessment data
  • Regulatory data: records of your registration with any applicable regulatory authority, your regulated status and any regulatory references
  • Remuneration and benefits data: your remuneration information (including salary/hourly plan/contract pay information as applicable, allowance, bonus and merit plans), bank account details, grade, social security number, tax information, third party benefit recipient information
  • Vetting data: vetting and verification information, including results of any background or other checks.
  • Website information: this includes: - data that you provide by filling in forms on the Website, including data provided at the time of registering to use the registration-only sections of the Website (such as our careers and brand sections); any personal information requested from you by the Company (such as when you report a problem with the website); if you contact us, in writing, by email or other electronic means through the Website, we may keep a record of that correspondence; and details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access. 

Cohort glossary

  • Applicants: individuals who have applied for a role in any capacity working with the Company, or registered an interest in working with Company.
  • Employees: individuals who are employed in any capacity by the Company.
  • Contractors and workers: individuals who provide services to the Company (whether directly or via a third party service company or agency).
  • Next of kin and dependants: family members of employees, contractors and workers.
  • Board members, directors & non-executive directors: office holders and directors of BAE Systems group companies, directors and office holders of joint venture companies.
  • Shareholders: individuals holding shares in BAE Systems plc, or members of an employee share plan.
  • Pensions: members of any of the Company’s pension schemes.
  • Education and Community Partnerships: individuals involved in any of the Company’s early careers programmes (including internships, work experience, apprentice and graduate programmes), as well as any of its community partnership programmes.
  • Former employees, contractors and workers: individuals who were employed in any capacity by the Company, or who provided services to the Company (whether directly or via a third party service company or agency).
  • Customers and contacts: the Company’s customers, prospective customers or contacts.
  • Customers and contacts: suppliers or subcontractors to the Company.
  • Site visitors: individuals who visit any of the Company sites.
  • Event attendees: individuals who attend an event run or organised by or on behalf of the Company.
  • Journalists and media: journalists and other members of the media.
  • General public: members of the general public.
  • Website: visitors to the Company’s website.