The Power of Flight

CFM Privacy Policy

Last Updated: October 2024
CFM International and its affiliates (“CFM Inc. and S.A.”), a 50/50 joint company of Safran Aircraft Engines and General Electric Company, operating as GE Aerospace, has set up a client CFM Portal that leads to the processing of CFM engine models data.

CFM Customers with signed agreements, which may include General Terms Agreements, Service Agreements, or Maintenance Agreements (collectively, “Existing Agreements”) may be provided access to CFM’s Portal. Such Existing Agreements determine specific access rights to CFM websites and CFM Portal on an engine model basis, providing access to various digital support tools (Technical Documentation, Engines Health, Diagnostics, Inquiry, Warranty etc.).

CFM is committed to respecting the applicable regulations concerning the protection of personal data and the privacy of its Customer’s employees, including but not limited to the European regulation on the protection of Personal Data (GDPR).

CFM offers services such as:
  • online consultation or downloading of technical documentation for the Customer's CFM engines;
  • viewing Customer engine health monitoring information;
  • submission of Customer requests (expertise, contract information, warranty, etc.);
  • the recovery of support tools made available to the Customer;
  • ordering spare parts (via redirect links);
  • consultation of the payment status of invoices;
  • access to training on CFM engines (training schedule and registration for sessions).

During the provision of these services, personal data may be processed by CFM website or CFM Portal. This Privacy Policy applies to any personal data that could be processed during the provision of CFM services.
1. Definitions
  • Applicable Privacy Law: means any law or regulation relating to processing of Personal Information, which in respect of EU and UK Personal Information shall always include but not limited to European regulation 2016/679 on Personal Information protection (General Data Protection Regulation “GDPR”) and UK Privacy Laws
  • CFM Portal: refers to any website used by Customers to manage the information and data necessary for the execution of the contract.
  • Customer: legal entity with which CFM has a current executed a contract with.
  • Customer Personal Information: is defined as any Personal Information that is obtained in the context of the provision of services by CFM to a Customer under a Service Agreement and which CFM processes on behalf of the Customer. Such Personal Information may include, for example, professional identification information used to log into CFM services, system and machine log data, and business communications that a Customer maintains and processes on CFM services.
  • Personal Information: any information relating to an identified or identifiable natural person; a natural person who can be identified, directly or indirectly, is deemed to be an “identifiable natural person”.
  • Processing refers: any action or set of actions that is performed on Personal Information, whether in whole or part by automated means, such as collecting, recording, organizing, storing, modifying, using, disclosing or deleting such information and “process(es)” will be interpreted accordingly.
  • A Service Agreement: any agreement under which CFM provides services to a Customer that involve processing of CFM Customer Personal Information, and which incorporates wording requiring CFM to comply with this Policy when providing such services.
  • User: refers to any natural person, working for a Customer of CFM companies and having access to the Site.
2. Processing of Personal Information
CFM will comply with Applicable Privacy Laws (for example, GDPR principles like fairness, proportionality, transparency, etc.) when processing Personal Information and will provide reasonable cooperation and assistance to Customers to facilitate their observance of the same principles. Where required by Applicable Privacy Law, this shall include assisting Customers with privacy impact assessments, necessary consultations with relevant data protection authorities and with implementing compliance measures such as privacy by design and by default.

CFM may obtain Personal Information through the performance of a Service Agreement. The types of Personal Information CFM may obtain include:
  • contact information (such as name, professional phone and fax number, professional email and postal address) for Customer or for others (e.g., principals in CFM);
  • information used to create any CFM online account (such as username, password and security question and answer);
  • purchase and Customer service history;
  • location data where CFM has provided notice and choice, as appropriate;
  • training activity (such as product training certification and learner evaluation, completion time, training scoring)
  • audio, electronic, or visual information;
  • clickstream data and other information about online activities (such as information about devices, browsing actions and usage patterns), including third-party websites, that CFM obtains through the use of cookies, web beacons and similar technologies (see CFM Cookie Consent Tool).
    • CFM may use the Personal Information for the follow purposes:
  • provide and administer CFM products and services;
  • process and fulfill orders and keep Customer informed about the status of Customer’s order;
  • perform data analytics (such as market research, trend analysis, financial analysis and Customer segmentation);
  • engage in ad retargeting and evaluate the effectiveness of CFM marketing efforts (including through CFM participation in ad networks);
  • provide Customer support;
  • process, evaluate and respond to requests, inquiries and applications;
  • create, administer and communicate with Customer about Customer’s account (including any purchases and payments);
  • administer and register participants in CFM technical courses;
  • conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of CFM advertising and marketing campaigns and managing CFM brand);
  • operate, evaluate and improve CFM business (such as by administering, enhancing and improving CFM products and services; developing new products, services and Online Channels (for example, websites, mobile applications or social media pages); managing CFM communications and Customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities);
  • verify Customer’s identity and protect against and prevent fraud and other unlawful activity, unauthorized transactions, claims and other liabilities, and manage risk exposure and quality;
  • conduct investigations and comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and CFM policies and terms (such as this Privacy Policy); and
  • maintain and enhance the safety and security of CFM products, services, Online Channels (for example, websites, mobile applications or social media pages), network services, information resources and employees.
This Personal Information may be collected either directly from Customers Personnel, or indirectly via public directories or professional networks with public data. CFM will only use Personal Information for the purposes stated, unless the new purpose is compatible with the purposes stated in this Privacy Policy, for example, legal prescription rule, legal proof or litigation management.
3. Personal Information Sharing
CFM does not sell or otherwise disclose Personal Information about Customer except as described in this privacy policy or at the time of collection.

  • CFM may share Personal Information within CFM for the purposes described in this Privacy Policy.
  • CFM may share Personal Information with service providers CFM have retained to perform services on our behalf (such as, order fulfillment, Customer support and data analytics). These service providers are contractually required to safeguard the information provided to them and are restricted from using or disclosing such information except as necessary to perform services on our behalf or to comply with legal requirements.
  • CFM may share Personal Information with our joint marketing partners and other business partners for the purposes described in this Privacy Policy.
  • CFM may disclose Personal Information about Customer (1) if CFM is required or permitted to do so by applicable law or legal process (such as a court order or subpoena), (2) to law enforcement authorities or other government officials to comply with a legitimate legal request, (3) when CFM believes disclosure is necessary to prevent physical harm or financial loss, (4) to establish, exercise or defend our legal rights, (5) in connection with an investigation of suspected or actual fraud or illegal activity or (6) otherwise with Customer’s consent.
4. Retention of Personal Information
To the extent permitted by Applicable Privacy Law, CFM retains Personal Information CFM obtains about Customer as long as (1) it is needed for the purposes for which CFM obtained it, in accordance with the provisions of this Privacy Policy or (2) CFM has another lawful basis, stated in this Privacy Policy or at the point of collection, for retaining that information beyond the period for which it is necessary to serve the original purpose for obtaining the Personal Information.
5. Legal basis
In general, CFM will process Personal Information in one of the following situations:
  • where the processing is in connection with CFM’s performance of a Service Agreement:
    • to provide tools to be in contact with the personnel of its Customers in order to manage the contracts concluded between CFM and its Customers;
    • to share technical documentation with Customers;
    • to provide performance indicator to improve the quality of service;
    • for Customer relationship management.
  • where the processing is necessary for compliance with the regulations to which CFM is subject, in particular those relating to fraud, due diligence, cybersecurity or Applicable Privacy Law or;
  • where CFM's legitimate interest may apply.
6. Sensitive Personal Information
The nature of Service Agreements between CFM and its Customers would not require sensitive Personal Information processing, but if that would be the case, sensitive Personal Information will be only collected, processed, and hosted in compliance with Applicable Privacy Laws.
7. Working with Suppliers
In the ordinary course of operations, CFM may provide Personal Information to selected suppliers or service providers hired to perform certain processing or other services on its behalf. CFM will strive to ensure that new supplier engagements provide for processing of Personal Information in a manner consistent with this Privacy Policy and Applicable Privacy Law by means of a legal relationship established through a contract or other legally binding and permissible means. Under such contracts, suppliers must implement adequate security measures and may only process Personal Information in accordance with CFM’s instructions.
8. Cookies
Like most companies, CFM uses cookies and similar technologies (“cookies”) on its websites to personalize and enhance Customer’s experience on our sites. A cookie is a file that the visited site stores on the computer or on any peripheral used to browse the Internet, in order, for instance, to send session information for each page, or to record that a particular page has been accessed. The aim is to optimize browsing in terms of its convenience, efficiency and pertinence. The information is stored in the cookie for a limited time. It is anonymous and relates to the pages visited and the time spent on each, the means used for browsing (operating system, browser and resolution, etc.), the searches made, and the IP address, in order to make rough groupings by geographical area etc. For those affected, a module for managing cookie storage is available on the CFM Internet site.
9. Users’ responsibility for the content posted and/or published
Users' responsibility for the content posted and/or published each data subject is responsible for the content he/she publishes and the actions he/she takes: no anonymous content is possible. The content posted or published must comply with the applicable regulations on the protection of Personal Information and respect for privacy. Contributions shall be of a strictly professional nature and may not deal with personal matters such as politics, religion or the morals of a person. They shall not contain any offensive or defamatory material.
10. Security of Personal Information
CFM has implemented physical, logical and organizational measures to protect the Personal Information of the data subjects so that it is not lost, altered or disclosed to unauthorized third parties. Personal Information is protected against unauthorized access, use or disclosure by using encryption procedures and access limitations. The precise measures in each case will depend on the risks, the possible consequences to individuals, the sensitivity of the information, the state of technological art, the context in which the processing is carried out, and (where appropriate) the obligations contained in any Applicable Privacy Law or under any Service Agreement. For example, access to Personal Information will be limited to Users who require access to Personal Information in the course of their duties.

In accordance with Applicable Privacy Law, CFM will provide reasonable assistance to Customers in ensuring the security of their processing and will inform Customers with respect to Customer Personal Information, and relevant individuals with respect to CFM Personal Information, of any security breach that could significantly affect them, as well as the measures CFM is taking for its resolution. CFM will seek to provide this information without undue delay, in order to enable the affected parties to protect their rights.
11. Confidentiality
CFM will maintain the confidentiality of Personal Information that CFM processes, except where disclosure is required by an applicable operational or legal requirement. This obligation shall continue even after the relationship with the Customer has ended.
12. Transfers of Personal Information
CFM may host Personal Information in the United States. Furthermore, due to the international dimension of CFM, transfers of Personal Information may happen. For example, Standard Contractual Clauses can be signed as required. Where required by Applicable Privacy Laws, a copy of the Standard Contractual Clauses could be sent to Customer personnel upon their request.

Additionally, CFM will be entitled to carry out cross-border transfers outside CFM when a transfer tool as defined by Applicable Privacy Laws applies.
13. Rights of the data subject
In accordance with Applicable Privacy Law, an individual who has satisfactorily established his or her identity to CFM may exercise the following rights in relation to CFM Personal Information that CFM holds about him or her. Should CFM determine that the exercise of a right is not valid, CFM will inform the individual of the reasons that led to this conclusion.

Should CFM determine that the exercise of an individual’s right relates to CFM Personal Information, CFM will communicate this fact promptly, to the relevant Customer. Further, CFM will, at the Customer’s cost or as otherwise agreed in a Service Agreement, provide reasonable assistance to Customers in meeting their processing obligations towards individuals.
The data subject has the right to access, rectify and erase Personal Information, and the right to restrict its processing, to data portability, and to object to processing. He/she may exercise the rights by contacting CFM: [email protected] and/or [email protected].

In case of doubt as to the identity of the person concerned, proof of identity may be requested.

If CFM fails to respond or if its response is unsatisfactory to the requestor, the individual may also lodge a complaint with a supervisory authority for the protection of Personal Information. For example, for France, go to the site: https://www.cnil.fr/

In accordance with Applicable Privacy Law, an individual who has satisfactorily established his or her identity to CFM may exercise the following rights in relation to CFM Personal Information CFM holds about him or her. Should CFM determine that the exercise of a right under this section of the Privacy Policy is not valid, CFM will inform the individual of the reasons that led to this conclusion.

Should CFM determine that the exercise of an individual’s right under this section of the Privacy Policy relates to CFM Customer Personal Information, CFM will communicate this fact promptly, to the relevant Customer and will not respond to the relevant individual unless authorized by the Customer to do so. Further, CFM will, at the Customer’s cost or as otherwise agreed in a Service Agreement, provide reasonable assistance to Customers in meeting their processing obligations towards individuals.

In particular, CFM will execute any necessary measures, as reasonably requested by the Customer, in relation to the rectification, deletion or anonymization of CFM Customer Personal Information.
14. Changes to CFM Privacy Policy
This Privacy Policy may be updated periodically and without prior notice to Customer to reflect changes in our information practices. CFM will indicate at the top of this Privacy Policy when it was most recently updated.