Northrop Grumman Online Privacy Notice

Privacy Policy Home Suppliers U.S. Employees US Applicants International Applicants Visitors Website

U.S. Employee Privacy Notice

Effective March 10, 2025

Last Updated March 10, 2025

This Privacy Notice (“Notice”) is a supplement to the Northrop Grumman Privacy Notice and applies to U.S. Employees at Northrop Grumman and its affiliates.

This Notice uses certain terms that have the meaning given to them in the California privacy laws.

Information We Collect/Obtain

Through your interaction with Northrop Grumman as a job applicant or a prospect, we may collect the following categories of personal information about you:

  • Contact Information, including name, alias, mailing address, email address, phone number
  • Identifying Information, including ethnicity, citizenship, gender, disability, military and veteran status
  • Employment Information, including work history, salary preferences, work authorization information, information about security clearances, skills, certifications, and other professional or employment-related information
  • Education Information, including résumé or C.V., cover letters, education history or transcripts
  • Sensory Information (such as audio, electronic, visual, thermal, and similar information)
  • Geolocation Data, such as precise geolocation information
  • Inferences, drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
  • Internet and Other Electronic Network Activity Information, including IP address, browsing history, search history, information regarding your interaction with websites, applications or advertisements, logs of your activities on Northrop Grumman’s IT network, systems and applications, and contents of any emails, messages or other communications you send and receive using Northrop Grumman’s IT network, systems and applications, including any attachments

Of the personal information collected, we may collect the following categories of sensitive personal information about you:

  • Identifying Information (such as including ethnicity, citizenship, gender, disability, military and veteran status)
  • Log-in Credentials, including username, password, time and date of login
  • Financial information (such as bank account number, credit card number, debit card number, and other similar information)
  • Identification information (such as Social Security number, federal tax ID number, driver’s license number, passport number, state identification card number)

How We Use the Information About You

We will use the above categories of personal information and sensitive personal information to provide for the purpose of carrying out and supporting Human Resource functions and activities, including the uses described below:

  • Managing our workforce: managing work activities and personnel generally, including talent acquisition; performing background checks; on-boarding; determining suitability for employment or promotion; determining physical and/or mental fitness for work; processing security clearances; reviewing and evaluating performance; determining eligibility for and processing salary increases, bonuses, issuing equity and other incentive-based compensation; providing references; managing attendance, absences, leaves of absences, and vacations; administering payroll services; reimbursing expenses; administering benefits; training and development; making travel arrangements; monitoring staff; creating staff directories; investigating suspected misconduct or non-performance of duties; and managing disciplinary matters, grievances, and terminations, including retirements;
  • Facilities and emergencies: ensuring business continuity; providing access to our facilities and our information technology (IT) resources; protecting the health and safety of our staff and others; safeguarding, monitoring, and maintaining our IT infrastructure, office equipment, facilities, and other property; detecting or preventing theft or fraud, or attempted theft or fraud; and facilitating communication with you and your designated contacts in an emergency;
  • Business operations: operating and managing our IT, communications systems and facilities, and monitoring the use of these resources, including company networks; proposing and performing work for our customers; performing data analytics; improving our services and products; strategic planning; project management; compiling audit trails and other reporting tools; maintaining records relating to business activities, budgeting, and financial management; managing mergers, acquisitions, sales, reorganizations or disposals and integration with business partners; and
  • Legal and compliance: complying with legal requirements, such as tax, record-keeping, acquisition regulations, and reporting obligations; conducting audits, management and resolution of health and safety matters; complying with requests from government or other public authorities; responding to legal process such as subpoenas and court orders; pursuing legal rights and remedies; defending litigation and managing internal complaints or claims; conducting investigations; and complying with internal Command Media and contractual obligations.

We also may use your personal information for the following business purposes as specified in the CCPA: (1) performing services; (2) auditing related to a current interaction with you and concurrent transactions; (3) certain short-term, transient uses; (4) detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; (5) debugging to identify and repair errors that impair existing intended functionality; (6) undertaking internal research for technological development and demonstration; and (7) undertaking activities to verify, maintain the quality or safety of, and improve our service and devices.

We may use your information in other ways for which we provide specific notice at the time of collection.

Where we process Personal Information regarded as “Special” in certain jurisdictions, we only process the Personal Information where necessary for the purpose of carrying out obligations in the field of employment and social security and social protection law. Where we wish to rely on consent for that processing, we will seek your explicit consent in writing, and you have the right to withdraw your consent to that processing at any time.

Prior Collection, Use and Disclosure of Personal Information

We may have collected and used your personal information, as described in “Information We Collect” and “How We Use the Information We Collect” sections above, during the 12-month period prior to the effective date of this Notice.

For personal information collected during such timeframe, we describe below:

  • the categories of personal information we may have disclosed for a business purpose and
  • the categories of recipients to whom we may have disclosed such information

Disclosure of Personal Information for a Business Purpose

We may have disclosed certain categories of personal information to certain categories of recipients for a business purpose, including as described below.

 

Categories of Recipients

Categories of Personal Information

Our subsidiaries

Contact Information; Identifying Information; Log-in Credentials; Employment Information; Education Information; Sensory Information; Geolocation Data; Inferences; Internet and Other Electronic Network Activity Information; Financial information; Identification information

Vendors who provide services on our behalf

Contact Information; Identifying Information; Log-in Credentials; Employment Information; Education Information; Sensory Information; Geolocation Data; Inferences; Internet and Other Electronic Network Activity Information; Financial information; Identification information

Our customers and business partners (such as subcontractors and suppliers)

 Contact Information; Identifying Information; Log-in Credentials; Employment Information; Education Information; Sensory Information; Geolocation Data; Inferences; Internet and Other Electronic Network Activity Information; Financial information; Identification information

Participants in cyber security information resources (when related to a cyber threat indicator)

 Contact Information; Identifying Information; Log-in Credentials; Employment Information; Sensory Information; Geolocation Data; Inferences; Internet and Other Electronic Network Activity Information; 

Government agencies, law enforcement, courts and regulators

 Contact Information; Identifying Information; Log-in Credentials; Employment Information; Education Information; Sensory Information; Geolocation Data; Inferences; Internet and Other Electronic Network Activity Information; Financial information; Identification information 

Other parties in the event of a corporate transaction, such as an acquisition

Contact Information; Identifying Information; Log-in Credentials; Employment Information; Education Information; Sensory Information; Geolocation Data; Inferences; Internet and Other Electronic Network Activity Information; Identification information

For a list of relevant service providers, please contact us using one of the means identified in the “How To Contact Us” section.

Sale or Sharing of Personal Information

Except as described in this Notice, we do not sell or otherwise disclose personal information we collect about you to third parties or in exchange for monetary or other  consideration. We may also share personal information with service providers who perform services on our behalf based on our instructions. We may share certain personal information with our affiliates for the purposes described in this Notice.

Your Rights and Choices

Please refer to the “Your Rights and Choices” section of the Northrop Grumman Privacy Notice for an explanation of the rights and choices you have under applicable laws regarding your personal information.

Data Transfers

Please refer to the “Data Transfers” section of the Northrop Grumman Privacy Notice for information related to the cross-border transfer of personal information to regions other than the region in which the information was collected/obtained.

How We Protect Personal Information

Please refer to the “How We Protect Personal Information” section of the Northrop Grumman Privacy Notice for a description of the measures we undertake to protect your personal information.

Data Retention

Please refer to the “Data Retention” section of the Northrop Grumman Privacy Notice for more information on how long your data may be kept.

Links To Other Websites

Please refer to the “Links To Other Websites” section of the Northrop Grumman Privacy Notice for more information.

Updates To Our Notice

Please refer to the “Updates To Our Notice” section of the Northrop Grumman Privacy Notice for more information.

How To Contact Us

Please refer to the “How To Contact Us” section of the Northrop Grumman Privacy Notice for more information.

Subsidiaries/Affiliates

Please refer to the “Subsidiaries/Affiliates” section of the Northrop Grumman Privacy Notice for more information.