Privacy Notice

QinetiQ Group Privacy Notice

Updated December 2021

The QinetiQ Group, including all Group companies and individual business areas within the group (“QinetiQ” or “We” or “Us”) are committed to safeguarding all personal information we collect from individuals in the course of our business.

We have developed this Notice to describe how we handle personal information collected from persons who use the QinetiQ website, or who, following an invitation from QinetiQ in the course of any marketing and /or event communication processes, such as in –person, email, telephone, text messaging direct mail and online, provide personal information to QinetiQ.

Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be directly or indirectly identified by reference to an identifier such as name, an identification number, location data, online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural, or social identity of that person.

Sensitive personal information is a subset of personal information and is generally defined as any information related to racial /ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, or other medical information including biometric and genetic data, or sexual life preferences. In some instances, sensitive personal information may also include criminal allegations or convictions, precise geolocation information, financial and bank account numbers and unique identifiers such as government issued security numbers, driver’s licence, and passport numbers.

When you visit the QinetiQ website we collect personal information about your visit. Our web server automatically records details about your visit (for example, your IP address, the type of browser used, the QinetiQ website pages that you visit and the duration of your visit).

In addition we collect the personal details which you provide online, for example, when you enter personal details (e.g. name, gender, address, email address, phone number) on a website registration page.

We also collect personal information directly from you in the course of sales or purchasing activities and/or in connection with marketing events, for instance: business cards; personal contact details; emails and other social media.

In some circumstances we may also collect personal information about you from third parties, such as your employer, or professional organisations to which you belong, or personal information that you have placed in the public domain, such as from Facebook or LinkedIn.

By providing your personal information as described above, or by proceeding with your visit to QinetiQ’s websites, you are accepting and consenting to the practices described in this Privacy Notice, and you agree to the transfer, storing or processing of your personal information in the manner described in this Notice.

If you subsequently wish to withdraw your consent to the collection and handling of your personal information, then you may follow the instructions on any communications you receive from us or contact the Data Protection Officer at:

‘You’, ‘your’, ‘user’ and other similar terms refers to any person who provides their personal information to either a company or an individual working for the QinetiQ Group.

‘QinetiQ Group’, ‘we‘ ‘us’ ‘our’ refers to the QinetiQ Group of companies.

Other websites, which are not operated by the QinetiQ Group, reached by links from these sites are not covered by this Notice. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personal information. Please note that we do not accept any responsibility or liability for policies or the use and/or reliance of data appearing on other websites.

1. Information we collect

We collect and process the following personal information (which may in certain circumstances include sensitive personal information) about you:

Information you give us. This is information about you that you give us by filling in forms on our site or by corresponding with us by phone, e-mail, text messaging, direct mail, online or otherwise. It also includes information you provide us through electronic or hard copy business cards, for instance, when you fill out: contact forms; content download requests; event registration forms; information request forms and/or when you report a problem with our site.

If you are a job applicant we collect, store and use information you provide on your application form(s) for the purposes of recruitment. The information you give us may include your contact details, job application, curriculum vitae, covering letter and any references provided. It may also include sensitive personal information, for instance, on a disability that is relevant to your interview, for which we will require your explicit consent to collect and retain your personal information.

With regard to each of your visits to our website we will automatically collect the following information:

  • technical data, including the Internet Protocol (IP) address used to connect your computer to the Internet, your browser type and version, browser plug-in types and versions, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream, through and from our site; products and/or services you viewed or searched for, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page.

We, by using a tracking code from a third party provider, also collect information on the public IP address of the requesting computer. This tool provides us with information as to the company that has visited our website(s), but individuals cannot be identified by this tool.

2. Cookies

Cookies are small files of letters and numbers. These files are either stored in the memory of your computer or other device such as mobile phones or are placed on the hard drive of your device.

Our website uses cookies to provide you with an effective browsing experience. You can read more about this in our cookie policy.

3. Uses made of the information

Information you give us

We will use this information for:

  • Contact and communication: We may use your contact information and preferences to send you newsletters that we may circulate from time to time, news about any events we are organising or participating in, information about us, the products and/or services that we or companies within the QinetiQ Group provide, and/or to respond to any user enquiries.
  • Provision of services: If specific personal information is necessary to supply a particular service (e.g. an e-mail address for electronic news updates) then this service is only available to those users who provide this information. It does not affect a user’s ability to use other parts of the site.
  • Recruitment: We will use the personal information provided on your application form to process your application. The information provided by you may be stored for further job opportunities, or if you are successfully recruited, stored on your employee file.
  • Profiles: We use full contact details to create a profile of our users. A ‘profile’ is stored information we keep on individual users that details their viewing preferences. This profile is used to tailor a user's visit to our site, to improve the content of the site for the user and to direct pertinent marketing promotions to them.

Where you have agreed for us to provide marketing information to you, we will. To update your marketing preferences please see our Privacy Preferences.

Information we collect about you

We will use this information:

  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • as part of our efforts to keep our site safe and secure;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • to make suggestions and provide information to you and other users of our site about us and the products and/or services we and other QinetiQ Group companies provide.

Information we receive from other sources

We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the information we receive).

We will only collect and handle your personal information in accordance with your contact preferences. You can also subsequently inform us of your contact preferences, including any request to withdraw your consent to the collection and handling of your personal information by contacting:

The Data Protection Officer
QinetiQ Limited
Cody Technology Park
GU14 0LX


4. Sharing Information

Although we make every effort to preserve user privacy, we may need to disclose personal information when required by law, including (without limitation) in order to comply with applicable local laws or judicial proceedings, court orders or any other legal processes.

Personal information is also used by companies in the world-wide QinetiQ Group. When we share personal information, we do so in accordance with data privacy and security requirements. All of our employees and contractors are required to follow a group data privacy policy when handling personal information.

It may be shared under contractual control with other companies who collect and handle personal information on our behalf. For these purposes information may be transferred to other companies located outside the European Economic Area. Any personal information that is transferred will be protected accordance with applicable laws. When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as GDPR, we take measures to provide an appropriate level of data privacy protection.

Our contact details, set out in the “Contacting Us” section below, may be used for all data protection purposes, including where the other company involved is located outside the European Economic Area.

In some circumstances personal information may be shared with third parties for legal reasons, such as:

  • To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities; or
  • In the event of a merger , sale, restructure , acquisition joint venture, assignment, transfer or other disposition of all or any portion of QinetiQ’s business assets

5. Storing Information

QinetiQ is a global organisation, and personal information may be stored and processed outside of the European Economic Area. We take steps to ensure that information we collect is processed according to this Privacy Notice, the requirements of GDPR and other applicable laws.

6. Retaining Information

QinetiQ may be required to use and retain information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:

  1. under applicable law;
  2. to respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities;
  3. to enforce a contract; or
  4. to protect our rights, privacy, safety or property or those of other persons

7. Data Security

We have physical, electronic and administrative security processes in place in our facilities to protect against the loss, misuse, unauthorized access, or alteration of information. Our company uses secure encryption technology (secure socket connection) for all sensitive and financial personal information transmitted on our site.

Despite this, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your personal information transmitted to our site; any transmission is at your own risk. We do not accept liability for any interception of your personal information that may occur.

8. Your Rights - Correcting/Updating/Deleting/Deactivating/Accessing Personal Information

If you wish to correct and/or update information or you no longer require our service, you can notify us of this change by contacting us (see below).
You may, where permitted by GDPR, submit a Subject Access Request (“SAR”) to the Data Protection Officer to check whether we hold your personal information; and/or,

  • Require us to provide you with a copy of your personal information; and/or,
  • Require us to correct or delete or restrict the processing of any of your personal information that is inaccurate or that you don’t want us to hold. This request should be made in writing to our contact address (below).

9. Contacting Us

If you want to contact us with any questions, please contact us at:

The Data Protection Officer
QinetiQ Limited
Cody Technology Park
GU14 0LX


10. Other

Emails and other electronic communication with us and/or any QinetiQ Group company may be monitored. Calls to us and/or any QinetiQ Group company may be recorded for business continuity, quality control, regulatory and/or monitoring purposes.

11. Changes to our Privacy Notice

We may, from time to time, make changes to our Privacy Notice. Please check back frequently to see any updates or changes to our Privacy Notice.

12. “GDPR” definition

As from 25 May 2018 onwards, Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR") and the Privacy and Electronic Communications (EC Directive) Regulations and any guidance or codes of practice issued by the European Data Protection Board or Information Commissioner (the UK’s independent authority established to uphold information rights) from time to time (all as amended, updated or re-enacted from time to time); and with effect from the date the United Kingdom exits the European Union (“Brexit”) such applicable law of the United Kingdom as has been enacted to provide for Brexit and the transposition into domestic law of the GDPR and/or replacement by new legislation achieving similar or equivalent effects to the GDPR.