Privacy Policy

Last updated November 14, 2025

Wabtec Corporation and its affiliates  (collectively “Wabtec”, “we” or “us”), respect your concerns about privacy. We provide this privacy policy to help you understand the type of information we collect or receive, how we use or disclose it, and the rights and choices available to you. The Privacy Policy also describes measures we take to safeguard the Personal Data we obtain and how you can contact us about our privacy practices. Our processing and your privacy rights may vary depending on your relationship with us and the laws that apply to your Personal Data.

This Privacy Policy applies to the Personal Data we obtain through Wabtec’s websites or mobile apps that link to this Privacy Policy (“Services”), to personal data we maintain about job applicants, and business contacts such as our vendors or customers. However, this Privacy Policy does not apply to mobile applications, social media pages, or any Wabtec products or services that incorporate or link to separate privacy policies.

The Services may provide links to other third-party websites and features, that are not owned or controlled directly or indirectly by Wabtec. We are not responsible for the privacy practices of third parties, which are subject to their respective privacy policies. 

Click on one of the links below to jump to the listed section:

• Personal Data We Collect or Receive
• Sensitive Personal Data
• Do Not Track Notice
• How We Use Personal Data
• Personal Data Sharing
• Data Transfers
• Your Rights
• How We Protect Personal Data
• Retention of Personal Data
• Additional Information
  • Information for California Residents
  • Notice to Data Subjects whose Personal Data is Processed in South Africa
  • Children’s Personal Data
  • Deidentified Data
• Your Choices
• Changes to Our Privacy Policy
• How To Contact Us

Personal Data We Collect or Receive

We may obtain Personal Data through the Services, when you apply for a job, or from your employer with whom we do business. “Personal Data” includes information that can be used to identify you as a natural person, directly or indirectly, in particular in combination with other information available to us such as an identification number, online identifier or one or more factors specific to your identity as a natural person.

The types of Personal Data we may obtain include:

• contact information (e.g. name, phone and fax number, email and postal address) for you or for others (e.g., principals in your business);
• information used to create your online account (e.g. username, password and security question and answer);
• biographical and demographic information (e.g. date of birth, age, gender, job title/position, marital status and dependent, spousal and other family information);
• when you submit employment inquiries or job applications, including through the “Careers” sections of our websites, we may receive professional and employment information such as your resume, cover letter, employment and education history, qualifications, skills, trade union membership and any other information you may provide, including demographic information such as race or ethnicity;
• purchase and customer service history;
• financial information (e.g. payment information, including name, billing address and payment card details, including card number, expiration date and security code; bank account information; financial statements; income; and credit score);
• location data (e.g. data derived from your IP address, country and zip code) and the precise geolocation of your mobile device;
• contact information you provide about other people you would like us to contact, such as potential customers;
• clickstream data and other information about your online activities (e.g. information about your devices, browsing actions and usage patterns), including across the Services and third-party websites, that we obtain through the use of cookies, web beacons and similar technologies (see our Cookie Policy); and
• other personal Data contained in content you submit to us (e.g. through our “Contact Us” feature).

Personal Data We Receive Automatically

We also may receive personal data automatically through technologies like those described in our Cookie Policy, We use third-party web analytics services in connection with the Services, including Google Analytics, which use cookies and similar technologies to collect data (such as IP addresses) to evaluate use of and interaction with the Services. (You may learn more about Google Analytics, including Google Analytics’ currently available opt-out mechanisms, here.)

Personal Data We Collect From Other Sources

We may combine information collected from you over time and across the Services with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness and also helps us better tailor our interactions with you (see notably our Cookie Policy).

We may also receive Personal Data about you from other users who provide contact information about friends or other people those users would like us to contact.

Sensitive Personal Data

Some of the Personal Data we collect, such as precise geolocation of your mobile device and certain payment card information, may be considered sensitive Personal Data depending on the applicable laws of the jurisdiction in which you reside or are located.

Do Not Track Notice

Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. The Services do not respond to “Do Not Track” signals.

How We Use Personal Data

We may use Personal Data when we have an appropriate legal basis to do so, such as for our legitimate interests. Use of Personal Data pursuant to legitimate interests includes processing to:

• provide and administer our products and services;
• process and fulfill orders and keep you informed about the status of your order;
• communicate about and administer our products, services, events, programs and promotions (e.g. by sending alerts, promotional materials, newsletters and other marketing communications);
• perform data analytics (e.g. market research, trend analysis, financial analysis and customer segmentation);
• recruiting and hiring purposes (e.g. evaluating and processing your employment application, interviewing candidates), including using our service providers’ recruitment technology products that we use to assist with and automate parts of our recruitment processes;
• provide customer support;
• process, evaluate and respond to requests, inquiries and applications;
• create, administer and communicate with you about your account (including any purchases and payments);
• conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns and managing our brand);
• operate, evaluate and improve our business (e.g. by administering, enhancing and improving our products and services; developing new products, services and Services; managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities);
• verify your identity and endeavor to protect against and prevent fraud and other unlawful activity, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality;
• create deidentified, aggregate, anonymized, or pseudonymous data; and
• conduct investigations and comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and our policies and terms (such as this Privacy Policy and other Services terms of use); and maintain and enhance the safety and security of our products, services, Services, network services, information resources and employees.

We may also use Personal Data to provide services that are subject to contractual terms you have accepted, to the extent you have provided your consent, and to comply with our legal obligations.

We may combine Personal Data we obtain through the Services with information we obtain through other channels, such as our provision of products, for the purposes described above, or as described in other privacy policies we may provide through those channels. We also may use Personal Data for additional purposes than those identified at the time of collection, provided that such other purposes remain compatible with the initial purposes. In any case, we will inform you of such additional purposes and, to the extent required by law, will seek your prior consent.

Personal Data Sharing

We may share Personal Data within the Wabtec group of affiliates for the purposes described in this Privacy Policy.

We may share your Personal Data with other third-party business partners, service providers, vendors, or contractors acting on our behalf and under our instructions for the purposes of operating our business, recruitment and hiring, including service providers of recruitment technology products that we use to assist with and automate parts of our recruitment processes, delivering, improving, and customizing our Services as well as our products and services, sending marketing and other communications related to our business, to reply on job applications and when needed, with your consent.

We may also disclose Personal Data about you (1) if we are required or permitted to do so by applicable law or legal process (such as a court order or subpoena), (2) to law enforcement authorities or other government officials to comply with a legitimate legal request, (3) when we believe disclosure is necessary to prevent physical harm or financial loss, (4) to establish, exercise or defend our legal rights, (5) in connection with an investigation of suspected or actual fraud or illegal activity, (6) in connection with an actual or potential change affecting our corporation such as any merger, sale of company assets, consolidation or restructuring, financing, acquisition of all or a portion of our business by another company, bankruptcy, or divestiture, or (7) as we otherwise disclose to you or as you otherwise authorize. 

Data Transfers

We operate internationally and Personal Data may be transferred out of the jurisdiction where you are located, including to the United States. Data protection laws in jurisdictions to which we transfer Personal Data may differ from those in your jurisdiction and may not provide the same level of data protection compared to the laws in the jurisdiction in which you are located.

When we transfer Personal Data subject to the data protection laws of the European Union (“EU”), European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”) outside of the EU, EEA, Switzerland, and UK, we will rely on a framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission or equivalent body.

Your Rights

Depending on the jurisdiction in which you reside and/or are located, you may have certain privacy rights. We describe rights that you may be legally entitled below.

As the rights described below are provided by law, there may be limitations or exceptions that apply to your request in accordance with applicable legal requirements. We have described these rights generally, without noting all applicable or potentially applicable limitations or exceptions. When you make a request, we may provide more detailed information regarding any legal requirements applicable to your request and whether any exception or limitation applies.

Subject to certain limitations and exceptions, depending on the jurisdiction in which you reside and/or are located, you may have the rights to request to:

• Confirm we are processing your Personal Data;
• Access to your Personal Data;
• Correct inaccuracies in your Personal Data, taking into account the Personal Data’s nature and our purposes for processing that Personal Data;
• Delete your Personal Data;
• Receive a copy of Your Personal Data in a portable and, to the extent technically feasible, readily usable format;
• Obtain information regarding third parties to whom we disclosed Personal Data; and
• Withdraw your consent, to the extent our processing of Personal Data relies on your consent.

Please use this DSAR Intake Formto make your request to exercise any of the rights (Data Subject Rights) listed above or contact us as described in the How To Contact Us section of this Privacy Policy and clearly identifying the exercise of one of your privacy rights as the reason you are contacting us. To appeal a decision regarding a request to exercise these rights, please describe the issue and request an appeal by responding to our communication of our decision, contact us through the DSAR Intake Form, or contact us as described in the How To Contact Us section of this Privacy Policy and clearly identifying the exercise of one of your privacy rights as the reason you are contacting us.

Before we can respond to your request, we may be legally required to verify your identity. Your request must provide information sufficient to verify you are the person about whom we collected Personal Data or an authorized agent of that person. In order to verify your request, we may ask you to provide information such as your name, e-mail address, or phone number. Your request must include sufficient detail for us to properly understand, evaluate, and respond to it. If we are not able to verify your request, we will contact you for more information. If we are unable to verify your identity or authority to make the request and confirm the Personal Data relates to you, we may not be able to respond to your request.

You may designate someone to submit requests and act on your behalf as an authorized agent. We may mandate additional requirements for requests submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf. Either way, you and/or your authorized agent must provide sufficient information to us that would allow us to verify your identity.

You may also have the right to lodge a complaint with a regulatory authority in your jurisdiction.

How We Protect Personal Data Transmission

The security and confidentiality of your Personal Data is important to us. We maintain commercially reasonable safeguards designed to maintain security of Personal Data. However, due to the nature of and inherent risks in Internet and electronic communications, we cannot guarantee the security of any Personal Data you provide us.

Retention of Personal Data

We will retain Personal Data we collect for as long as required to satisfy the purpose for which it is collected and used (for example, the time necessary to answer your questions or resolve technical problems) unless a longer period is required or permitted by law, such as to fulfill our legal obligations or to establish, protect, or defend legal claims. Our policies for data retention are consistent with this statement. 

Additional Information

Information for California Residents

This section provides additional information for residents of the State of California with respect to Personal Data of California residents and their households (“California Personal Data”) in accordance with the California Consumer Privacy Act (“CCPA”), excluding information subject to applicable exceptions from the CCPA, such as deidentified information.

This section also does not apply to our employees or contractors, nor to any emergency contact, beneficiary, or dependent of our employees or contractors.

Additionally, this section applies only to the extent we direct the purposes and means of California Personal Data processing and otherwise qualify as a “business” under the CCPA. It does not apply to our activities as a “service provider,” as that term is defined under the CCPA, to our business customers or to California Personal Data that we process in that capacity.

California Personal Data We Collect

The Personal Data described in the Personal Data We Obtain Through the Services section above may include the categories of California Personal Data listed below. We may collect, and may have collected in the preceding 12 months, those categories of California Personal Data.

• Identifiers, including online identifiers.
• Commercial information.
• Internet and other electronic activity information.
• Inferences drawn from your activity.
• Professional or employment-related information.
• Education information.
• Geolocation data.
• Other categories of personal information described in California law.
• Sensitive personal information, including precise geolocation data and certain payment card information.

Sources of California Personal Data We Collect

We collect California Personal Data from the sources described in the Personal Data We Collect or Receive section above.

Purposes for Using, Disclosing, and Otherwise Processing California Personal Data

We may collect and use the categories of California Personal Data described in the “California Personal Data We Collect” subsection above for one or more of the business and commercial purposes described in the “How We Use Personal Data” section above. Notwithstanding the foregoing, we do not use, disclose, or otherwise process California Personal Data defined as “sensitive personal information” under the CCPA for purposes other than those specified in California Code of Regulations § 7027(m).

Disclosures of California Personal Data for a Business Purpose

In the preceding 12 months, we may have disclosed the categories of California Personal Data listed below to the categories of third parties identified below for a business purpose:

• Identifiers, including online identifier—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Commercial information—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Internet and other electronic activity information—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Inferences drawn from your activity—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Professional or employment-related information—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Education information—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Geolocation data—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Other categories of personal information described in California law—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above.
• Sensitive personal information, including precise geolocation data and certain payment card information—with our affiliates, service providers, and as otherwise described in the Personal Data Sharing section above. Notwithstanding the foregoing, we do not use, disclose, or otherwise process California Personal Data defined as sensitive under the CCPA for purposes inconsistent with those in California Code of Regulations § 7027(m).

Sales of California Personal Data and Sharing of California Personal Data for Cross- Context Behavioral Advertising

We do not sell California Personal Data collected through the Services or share California Personal Data collected through the Services for cross-context behavioral advertising purposes. We have not sold California Personal Data collected through the Services or shared California Personal Data collected through the Services for cross-context behavioral advertising purposes in the preceding 12 months. We do not have actual knowledge that we sell California Personal Data of consumers under 16 years of age or share the California Personal Data of consumers under the age of 16 for cross-context behavioral advertising purposes.

Additional Privacy Rights Information for California Residents

In addition to the rights described in the Your Rights section above, California residents may have the right to:

• Request to receive certain information about our collection, use, and disclosure of their California Personal Data during the applicable period of time for your request. Depending on the scope of the request, this information could include the following:
  • The categories of California Personal Data we collected.
  • The categories of sources for the California Personal Data we collected.
  • Our business or commercial purpose for collecting California Personal Data about you.
  • The categories of third parties to whom we disclose your California Personal Data generally.
  • The specific pieces of California Personal Data we collected.
  • If we disclose your California Personal Data for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Data for a business purpose identifying the categories of California Personal Data disclosed to those parties during the applicable period of time for your request.
• Not receive discriminatory treatment for exercising rights under the CCPA, subject to certain exceptions.
• Request certain information under California’s “Shine the Light” law, if the California resident has an established business relationship with us, to request certain information regarding our disclosures of their personal information (as defined by that law) during the preceding year, if any, to third parties for those parties’ own direct marketing purposes. If you are a California resident who has an established business relationship with us and wish to exercise your rights under that law, >please send your written request by mail to Wabtec Privacy Counsel, ATTN: Shine the Light Request, 30 Isabella Street, Pittsburgh, PA, 15212.

Please use this DSAR Intake Form to make your request to exercise any of the rights listed above or contact us as described in the How To Contact Us section of this Privacy Policy and clearly identifying the exercise of one of your privacy rights as the reason you are contacting us.

Notice to Subjects Whose Personal Data Is Processed in South Africa

In terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”), the definition of Personal Data extends to existing juristic persons (i.e. legal entities). Accordingly, in respect of any processing that occurs in South Africa, the terms of this Privacy Policy will apply equally to any Personal Data relating to companies or other legal entities (such as corporate registration details, addresses, banking details etc.) that may be obtained via the Services.

Children’s Personal Data

The Services are designed for a general audience and are not directed to or intended for use by children under the age of 18. We do not knowingly collect or solicit Personal Data from children under the age of 18 through the Services. If you believe that a child under the age of 18 may have provided us with Personal Data, please contact us as specified in the How To Contact Us section of this Privacy Policy.

Deidentified Data

We will maintain and use deidentified data that does not constitute Personal Data in deidentified form and will not attempt to reidentify such deidentified information except to the extent permitted under applicable law. We process Personal Data as described in this Policy.

Your Choices

You may choose not to provide us Personal Data. However, not providing Personal Data we request may restrict your ability to use certain features of the Services.

We may also send you marketing communications via email. In addition to the “Unsubscribe” link contained in each of our e-mail marketing communications, you may opt-out of receiving Wabtec newsletters or other e-mail marketing communications from Wabtec by sending an e-mail to privacy [at] wabtec [dot] com (privacy[at]wabtec[dot]com).

You may use opt-out preference signals, which are generally designed to communicate preferences to opt-out of sales or disclosures for targeted advertising, but the Services do not engage in such sales or disclosures therefore will not respond to such signals.

Changes to Our Privacy Policy

We reserve the right to update this Policy from time to time in order to reflect any changes to our products or services or to comply with changes in our legal and/or regulatory obligations. If we modify our Policy, we will post the revised version on the relevant Services, with an updated revision date at least thirty days prior to such changes being effective. Where such changes are substantial, we will also notify you by other means prior to the changes taking effect, such as by sending you an email notification or through the Services, products or services. By continuing to use our Services thirty days after such revisions are in effect, you will be deemed to accept and agree to the revisions and to abide by them.

How to Contact Us

Please use this DSAR Intake Form to make your request to exercise any of the rights (Data Subject Rights) listed above in the section on Your Rights.

If you have any questions or comments about this Privacy Policy or if you would like us to update information we have about you or your preferences, please contact us by emailing privacy [at] wabtec [dot] com (privacy[at]wabtec[dot]com), calling our toll-free privacy line at 1-855-703-9388, or writing to us at the below addresses:

Attn: Chief Privacy Counsel
30 Isabella Street
Pittsburgh, PA, 15212 - USA

Contact information for our Brazil and South Africa Data Protection Officers in below:

Brazil Data Protection Officer
Henrique Tavares
Email: henrique [dot] tavares [at] wabtec [dot] com
Phone: 55 31 999307520

South Africa Data Protection Officer
Tshepo Mashokwe
Email: tshepo [dot] mashokwe [at] wabtec [dot] com
Phone: +2711 0324055

Privacy Policy Translations
Privacy Policy - Arabic
Privacy Policy - Chinese
Privacy Policy - Czech
Privacy Policy - Danish
Privacy Policy - Dutch
Privacy Policy - French (Canada)
Privacy Policy - French (France)
Privacy Policy - German
Privacy Policy - Hungarian
Privacy Policy - Italian
Privacy Policy - Kazakh
Privacy Policy - Macedonian
Privacy Policy - Polish
Privacy Policy - Portuguese
Privacy Policy - Russian
Privacy Policy - Spanish
Privacy Policy - Swedish
Privacy Policy - Turkish