Privacy Policy

Last updated March 27, 2024

Wabtec Corporation and its wholly and majority-owned entities (collectively “Wabtec”, “we” or “us”), respect your concerns about privacy. References in this Privacy Policy to “Wabtec”, “we”, “us”, and “our” are references to the entity responsible for the processing of your Personal Data, which generally is the entity that obtains your Personal Data.

This Privacy Policy applies to the Personal Data we obtain through Wabtec’s properties, including websites, mobile applications and social media pages that reference and link to this Privacy Policy (“Online Channels”). This Privacy Policy does not apply to products and services that reference and link to separate privacy policies.

This Privacy Policy describes the types of Personal Data we obtain through the Online Channels, how we may use that Personal Data, with whom we may share it, and how you may exercise your rights regarding our processing of the Personal Data. The Privacy Policy also describes the measures we take to safeguard the Personal Data we obtain and how you can contact us about our privacy practices.

The Online Channels may provide links to other third-party websites and features, that are not owned or controlled directly or indirectly by Wabtec. We are not responsible for the privacy practices of third parties, which are subject to their respective privacy policies.

Click on one of the links below to jump to the listed section:

 

Wabtec’s Privacy Practices at a Glance

Purpose

Lawful basis

Relevant Personal Data

Retention period

Contact

Legitimate interest: to contact you after we have received your contactsName, phone, email address24 months after last contact

Answer questions

Legitimate interest: to answer the questions you have sent in through the contact formName, email address, phone, fax24 months after last contact

Requesting access to a restricted website

Contract: Subscription agreement to access restricted websiteName, email address, phone, fax24 months after expiration or termination of subscription

Opt-in subscribe to email

Legitimate interest: to provide you with news that you subscribed toEmail address24 months from last unsuccessful contact

Provide pricing

Legitimate interest: to provide you with the pricing information you requested through the request for quote formName, email, address24 months from collection 

Recruitment

Legitimate interest: to communicate with you about the recruitment process and/or your application(s)Name, phone number, email address, country, resume/CV, date of birth, ethnicity, gender24 months after last contact

 

Personal Data We Obtain

We may obtain Personal Data through the Online Channels. “Personal Data” includes information that can be used to identify you as a natural person, directly or indirectly, in particular in combination with other information available to us such as an identification number, online identifier or one or more factors specific to your identity as a natural person.

The types of Personal Data we may obtain include:

  • contact information (e.g. name, phone and fax number, email and postal address) for you or for others (e.g., principals in your business);
  • information used to create your online account (e.g. username, password and security question and answer);
  • biographical and demographic information not related in any case to the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (e.g. date of birth, age, gender, job title/position, marital status and dependent, spousal and other family information);
  • purchase and customer service history;
  • financial information (e.g. payment information, including name, billing address and payment card details (e.g. card number, expiration date and security code); bank account information; financial statements; income; and credit score);
  • location data (e.g. data derived from your IP address, country and zip code) and the precise geolocation of your mobile device where we have provided notice and choice, as appropriate;
  • contact information you provide about friends or other people you would like us to contact;
  • clickstream data and other information about your online activities (e.g. information about your devices, browsing actions and usage patterns), including across the Online Channels and third-party websites, that we obtain through the use of cookies, web beacons and similar technologies (see our Cookie Policy); and
  • other personal information contained in content you submit to us (e.g. through our “Contact Us” feature).

Wabtec aims at keeping the Personal Data we hold as accurate and up-to-date as possible. Please ensure that the Personal Data you communicate to us is accurate and up-to-date.

We use third-party web analytics services in connection with the Online Channels, including Google Analytics, which use cookies and similar technologies to collect data (such as IP addresses) to evaluate use of and interaction with the Online Channels. (You may learn about Google’s advertising features, including Google Analytics’ currently available opt-out mechanisms, here. To learn more about these and other analytics services and how to opt out, please view our Cookie Policy)

If you choose not to provide us certain Personal Data, we may not be able to offer you certain products and services, and you may not be able to access certain features of the Online Channels.

Personal Data We Collect From Other Sources

We and third parties we engage may combine information we collect from you over time and across the Online Channels with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you (see notably our Cookie Policy).

Do Not Track Notice

Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. Our Website does not respond to “Do Not Track” signals from browser software.

How We Use Personal Data
  • provide and administer our products and services;
  • process and fulfill orders and keep you informed about the status of your order;
  • communicate about and administer our products, services, events, programs and promotions (e.g. by sending alerts, promotional materials, newsletters and other marketing communications);
  • perform data analytics (e.g. market research, trend analysis, financial analysis and customer segmentation);
  • engage in ad retargeting and evaluate the effectiveness of our marketing efforts (including through our participation in ad networks);
  • provide customer support;
  • process, evaluate and respond to requests, inquiries and applications;
  • create, administer and communicate with you about your account (including any purchases and payments);
  • conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns and managing our brand);
  • operate, evaluate and improve our business (e.g. by administering, enhancing and improving our products and services; developing new products, services and Online Channels; managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities);
  • verify your identity and endeavor to protect against and prevent fraud and other unlawful activity, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality; and
  • conduct investigations and comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and our policies and terms (such as this Privacy Policy and other Online Channels terms of use); and maintain and enhance the safety and security of our products, services, Online Channels, network services, information resources and employees.

We may combine Personal Data we obtain through Online Channels with information we obtain through other channels only for the purposes described above, or as described upon collection through such other channels. We may anonymize or aggregate personal information and use it for the purposes described above and for other purposes to the extent permitted by applicable law. We also may use Personal Data for additional purposes than those identified at the time of collection, provided that such other purposes remain compatible with the initial purposes. In any case, we will inform you of such additional purposes and, to the extent required by law, will seek your prior consent.

To the extent mandated by applicable law, we may also request your consent for the processing of your Personal Data for direct marketing purposes.

The legal basis for Wabtec processing your personal information as described above will typically be one of the following:

  • Your consent;
  • Performance of a contract with you;
  • Our legitimate interests; or
  • Compliance with our legal obligations.

For more detail, please see Wabtec’s Privacy Practice At a Glance.

 

Personal Data Sharing

We do not sell or otherwise disclose Personal Data about you except as described here or at the time of collection.

We may share Personal Data within the Wabtec group for the purposes described in this Privacy Policy.

We may share your Personal Data with our affiliate entities and other third-party business partners, providers, vendors or contractors acting on our behalf and under our instructions, whether located inside and outside of the European Union (“EU”) or the Economic Area (“EEA”), for the purposes of operating our business, recruitment, delivering, improving, and customizing our Online Channels as well as our products and services, sending marketing and other communications related to our business, to reply on job applications and when needed, with your consent.

Therefore, we may share Personal Data in the following ways:

  • Within Wabtec and any of our affiliate entities located inside or outside of the EU/EEA, for purposes of Personal Data processing or storage in connection with the aforementioned purposes;
  • With Wabtec’s business partners, vendors, authorized third-party agents or contractors to provide our products and services or facilitate transactions. Examples include, but are not limited to: processing of orders, hosting websites and providing support; and
  • In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by another company.

We may also disclose Personal Data about you (1) if we are required or permitted to do so by applicable law or legal process (such as a court order or subpoena), (2) to law enforcement authorities or other government officials to comply with a legitimate legal request, (3) when we believe disclosure is necessary to prevent physical harm or financial loss, (4) to establish, exercise or defend our legal rights, (5) in connection with an investigation of suspected or actual fraud or illegal activity or (6) otherwise with your consent.

 

Data Transfers

As a global organization with affiliated entities located inside and outside of the EU/EEA and business processes in operation across borders, we may transfer your Personal Data across Wabtec’s entities, including in the U.S., and/or to third-party business partners, providers, vendors, or contractors, that are located inside or outside of the EU/EEA, for purposes described in the section “How We Share your Personal Data” above, including for the purpose of data processing or storage on behalf and under the control of Wabtec.

Wabtec implements cross-borders transfers in compliance with applicable privacy and data protection regulations, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (the “GDPR”). Where mandated by applicable law, to ensure that your personal data does receive an adequate level of protection, Wabtec implements the appropriate measures to ensure that your Personal Data is treated across Wabtec affiliated entities and by the aforementioned third parties in a way that is consistent with and which respects the applicable privacy and data protection laws. Measures may notably include a data transfer agreement.

 

Your Rights

You have the right to access, obtain a paper or electronic copy, review, correct and update all your Personal Data stored by us, notably to confirm its accuracy. Subject to any relevant legal requirements and exemptions, you may also request to oppose to or limit the processing or your Personal Data or request that certain of your Personal Data be deleted from our files.

If you reside within the EU/EEA, you may also exercise your right to portability of your Personal Data where the lawful basis for the processing is (i) (a) a contract or (b) your consent and (ii) such processing is implemented by automated means. Please note that such a request could be limited to the sole Personal Data you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.

Wabtec will make reasonable efforts to comply with the aforementioned requests, unless such requests are prohibited by law, or there is a legitimate purpose to retain your Personal Data, in which case we will inform you without undue delay. We reserve the right to verify your identity before any request relating to your Personal Data processed by us.

Please use this DSAR Intake Form to make your request to exercise any of the rights (Data Subject Rights) listed above. You may also direct any questions about your Personal Data using the contact details provided at the end of this Policy.

 

How We Protect Personal Data Transmission

The security and confidentiality of your Personal Data is important to us.

We maintain administrative, organizational procedures, technical and physical safeguards, consistent with legal requirements where the Personal Data was obtained, designed to ensure the security and confidentiality against unlawful or unauthorized destruction, loss, alteration, use or disclosure of, or access to, the Personal Data provided to us through the Online Channels.

As such, Wabtec relies on reasonable measures to safeguard Personal Data in our possession, including:

  • Enforcement of group-wide policies and procedures on Personal Data use, security and confidentiality;
  • Restricting access to Personal Data to only those employees and third-party service providers on a “need to know” basis and under strict confidentiality requirements;
  • Use of technologies to safeguard data during transmission, such as SSL encryption for some of the data that you provide via the Online Channels and using appropriate security measures to safeguard the data we collect and possess;
  • Use of reasonable measures and processes for detecting and responding to inappropriate attempts to breach our computer systems and networks.

The Internet and any communication thereon cannot be guaranteed to be secure at all times, and we cannot ensure or warrant the security of any Personal Data you provide us through this technology. In this regard, we have procedures to deal with any suspected data security breach and will notify you and any regulator of a suspected breach, as mandated by law.

 

Retention of Personal Data

To the extent permitted by applicable law, we retain Personal Data we obtain about you as long as (1) it is strictly needed for the purposes for which we obtained it, in accordance with the provisions of this Privacy Policy or (2) we have another lawful basis, stated in this Privacy Policy or at the point of collection, for retaining that information beyond the period for which it is necessary to serve the original purpose for obtaining the Personal Data.

For more information about the retention periods, please refer to Wabtec’s Privacy Practice at a Glance above.

 

Additional Information

Notice to California Residents

Subject to certain limits under California law, California residents may ask us to provide them with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. To obtain this information, please submit a request via the DSAR Intake Form, Wabtec's Toll-Free privacy line at 1-855-703-9388 or send an email to privacy [at] wabtec [dot] com (privacy[at]wabtec[dot]com) with "California Shine the Light Privacy Request" in the subject line and in the body of your message.

 

Notice to data subjects whose Personal Data is processed in South Africa

In terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”), the definition of Personal Data extends to existing juristic persons (i.e. legal entities). Accordingly, in respect of any processing that occurs in South Africa, the terms of this Privacy Policy will apply equally to any Personal Data relating to companies or other legal entities (such as corporate registration details, addresses, banking details etc.) that may be obtained via the Online Channels.

Children’s Personal Information

The Online Channels are designed for a general audience and are not directed to children under the age of 18. We do not knowingly collect or solicit personal information from children under the age of 18 through the Online Channels. If we become aware that we have collected personal information from a child under the age of 18, we will promptly delete the information from our records. If you believe that a child under the age of 18 may have provided us with personal information, please Contact us as specified in the How To Contact Us section of this Privacy Policy.

Choice and Opt-Out

We may send you service communications relating to the products or services we provide you via email (e.g. to inform you about changes to the product or service you requested from us, revisions of our terms and conditions or this Policy). As such service communications are necessary for the purposes of providing you with our products or services or complying with our legal obligations, you will not be able to opt-out from receiving them.

Subject to your choices, we may also send you marketing communications via email. In addition to the “Unsubscribe” link contained in each of our e-mail marketing communications, you may opt-out freely and at any time of receiving Wabtec newsletters or other e-mail marketing communications from Wabtec by sending an e-mail to privacy [at] wabtec [dot] com.

 

Changes to Our Privacy Policy

We reserve the right to update this Policy from time to time in order to reflect any changes to our products or services or to comply with changes in our legal and/or regulatory obligations. If we modify our Policy, we will post the revised version on the relevant Online Channels, with an updated revision date at least thirty days prior to such changes being effective. Where such changes are substantial, we will also notify you by other means prior to the changes taking effect, such as by sending you an email notification or through the Online Channels, products or services. By continuing to use our Online Channels thirty days after such revisions are in effect, you will be deemed to accept and agree to the revisions and to abide by them.

 

How to Contact Us

Please use this DSAR Intake Form to make your request to exercise any of the rights (Data Subject Rights) listed above in the section on Your Rights.

If you have any questions or comments about this Privacy Policy or if you would like us to update information we have about you or your preferences, please contact us by emailing the address below or write to us at:

Attn: Chief Privacy Counsel
30 Isabella Street
Pittsburgh, PA, 15212 - USA
Phone: 412-825-1000
Fax: 412-825-1019
Email: privacy [at] wabtec [dot] com (privacy[at]wabtec[dot]com)

Brazil Data Protection Officer
Henrique Tavares
Email: henrique [dot] tavares [at] wabtec [dot] com
Phone: 55 31 999307520

If you are not satisfied with our answer or the way we process your Personal Data pursuant to this Policy, you may also have the right to lodge a complaint with a data protection authority or a Court of competent jurisdiction. If you reside within the European Union, a list of national data protection authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

 

Privacy Policy Translations
Privacy policy - Arabic
Privacy policy - Chinese
Privacy policy - Czech
Privacy policy - Danish
Privacy policy - Dutch
Privacy policy - French (Canada)
Privacy policy - French (France)
Privacy policy - German
Privacy policy - Hungarian
Privacy policy - Italian
Privacy policy - Kazakh
Privacy policy - Macedonian
Privacy policy - Polish
Privacy policy - Portuguese
Privacy policy - Russian
Privacy policy - Spanish (Mexico)
Privacy policy - Spanish (Spain)
Privacy policy - Swedish
Privacy policy - Turkish