1. General Information

This Privacy Policy ("Privacy Policy" or "Policy") describes how General Atomics and its affiliates ("GA", "we", "us", "our") collects, processes, uses and discloses your personal information when you contact us, use our services or interact with our websites linking to this Privacy Policy ("Websites"). We respect your privacy and are committed to protecting your personal information.

The term "personal information" as used in this Policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you.

This Privacy Policy, together with the Terms and Conditions and Cookie Notice posted on our Websites, set forth the general rules and policies governing your use of our Websites. Depending on your activities when visiting our Websites, you may be required to agree to additional terms and conditions.

General Atomics is made up of different legal entities. This Policy is issued on behalf of the group so when we mention "GA", "we", "us" or "our" in this Policy, we are referring to the relevant company in our group responsible for your information. For the purposes of the EU General Data Protection Regulation 2016/679 (the "GDPR") and the UK Data Protection Act 2018, the entity with which you enter a contract or otherwise share your personal information will be the controller.

If you are visiting our Websites or accessing our products and services from outside the U.S., be aware that your personal information may be transferred to, stored, and processed in the United States. Where required by applicable law, personal information may be stored locally before onward transfer.

2. Contact

If you have any questions or concerns regarding this Policy, or wish to exercise any of your data protection rights and choices, please go to our Websites or contact us at:

• Email: DataPrivacy@ga.com
• Mailing address: General Atomics, P.O. Box 85608, San Diego, CA 92186-5608
  Attention: Data Privacy, Human Resources Compliance Group

3. Information We Collect

We may collect the following personal information that you choose to provide voluntarily when you access our Websites, comment on blog posts, complete forms, make a call to us, correspond with us by e-mail or otherwise, and when you use our services:

• Identifiers, including name, title, alias, date of birth, marital status, postal address, email address, phone number, company name, username, password, blog post, and unique personal identifier;

• Commercial information, such as transaction history, products/services purchased, obtained or considered, your interests, preference, feedback and survey responses;

• Financial and transaction data, including bank account and payment card details and information about payments from you and other details of products and services you have purchased from us; and

• Audio or video information, such as call center recordings and security video recordings at our facilities.

If you apply for work with us, we may collect, store, and use categories of personal information including the following that you have provided to us in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency, reference, or background check provider:

• Identifiers, including name, title, alias, date of birth, marital status, postal address, email address, phone number, passport number, unique personal identifier and social security number;

• Professional or employment-related information, such as employment history, references, and qualifications;

• Non-public education information, such as academic qualifications and education records; and

• Protected classification information, such as race, national origin, gender, age, pregnancy, religion, ancestry, mental or physical disability, military and veteran status, sex, sexual orientation, gender identity, or any other basis protected by local, state, or federal law. Some of this information may be "sensitive personal information" as defined under applicable data protection law (as discussed below).

The amount and type of information that we gather depends on the nature of the interaction.

Like most website operators, we collect "internet or other similar network activity" indirectly from you when you access our Websites or otherwise correspond with us, including the sort of information that web browsers and servers typically make available, such as your IP address, browsing or search history, website interactions, the browser type and version, time zone setting, operating system and platform, page interaction information, language preference, referring site, and the date and time of each visitor request. We may also collect "general location information" through your IP address.

We collect internet or other similar network activity to better understand how visitors use our Websites. From time to time, we may release internet or other similar network activity in the aggregate (i.e. in a form that will not personally identify you), e.g., by publishing a report on trends in the usage of our Websites.

4. How We Use Your Personal Information

We will use your personal information so that we can provide services to you, and only where we have a legal ground for doing so under applicable data protection law. The legal ground will depend on the purpose for which we process your personal information.

We use your identifiers, commercial information, audio and video recordings, and financial and transaction data as is necessary for the performance of a contract between you and us or to answer questions or take steps at your request prior to entering into a contract, including in the following ways:

• To administer or otherwise carry out our obligations in relation to any agreement to which we are a party;

• To assist you in completing a transaction or order;

• To prepare and process invoices;

• To allow tracking of shipments;

• To respond to queries or requests and to provide the services and associated support;

• To provide customer relationship management and quality control;

• To create and manage our accounts;

• To notify you about changes to our products and services;

• To allow you to subscribe to news, alerts or other publications; and

• To allow you to sign-up to attend webinars or events.

We use your identifiers, commercial information, audio and video recordings, financial and transaction data, and internet or other similar network activity as necessary for certain legitimate interests, or where you have given your consent to such processing as required by applicable law (such consent can be withdrawn at any time), including in the following ways:

• To deal with any enquiries or complaints you or others make;

• To confirm, update and improve customer records;

• To identify and inform you of products and services that may be of interest;

• To conduct other marketing and commercial activities;

• To offer our products and services to you in a personalized way;

• To create products or services that may meet your needs;

• To develop and improve our products and services and for quality control;

• To administer our Websites and services, and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

• For internal business/technical operations to keep our Websites, network and information systems secure; and

• To: (i) resolve any disputes; (ii) comply with legal obligations; (iii) respond to requests from competent authorities; (iv) protect our businesses interests; (v) protect our rights, safety or property, and/or that of our partners, you or others; and (vi) enforce or defend our legal rights.

If you have applied for work with us, we will use your identifiers, professional or employment-related information, non-public education information, sensitive personal information, electronic network activity information, and protected classification information as necessary in our legitimate interests, and to decide whether to enter into a contract relationship with you, including in the following ways:

• To assess your skills, qualifications, and suitability for the role you have applied for;

• To carry out background and reference checks, where applicable;

• To communicate with you about the recruitment process;

• To keep records related to our hiring processes; and

• To comply with legal or regulatory requirements.

We may use your protected classification information and sensitive personal information including in the following ways:

• To consider whether we need to provide appropriate adjustments during the recruitment process;

• To administer your employment, payroll taxation, and benefits; and

• To use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

5. Retention of Personal Information

We process your personal information for as long as necessary. This means that we do keep a record of your personal information for as long as it is required or justified by the law or by another legal obligation, or for a specific period consented to by you (where relevant), or for the period for which this would be necessary for the aforementioned purposes.

At the end of the retention period, we will use appropriate measures to delete or anonymize your personal information. To the extent that we hold hard copies of your personal information, such records, print-outs or hard copy documents etc. will be permanently destroyed.

6. Sharing of Personal Information

We work closely with a number of trusted third parties with whom we need to share personal information to help us provide our services. These include:

• Our affiliated companies (the information shared includes identifiers, commercial information, financial and transaction data, internet or other similar network activity, professional or employment-related information, non-public education information and protected classification information);

• Banks and payment providers, to authorize and complete payments (the information shared includes commercial information and financial and transaction data);

• Service providers who work with us to help provide our services; and

• Companies to whom we transfer or may transfer our rights and duties under our agreement with you.

We may also disclose your personal information to third parties:

• In the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets;

• If the company or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets; or

• If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any request from law enforcement or governmental organizations or public health authorities, or in order to enforce or apply our terms and other agreements; or to protect the rights, property, or safety of us, our customers, or others.

We may also share your personal information (including identifiers, professional or employment-related information, non-public education information) for the purposes of processing your application for employment with search consultancies, background screening providers and our affiliated group companies.

Where we transfer UK and European Economic Area ("EEA") personal information to a third party located in a country not recognized by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognized by the EU Commission or UK Government, to safeguard such personal information.

If you want further information on the specific mechanism used by us when transferring your personal information out of the UK or the EEA, please contact us using the contact details set out above.

7. Security

The security of your personal information is important to us. We use reasonable technical, administrative and physical measures to protect information contained in our system against unauthorized access, destruction, misuse, loss or alteration. We may use standard encryption technology to protect information being transferred to our site, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure and we cannot guarantee its absolute security.

8. Links to External Sites

Our Websites may contain links to external sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We advise you to review the applicable privacy policy and terms and conditions of every third party site you visit.

We have no control over, and assume no responsibility for, the content of, privacy policies, or practices of any third party sites, products or services.

9. Marketing Communications

Subject to applicable law, if you are a registered user of our Websites and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with us and our products. You may unsubscribe from these communications at any time by clicking the "unsubscribe" link at the bottom of those emails you receive. We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it (without publishing your name, email address or any other information that would personally identify you) in order to help us clarify or respond to your request or to help us support other users. We take all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of personally-identifying and potentially personally-identifying information.

Please note that even if you opt-out of receiving marketing emails, you may still receive communications regarding products or services bought from us.

10. Cookies

To enrich your online experience, we may use "Cookies", similar technologies and services provided by others e.g. to display personalized content and store your preferences on your computer.

We may allow selected third parties to place cookies through the Website to provide us with better insights into the use of the Website or user demographics or to provide relevant advertising to you. These third parties may collect information about a consumer's online activities over time and across different websites when he or she uses our Website. We may also permit third party service providers to place cookies through our Website to perform analytic or marketing functions where you are notified of them and you have consented to the usage. We do not control the use of such third party cookies or the resulting information and we are not responsible for any actions or policies of such third parties.

For more information about our practices in this area, please see our Cookie Notice.

11. Do Not Track Signals

We support "do not track" signals ("DNT"). If you have DNT enabled in your web browser, we will not receive browser-related information from our advertising partners for tailoring advertisements.

12. Your UK and European Privacy Rights

If you are based in the UK or the EEA, under certain circumstances you may have the following rights:

• Request access to your personal information. You may have the right to request access to personal information we hold about you as well as related information, including the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, where possible, the period for which the personal information will be stored, the source of the personal information, and the existence of any automated decision making;

• Request correction of your personal information. You may have the right to obtain the rectification of any inaccurate personal information we hold about you;

• Request erasure of your personal information. You may have the right to request that personal information held about you be deleted;

• Request restriction of processing your personal information. You may have the right to prevent or restrict processing of your personal information; and

• Request transfer of your personal information. You may have the right to request transfer of your personal information directly to a third party where this is technically feasible.

You can exercise any of these rights by contacting us using the contact details set out above.

Also, where you believe that we have not complied with our obligations under this Policy or data protection law, you have the right to make a complaint to a Data Protection Authority.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

13. Notices to California Residents

Your California Privacy Rights

We may share your Personal Data with third parties for their use to market their products or services to you only when we have your consent. You may withdraw your consent at any time by contacting us at using the Contact Us page or at DataPrivacy@ga.com.

California Privacy Rights Act

The California Privacy Rights Act ("CPRA") provides certain verified California residents with the right to receive disclosure of our information collection and disclosure practices, the specific information collected about them, to request that we correct information we hold, to make requests that we do not sell information or do not share personal information for cross-context or behavioral marketing purposes, to request that we limit processing of sensitive personal information to the purposes for which it was originally provided, or that we delete information subject to certain exceptions. For details on how to exercise these rights, please see below. We will not discriminate against you as a result of your exercise of any of these rights.

California employees (current, former or applicants) can learn about our information collection and disclosure practices and exercise their CPRA rights by contacting our human resources compliance group.

For purposes of the CPRA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with, a particular California resident or household.

During the past 12 months we may have collected the following categories of personal information from the sources and for the purposes identified. Not all information is collected from everyone who interacts with us. This list excludes information collected about employees in the context of the employment relationship.

• Identifiers such as contact information and unique online personal identifiers, are automatically collected by us or received from individuals or third parties and used to perform services, to deliver advertising, for internal research and development, and for security purposes;

• Commercial information, such as transaction information or preferences, is automatically collected by us or received from individuals or third parties and used to perform services, to deliver advertising, for internal research and development, and for security purposes;

• Electronic network and internet activity information, such as IP address and information about your interactions with our Websites, is automatically collected by us and used to deliver advertising, for internal research and development, and for security purposes;

• General geolocation information is collected by us through your IP address and used to perform services, to deliver advertising, for internal research and development, and for security purposes;

• Sensitive personal information is personal information that reveals a consumer's social security number, driver's license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, the contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication, genetic data, biometric information processed for the purpose of uniquely identifying a consumer, information concerning a consumer's health, sex life or sexual orientation. This information is collected by us and used to perform services and for legal or regulatory compliance purposes.

• Audio or video information, such as call center recordings and security video recordings at our facilities, is collected by us and used to perform services, for internal research and development and for security purposes; and

• Other types of personal information that we may disclose to you prior to the point of first collection.

We may have disclosed certain sensitive personal information in connection with the operation of our business. This includes disclosing social security or tax payer identification numbers of employees, contractors or service providers to our third party accounting and professional service providers and taxing authorities and, with respect to employees, to benefits providers; disclosing financial account information to service providers such as payment processors and payroll services for purposes of processing payments and payroll; disclosing racial or ethnic origin, religious or philosophical beliefs, or union membership to our third party staffing and professional providers and, when required by law, to government regulators to establish that we do not engage in discriminatory practices; disclosing health information to benefits providers or government agencies to comply with state, federal or local health requirements; and disclosing biometric information to services providers for purposes of identity verification and security. We may have disclosed information in the other foregoing categories of information with our affiliated group companies, service providers, marketing partners and other third parties including governmental authorities and law enforcement for our business purposes including for decision making, reporting, management, improving our Websites and services, analytics and marketing assistance, professional services, security, quality control, research and development, and legal compliance.

Personal information sales; opt-out and opt-in rights

We do not sell your information for monetary consideration but we may transfer your information to a third party that provides us with services such as helping us with advertising, data analysis, and security, which may fall under the definition of for "other valuable consideration" and which may therefore be considered a "sale" under the CPRA. During the past 12 months we may have disclosed identifiers, electronic network or internet activity, or commercial information for a business purpose which falls within the definition of a "sale". We do not sell the personal information of individuals we actually know are less than eighteen (18) years of age. Please see below for opting out of having your information sold.

Sharing personal information; opt-out rights

We do not share your personal information with third parties who may use it for cross-context or behavioral marketing purposes. Please see below for opting out of having your information sold.

Processing sensitive personal information

We collect and process sensitive personal information for the purposes disclosed at the time we collect this information. We do not process this information for purposes other than the purpose for which it was originally collected unless required by law.

Exercising your rights

Disclosure, Access, Correction, Deletion, Data Portability. You can seek to exercise your rights to receive disclosure about our information practices, to request correction or deletion of information or to request the specific information collected about you by calling us toll-free at +1 (888) 501-0335 or emailing us at DataPrivacy@ga.com. We will acknowledge receipt of your request within 10 days and will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) by matching it against information in our records and will use that information only for that purpose. We may request that you submit a signed statement that you are the individual you claim to be if you request disclosure of specific information or deletion. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may make a request for disclosure of our Information Collection or Disclosure Practices or the specific information we collected about you up to twice within a 12-month period. You may make other requests at any time.

Opting Out: To seek to exercise the right to opt-out of having your information sold or shared, you (or your authorized representative) may submit a request to us by visiting the following page: "Do Not Sell or Share My Info". We will process your request as soon as feasible and at least within fifteen (15) business days.

You may also opt out by activating a user-enabled global privacy control, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicates or signals your choice to opt-out of the sale and sharing of personal information. When we receive such a signal we will stop setting third party cookies or third party tracking tags on your browser. This will prevent the sale or sharing of information relating to that specific device through cookies to our advertising or analytics partners. This option does not stop all sales or sharing of your information because we cannot match your device's identification or internet protocol address with your personally identifiable information like your name, phone number, email address or ZIP Code. If you delete cookies on your browser, any prior do not sell or do not share signal directed to our website is also deleted and you should make sure that your user-enabled setting is always activated.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales.

Using an authorized agent

You may submit a request through someone holding a formal, notarized Power of Attorney. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorized the person to make the request on your behalf, (4) you verify your own identity directly with us; and (5) your agent provides us with proof that they are so authorized.

14. Notice to Nevada Residents

We do not transfer Personal Data for monetary consideration. Nevertheless, if you would like to inform us not to sell your information in the future, please email us at DataPrivacy@ga.com with your name, postal address, telephone number and email address with "Nevada do not sell" in the subject line.

15. Privacy Policy Changes

We reserve the right to change, modify and update this Privacy Policy from time to time by posting a revised version on our Websites. We encourage visitors to frequently check this page for any changes to its Privacy Policy. The most recent version of this Policy is reflected by the version date located at the bottom of this Policy. Your continued use of this website after any change in this Privacy Policy will constitute your acknowledgement of such change.

VERSION DATE: January 1, 2023