The Online Channels may provide links to other third-party websites and features, that are not owned or controlled directly or indirectly by Wabtec. We are not responsible for the privacy practices of third parties, which are subject to their respective privacy policies.
Click on one of the links below to jump to the listed section:
- Wabtec’s Privacy Practices at a Glance
- Personal Data We Obtain
- How We Use Personal Data
- Personal Data Sharing
- Data Transfers
- Your Rights
- How We Protect Personal Data
- Retention of Personal Data
- Additional Information
- How To Contact Us
Wabtec’s Privacy Practices at a Glance
Relevant Personal Data
Legitimate interest: to contact you after we have received your contacts
Name, phone, email address
24 months after last contact
Legitimate interest: to answer the questions you have sent in through the contact form
Name, email address, phone, fax
24 months after last contact
Requesting access to a restricted website
Contract: Subscription agreement to access restricted website
Name, email address, phone, fax
24 months after expiration or termination of subscription
Opt-in subscribe to email
Legitimate interest: to provide you with news that you subscribed to
24 months from last unsuccessful contact
Legitimate interest: to provide you with the pricing information you requested through the request for quote form
Name, email, address
24 months from collection
Legitimate interest: to reply on your job application
Name, phone number, email address, country, resume/CV, date of birth, ethnicity, gender
24 months after last contact
Personal Data We Obtain
We may obtain Personal Data through the Online Channels. “Personal Data” includes information that can be used to identify you as a natural person, directly or indirectly, in particular in combination with other information available to us such as an identification number, online identifier or one or more factors specific to your identity as a natural person.
The types of Personal Data we may obtain include:
- contact information (e.g. name, phone and fax number, email and postal address) for you or for others (e.g., principals in your business);
- information used to create your online account (e.g. username, password and security question and answer);
- biographical and demographic information not related in any case to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (e.g. date of birth, age, gender, job title/position, marital status and dependent, spousal and other family information);
- purchase and customer service history;
- financial information (e.g. payment information, including name, billing address and payment card details (e.g. card number, expiration date and security code); bank account information; financial statements; income; and credit score);
- location data (e.g. data derived from your IP address, country and zip code) and the precise geolocation of your mobile device where we have provided notice and choice, as appropriate;
- contact information you provide about friends or other people you would like us to contact;
- other personal information contained in content you submit to us (e.g. through our “Contact Us” feature).
Wabtec aims at keeping the Personal Data we hold as accurate and up-to-date as possible. Please ensure that the Personal Data you communicate to us is accurate and up-to-date.
If you choose not to provide us certain Personal Data, we may not be able to offer you certain products and services, and you may not be able to access certain features of the Online Channels.
Personal Data We Collect From Other Sources
How We Use Personal Data
- provide and administer our products and services;
- process and fulfill orders and keep you informed about the status of your order;
- communicate about and administer our products, services, events, programs and promotions (e.g. by sending alerts, promotional materials, newsletters and other marketing communications);
- perform data analytics (e.g. market research, trend analysis, financial analysis and customer segmentation);
- engage in ad retargeting and evaluate the effectiveness of our marketing efforts (including through our participation in ad networks);
- provide customer support;
- process, evaluate and respond to requests, inquiries and applications;
- create, administer and communicate with you about your account (including any purchases and payments);
- conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns and managing our brand);
- operate, evaluate and improve our business (e.g. by administering, enhancing and improving our products and services; developing new products, services and Online Channels; managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities);
- verify your identity and endeavor to protect against and prevent fraud and other unlawful activity, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality; and
We may combine Personal Data we obtain through Online Channels with information we obtain through other channels only for the purposes described above, or as described upon collection through such other channels. We may anonymize or aggregate personal information and use it for the purposes described above and for other purposes to the extent permitted by applicable law. We also may use Personal Data for additional purposes than those identified at the time of collection, provided that such other purposes remain compatible with the initial purposes. In any case, we will inform you of such additional purposes and, to the extent required by law, will seek your prior consent.
To the extent mandated by applicable law, we may also request your consent for the processing of your Personal Data for direct marketing purposes.
The legal basis for Wabtec processing your personal information as described above will typically be one of the following:
- Your consent;
- Performance of a contract with you;
- Our legitimate interests; or
- Compliance with our legal obligations.
For more detail, please see Wabtec’s Privacy Practice At a Glance.
Personal Data Sharing
We do not sell or otherwise disclose Personal Data about you except as described here or at the time of collection.
We may share your Personal Data with our affiliate entities and other third-party business partners, providers, vendors or contractors acting on our behalf and under our instructions, whether located inside and outside of the European Union (“EU”) or the Economic Area (“EEA”), for the purposes of operating our business, delivering, improving, and customizing our Online Channels as well as our products and services, sending marketing and other communications related to our business, to reply on job applications and when needed, with your consent.
Therefore, we may share Personal Data in the following ways:
- Within Wabtec and any of our affiliate entities located inside or outside of the EU/EEA, for purposes of Personal Data processing or storage in connection with the aforementioned purposes;
- With Wabtec’s business partners, vendors, authorized third-party agents or contractors to provide our products and services or facilitate transactions. Examples include, but are not limited to: processing of orders, hosting websites and providing support; and
- In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by another company.
We may also disclose Personal Data about you (1) if we are required or permitted to do so by applicable law or legal process (such as a court order or subpoena), (2) to law enforcement authorities or other government officials to comply with a legitimate legal request, (3) when we believe disclosure is necessary to prevent physical harm or financial loss, (4) to establish, exercise or defend our legal rights, (5) in connection with an investigation of suspected or actual fraud or illegal activity or (6) otherwise with your consent.
As a global organization with affiliated entities located inside and outside of the EU/EEA and business processes in operation across borders, we may transfer your Personal Data across Wabtec’s entities, including in the U.S., and/or to third-party business partners, providers, vendors, or contractors, that are located inside or outside of the EU/EEA, for purposes described in the section “How We Share your Personal Data” above, including for the purpose of data processing or storage on behalf and under the control of Wabtec.
Wabtec implements cross-borders transfers in compliance with applicable privacy and data protection regulations, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (the “GDPR”). Where mandated by applicable law, to ensure that your personal data does receive an adequate level of protection, Wabtec implements the appropriate measures to ensure that your Personal Data is treated across Wabtec affiliated entities and by the aforementioned third parties in a way that is consistent with and which respects the applicable privacy and data protection laws. Measures may notably include a data transfer agreement.
You have the right to access, obtain a paper or electronic copy, review, correct and update all your Personal Data stored by us, notably to confirm its accuracy. Subject to any relevant legal requirements and exemptions, you may also request to oppose to or limit the processing or your Personal Data or request that certain of your Personal Data be deleted from our files.
If you reside within the EU/EEA, you may also exercise your right to portability of your Personal Data where the lawful basis for the processing is (i) (a) a contract or (b) your consent and (ii) such processing is implemented by automated means. Please note that such a request could be limited to the sole Personal Data you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.
Wabtec will make reasonable efforts to comply with the aforementioned requests, unless such requests are prohibited by law, or there is a legitimate purpose to retain your Personal Data, in which case we will inform you without undue delay. We reserve the right to verify your identity before any request relating to your Personal Data processed by us.
Please use this DSAR Intake Form to make your request to exercise any of the rights (Data Subject Rights) listed above. You may also direct any questions about your Personal Data using the contact details provided at the end of this Policy.
How We Protect Personal Data Transmission
The security and confidentiality of your Personal Data is important to us.
We maintain administrative, organizational procedures, technical and physical safeguards, consistent with legal requirements where the Personal Data was obtained, designed to ensure the security and confidentiality against unlawful or unauthorized destruction, loss, alteration, use or disclosure of, or access to, the Personal Data provided to us through the Online Channels.
As such, Wabtec relies on reasonable measures to safeguard Personal Data in our possession, including:
- Enforcement of group-wide policies and procedures on Personal Data use, security and confidentiality;
- Restricting access to Personal Data to only those employees and third-party service providers on a “need to know” basis and under strict confidentiality requirements;
- Use of technologies to safeguard data during transmission, such as SSL encryption for some of the data that you provide via the Online Channels and using appropriate security measures to safeguard the data we collect and possess;
- Use of reasonable measures and processes for detecting and responding to inappropriate attempts to breach our computer systems and networks.
The Internet and any communication thereon cannot be guaranteed to be secure at all times, and we cannot ensure or warrant the security of any Personal Data you provide us through this technology. In this regard, we have procedures to deal with any suspected data security breach and will notify you and any regulator of a suspected breach, as mandated by law.
Retention of Personal Data
For more information about the retention periods, please refer to Wabtec’s Privacy Practice at a Glance above.
Notice to California Residents
Subject to certain limits under California law, California residents may ask us to provide them with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. To obtain this information, please submit a request via the DSAR Intake Form or send an email to privacy [at] wabtec [dot] com with "California Shine the Light Privacy Request" in the subject line and in the body of your message.
Notice to data subjects whose Personal Data is processed in South Africa
Children’s Personal Information
Choice and Opt-Out
We may send you service communications relating to the products or services we provide you via email (e.g. to inform you about changes to the product or service you requested from us, revisions of our terms and conditions or this Policy). As such service communications are necessary for the purposes of providing you with our products or services or complying with our legal obligations, you will not be able to opt-out from receiving them.
Subject to your choices, we may also send you marketing communications via email. In addition to the “Unsubscribe” link contained in each of our e-mail marketing communications, you may opt-out freely and at any time of receiving Wabtec newsletters or other e-mail marketing communications from Wabtec by sending an e-mail to privacy [at] wabtec [dot] com.
We reserve the right to update this Policy from time to time in order to reflect any changes to our products or services or to comply with changes in our legal and/or regulatory obligations. If we modify our Policy, we will post the revised version on the relevant Online Channels, with an updated revision date at least thirty days prior to such changes being effective. Where such changes are substantial, we will also notify you by other means prior to the changes taking effect, such as by sending you an email notification or through the Online Channels, products or services. By continuing to use our Online Channels thirty days after such revisions are in effect, you will be deemed to accept and agree to the revisions and to abide by them.
How to Contact Us
Please use this DSAR Intake Form to make your request to exercise any of the rights (Data Subject Rights) listed above in the section on Your Rights.
Attn: Chief Privacy Counsel
30 Isabella Street
Pittsburgh, PA, 15212 - USA
Email: privacy [at] wabtec [dot] com
Brazil Data Protection Officer
Email: henrique [dot] tavares [at] wabtec [dot] com
Phone: 55 31 999307520
If you are not satisfied with our answer or the way we process your Personal Data pursuant to this Policy, you may also have the right to lodge a complaint with a data protection authority or a Court of competent jurisdiction. If you reside within the European Union, a list of national data protection authorities can be found here: http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm.