Page last updated: November 2020
Ultra is committed to safeguarding the personal data of all data subjects. Known as Personally Identifiable Information in some of the countries where Ultra operates, personal data is only ever processed where there is legitimate and lawful reason to do so. Where explicit consent is required Ultra commits to obtaining and recording this from data subjects before processing commences.
Ultra collects and processes information about data subjects as part of its day-to-day operations. This includes personal data relating to individuals who work for Ultra in any capacity and personal data processed for customers, suppliers, partners and other parties.
All processing of personal data is undertaken in compliance with prevailing data protection and privacy law in the countries where we operate. This commitment is essential to ensure that personal data remains safe and the rights of data subjects are respected. These laws include:
- UK – Data Protection Act 2018 and the General Data Protection Regulation (GDPR)
- Europe – the General Data Protection Regulation (GDPR)
- USA – US Federal Trade Commission and State legislation insofar as it is published, the California Consumer Privacy Act (2018) for example
- Canada - Personal Information Protection and Electronic Documents Act (PIPEDA) and equivalent Provincial law specifically the Quebec Privacy Act
- Australia – Australian Privacy Act (1988) and the Australia Privacy Principles
Compliance with data protection and privacy legislation is regulated by Supervisory Authorities within each jurisdiction. Ultra is committed to meeting the data protection standards recommended by the Supervisory Authorities in the countries were we operate, namely:
- UK Information Commissioner’s Office (ICO) https://ico.org.uk
- The Australian Privacy Commissioner https://www.oaic.gov.au/
- Office of the Privacy Commissioner of Canada https://www.priv.gc.ca/en
- Commissariat à la protection de la vie privée du Canada https://www.priv.gc.ca/fr/
- US Federal Trade Commission https://www.ftc.gov/about-ftc
- US Privacy Shield Framework https://www.privacyshield.gov/
Failure to comply with prevailing data protection and privacy legislation within the jurisdiction of a supervisory authority may expose Ultra and, in some cases, individual employees to serious legal liabilities. For this reason all individuals who work for Ultra in any capacity in the UK receive data protection and privacy training both as part of their induction and as refresher activity, and in other countries where we operate data privacy training is held locally. Biennial data protection and privacy training for all employees globally is next planned for May 2021.
Ultra will only share personal data with other parties (including Ultra entities) where there is a legitimate and lawful reason in accordance with data protection and privacy legislation. Ultra will not engage other parties to undertake processing of personal data on behalf of Ultra without standard contractual clauses and / or non-disclosure agreements to protect the personal data in place. Any high-volume cross-border transfer of personal data between Ultra businesses requires inter-company Data Processing Agreements. All suppliers and other partners accept data protection clauses as part of any commercial arrangements with Ultra as standard.
Ultra formed a GDPR Programme team managed via the PMO in 2017 to implement the changes necessary prior to the GDPR becoming law in May 2018. With governance from a Steering Committee comprising executive sponsors from across Ultra, the framework for managing data protection and privacy both for the GDPR and to meet legislation globally was established. The framework:
The Data Protection Policy (and all other Ultra data protection and privacy policies, procedures and guidelines) is an internal document that applies to all Ultra operations globally. It is reviewed annually, and any updates are communicated to all employees via global HR teams and communication mechanisms including Information and Consultation / Communication Committees, worker forums, intranet, newsletters and notice boards.
Data Protection Impact Assessment
Ultra requires that a Data Protection Impact Assessment (DPIA) is carried out when a proposed new initiative necessitates the processing of personal data. Examples include implementation of new technologies and changes to work processes requiring the processing of personal data. DPIA are approved by the Group Data Protection Officer who is responsible for providing guidance and recommendations for all data protection and privacy issues.
- Name, company and job title
- Contact information including e-mail address
- Demographic information
- Your preferences and interests from a business perspective
- Information relating to your market sector or business domain
- Information associated with surveys, business opportunities or employment (please refer to the Recruitment section)
We may use your Personal Data to:
- Communicate with you using commonplace technology (e-mail, telephone, tele-conferencing for example)
- Engage in business transactions with you to process orders for Ultra products and services
- Contact you about current and potential business and employment opportunities
- Send newsletters, bulletins and circulars
- Invite you to business events hosted by us or by other parties
- Improve our products and services and for other market research and surveys
- Send promotional materials or other information we think you will find interesting
- Undertake any other business activity associated with our interactions with you
It is not our intention to collect Personal Data from children and we do not promote or market our services to children. If you are a parent or legal guardian and believe that your child has given us Personal Data, please contact our Group Data Protection Officer (please refer to the Further information section).
We respect your privacy and will not share any Personal Data collected from you via whatever means except when required by law, including (without limitation) compliance with applicable data protection and privacy laws or judicial proceedings, court orders or any other legal processes, without fair and legitimate reason to do so. Any Personal Data you share with us will be treated with care and only used for the purposes set out in this global Data Privacy notice. Ultra will not sell any of your Personal Data.
We are committed to ensuring that your Personal Data is secure. In order to prevent unapproved access or disclosure we have put in place technical and organisational measures to safeguard and secure the Personal Data we collect.
We generally retain your Personal Data for as long as needed to manage our relationship with you. We carry out periodic reviews of the Personal Data we hold to ensure it is up to date and accurate.
- Access - You may request access to a copy of your Personal Data and further information about how we deal with your Personal Data.
- Accuracy - You may request that we correct, delete or restrict the use of any inaccurate Personal Data we hold.
- Erasure - You may request that we erase Personal Data we are holding where it is no longer being used for the purpose it was originally submitted for.
If you have any questions or concerns about this global Data Privacy notice or wish to exercise your rights our Group Data Protection Officer can be contacted via:
Post: Group Data Protection Officer, Ultra Electronics, 35 Portman Square, London, W1H 6LR, United Kingdom
We reserve the right to review the information contained in this global Data Privacy notice, please refer to this page frequently to view any changes or updates.
As part of any recruitment process Ultra collects and uses Personal Data relating to job applicants. This global Data Privacy notice applies to all prospective applicants and candidates during the recruitment and selection process for a role within Ultra. The application may be for a permanent, temporary or fixed term contract of employment as well as applications from candidates applying for an Apprenticeship or Graduate placement or to provide services via a Limited Company supplier agreement or through an Employment Agency or Umbrella Company.
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes the Ultra’s slavery and human trafficking statement for the financial year ending 31 December 2019
Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking. These have in common the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain. Ultra Electronics and its subsidiaries (“Ultra”) has a zero-tolerance approach to modern slavery.
Ultra is committed to acting ethically and with integrity in all its business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery does not take place anywhere in its business or in any of its supply chains.
Ultra Electronics Holdings plc is the group parent company. Its head office is in the UK and it also has other global offices and facilities, predominantly in the USA, Australia and Canada.
Ultra specialises in providing application-engineered bespoke solutions. We focus on our customers’ mission critical and intelligent systems in the defence, security, critical detection & control markets.
Ultra is organised into five strategic business units:
- Our Maritime division focusses on mission-centric equipment and systems primarily across the five-eyes nations (Australia, Canada, New Zealand, UK and USA).
- Intelligence & Communication provides mission-critical, multi-domain intelligence, communications, command & control, cyber security and electronic warfare solutions to defence customers.
- Precision Control Systems (PCS) designs and supplies market-leading safety and mission-critical solutions to the military and commercial aerospace markets.
- Forensic Technology is a world-leader in ballistic identification and forensic analysis solutions that help law enforcement agencies around the world to prevent and solve crime.
- Energy focusses on the supply of nuclear safety sensors and systems as well as selected industrial applications, predominantly in the UK, North America and China.
Each of our business units operate autonomously and have responsibility for management of their own supply chain. Policy and guidance is provided centrally from Head office and via the Ultra Procurement Council.
Ultra is committed to ensuring there is transparency in its business and in its approach to tackling modern slavery throughout its supply chains. To this end, modern slavery is regularly discussed at the Procurement Council meetings.
The Procurement Council has determined that, in general, Ultra has a low dependency on goods and services from suppliers that present a high modern slavery risk. The goods and services procured by our businesses tend to be Commercial Off the Shelf (COTS) products, high-end technology or consultancy / professional services from within North America, the UK, Australia or other low risk territories.
The following steps have been introduced by the Procurement Council to prevent modern slavery occurring within Ultra’s supply chains in the future:
- Determining and maintaining acceptable procedures for supplier pre-qualification;
- Ongoing assessment of modern slavery risks based on high country risks and high sector risks;
- Developing common local modern slavery policies;
- Providing a forum for discussing and recording modern slavery occurrences (if any) and preventing future occurrences;
- Developing and introducing training for relevant employees in modern slavery
Ultra expects the same high standards from all of its contractors, suppliers and other business partners and this is communicated:
- In its commercial contracts with external organisations,
- When adding/pre-qualifying suppliers to its vendor base,
- When conducting audits or visits at supplier sites.
Business Managing Directors and Presidents are responsible for the implementation of local slavery and human trafficking policies within their respective businesses. Divisional MDs/Presidents are responsible for monitoring policy compliance by the businesses within their division.
Managing Directors and Presidents shall ensure that:
- A written policy is maintained by their business which strictly prohibits: the use of modern slavery in their business or their supply chains; and their business does not support or engage suppliers where they are aware of modern slavery within the suppliers’ business or supply chains.
- Their business has in place systems to: identify and assess potential risks of modern slavery in their business and their supply chains; mitigate the risk of modern slavery occurring in their business and supply chains; and monitor potential risk areas in their business and supply chains.
- Terms and conditions of purchase forbidding the use of modern slavery practices are adopted by their business with the right to terminate a relationship with a supplier if issues of noncompliance are discovered and/or noncompliance is not addressed in a timely manner.
We have an independently managed confidential reporting line for employees and third parties to report any concerns in relation to modern slavery.
Business leaders have responsibility for providing adequate and regular training to employees in their business to ensure a high level of understanding of the risks of modern slavery occurring in their business and supply chains.
During the year the Procurement Council have continued to provide advice, guidance and training to teams with direct responsibility for relevant supply chains. In addition, Our Procurement teams in each business have been made aware of the Home Office Modern Slavery Awareness and Victim Identification Guidance.
The effectiveness of Ultra’s Modern Slavery policy is measured in the following ways:
- Business compliance with its local modern slavery policy;
- Rolling refresh of business risk assessments to ensure any changes in the profile of supply chain risks are considered, assessed and appropriately managed.
- Review of:
1. the terms and conditions businesses have with their suppliers;
2. the due diligence processes adopted by businesses; and
3. the modern slavery training that has taken place in each business.
- Recording and monitoring modern slavery incidents (if any) within Ultra’s supply chains and, where necessary, developing corrective measures.
The Procurement Council provides oversight and challenge to this review process.
During FY20 we:
- Launched a new Code of Conduct (the “Code”) across the Ultra Group. The Code re-inforces the message that businesses should ensure that suppliers and other partners operate with integrity and to high ethical standards, including those relating to forced or child labour.
- Re-branded and re-launched our independent, anonymous and confidential reporting line for employees.
- Continued to monitor our modern slavery supply chain risks and provided guidance where necessary.
- Continued to screen new suppliers to ensure Modern Slavery compliance.
- Reviewed the feasibility of engaging with external parties to support the evaluation and compliance of our key supply chain partners.
The board of directors of Ultra Electronics Holdings plc. approved this statement at its board meeting dated 28 July 2020.