Last Updated: March 2025

CFM International, a 50/50 joint company between GE Aerospace and Safran Aircraft Engines, is committed to respecting the applicable regulations concerning the protection of personal data and the privacy of those accessing its website, including but not limited to the European regulation on the protection of Personal Data (GDPR).

This Privacy Policy applies to any personal data that could be processed during such access.

1. Definitions

– Applicable Privacy Law: means any law or regulation relating to processing of Personal Information, which in respect of EU and UK Personal Information shall always include but not limited to European regulation 2016/679 on Personal Information protection (General Data Protection Regulation “GDPR”) and UK Privacy Laws

– CFM Portal: refers to any website used by Customers to manage the information and data necessary for the execution of the contract.

– Customer: legal entity with which CFM has a current executed a contract with.

– Customer Personal Information: is defined as any Personal Information that is obtained in the context of the provision of services by CFM to a Customer under a Service Agreement and which CFM processes on behalf of the Customer. Such Personal Information may include, for example, professional identification information used to log into CFM services, system and machine log data, and business communications that a Customer maintains and processes on CFM services.

– Personal Information: any information relating to an identified or identifiable natural person; a natural person who can be identified, directly or indirectly, is deemed to be an “identifiable natural person”.

– Processing refers: any action or set of actions that is performed on Personal Information, whether in whole or part by automated means, such as collecting, recording, organizing, storing, modifying, using, disclosing or deleting such information and “process(es)” will be interpreted accordingly.

– A Service Agreement: any agreement under which CFM provides services to a Customer that involve processing of CFM Customer Personal Information, and which incorporates wording requiring CFM to comply with this Policy when providing such services.

– User: refers to any natural person, working for a Customer of CFM companies and having access to the Site.

2. Processing of Personal Information

– CFM will comply with Applicable Privacy Laws (for example, GDPR principles like fairness, proportionality, transparency, etc.) when processing Personal Information and will provide reasonable cooperation and assistance to facilitate their observance of the same principles. Where required by Applicable Privacy Law, this shall include assisting users with privacy impact assessments, necessary consultations with relevant data protection authorities, and with implementing compliance measures such as privacy by design and by default.

– CFM may obtain Personal Information through the performance of a Service Agreement. The types of Personal Information CFM may obtain include:

– contact information (such as name, professional phone and fax number, professional email and postal address) for users accessing the website.

– location data where CFM has provided notice and choice, as appropriate;

– clickstream data and other information about online activities (such as information about devices, browsing actions and usage patterns), including third-party websites, that CFM obtains through the use of cookies, web beacons and similar technologies (see CFM Cookie Consent Tool).

– CFM may use the Personal Information for the follow purposes:

– perform data analytics (such as market research, trend analysis, financial analysis and Customer segmentation);

– engage in ad retargeting and evaluate the effectiveness of CFM marketing efforts (including through CFM participation in ad networks);

– process, evaluate and respond to requests, inquiries and applications;

– conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of CFM advertising and marketing campaigns and managing CFM brand);

– operate, evaluate and improve CFM business (such as by administering, enhancing and improving CFM products and services; developing new products, services and Online Channels (for example, websites, mobile applications or social media pages); managing CFM communications.

– This Personal Information may be collected either directly or indirectly via public directories or professional networks with public data. CFM will only use Personal Information for the purposes stated, unless the new purpose is compatible with the purposes stated in this Privacy Policy, for example, legal prescription rule, legal proof or litigation management.

3. Personal Information Sharing

– CFM does not sell or otherwise disclose Personal Information except as described in this privacy policy or at the time of collection.

– CFM may share Personal Information within CFM for the purposes described in this Privacy Policy.

– CFM may share Personal Information with our joint marketing partners and other business partners for the purposes described in this Privacy Policy.

– CFM may disclose Personal Information about Customer (1) if CFM is required or permitted to do so by applicable law or legal process.

4. Retention of Personal Information

– To the extent permitted by Applicable Privacy Law, CFM retains Personal Information CFM obtains as long as (1) it is needed for the purposes for which CFM obtained it, in accordance with the provisions of this Privacy Policy or (2) CFM has another lawful basis, stated in this Privacy Policy or at the point of collection, for retaining that information beyond the period for which it is necessary to serve the original purpose for obtaining the Personal Information.

5. Legal basis

– In general, CFM will process Personal Information where CFM’s legitimate interest may apply.

6. Sensitive Personal Information

– Sensitive Personal Information will be only collected, processed, and hosted in compliance with Applicable Privacy Laws.

7. Working with Suppliers

– In the ordinary course of operations, CFM may provide Personal Information to selected suppliers or service providers hired to perform certain processing or other services on its behalf. CFM will strive to ensure that new supplier engagements provide for processing of Personal Information in a manner consistent with this Privacy Policy and Applicable Privacy Law by means of a legal relationship established through a contract or other legally binding and permissible means. Under such contracts, suppliers must implement adequate security measures and may only process Personal Information in accordance with CFM’s instructions.

8. Cookies

– Like most companies, CFM uses cookies and similar technologies (“cookies”) on its websites to personalize and enhance the user experience on our site. A cookie is a file that the visited site stores on the computer or on any peripheral used to browse the Internet, in order, for instance, to send session information for each page, or to record that a particular page has been accessed. The aim is to optimize browsing in terms of its convenience, efficiency and pertinence. The information is stored in the cookie for a limited time. It is anonymous and relates to the pages visited and the time spent on each, the means used for browsing (operating system, browser and resolution, etc.), the searches made, and the IP address, in order to make rough groupings by geographical area etc. For those affected, a module for managing cookie storage is available on the CFM Internet site.

9. Security of Personal Information

– CFM has implemented physical, logical, and organizational measures to protect the Personal Information of the data subjects so that it is not lost, altered, or disclosed to unauthorized third parties. Personal Information is protected against unauthorized access, use or disclosure by using encryption procedures and access limitations. The precise measures in each case will depend on the risks, the possible consequences to individuals, the sensitivity of the information, the state of technological art, the context in which the processing is carried out, and (where appropriate) the obligations contained in any Applicable Privacy Law.  For example, access to Personal Information will be limited to Users who require access to Personal Information in the course of their duties.

– In accordance with Applicable Privacy Law, CFM will provide reasonable assistance to users in ensuring the security of their processing and will inform users with respect to Personal Information, and relevant individuals with respect to CFM Personal Information, of any security breach that could significantly affect them, as well as the measures CFM is taking for its resolution. CFM will seek to provide this information without undue delay, in order to enable the affected parties to protect their rights.

10. Confidentiality

– CFM will maintain the confidentiality of Personal Information that CFM processes, except where disclosure is required by an applicable operational or legal requirement. This obligation shall continue even after the relationship with the Customer has ended.

11. Transfers of Personal Information

– CFM may host Personal Information in the United States. Furthermore, due to the international dimension of CFM, transfers of Personal Information may happen.

– Additionally, CFM will be entitled to carry out cross-border transfers outside CFM when a transfer tool as defined by Applicable Privacy Laws applies.

12. Rights of the data subject

– In accordance with Applicable Privacy Law, an individual who has satisfactorily established his or her identity to CFM may exercise the following rights in relation to CFM Personal Information that CFM holds about him or her. Should CFM determine that the exercise of a right is not valid, CFM will inform the individual of the reasons that led to this conclusion.

– Should CFM determine that the exercise of an individual’s right relates to CFM Personal Information, CFM will communicate this fact promptly, to the relevant user.

– The data subject has the right to access, rectify, and erase Personal Information, and the right to restrict its processing, to data portability, and to object to processing. He/she may exercise the rights by contacting CFM: dpo.sae@safrangroup.com and/or GEAerospace.Privacy@ge.com.

– In case of doubt as to the identity of the person concerned, proof of identity may be requested.

– If CFM fails to respond or if its response is unsatisfactory to the requestor, the individual may also lodge a complaint with a supervisory authority for the protection of Personal Information. For example, for France, go to the site: https://www.cnil.fr/

– In particular, CFM will execute any necessary measures, as reasonably requested by the user, in relation to the rectification, deletion or anonymization of CFM Customer Personal Information.

13. Changes to CFM Privacy Policy

– This Privacy Policy may be updated periodically and without prior notice to users to reflect changes in our information practices. CFM will indicate at the top of this Privacy Policy when it was most recently updated.