ARTECH PRIVACY POLICY

Your privacy is important to Artech LLC, and all subsidiaries and affiliates hereof (collectively “Artech”, “we” or “us”). Artech has issued this Privacy Policy (this “Policy”) to describe how we handle any Personal Information that any applicant, employee, or other staff member may provide to Artech during the process of applying for employment with Artech or during the course of employment with Artech (“Job Data”). The term “staff member” includes those who work on a non-permanent basis, including contingent workers, temporary workers, and interns.

Artech respects the privacy rights of individuals and are committed to handling Job Data responsibly and in accordance with applicable law. This Policy describes the Job Data that we collect and process about you, the purposes of the processing and the rights that you have in connection with it. Please take the time to read and understand this Policy, which should be read in conjunction with our other corporate policies and procedures. When appropriate, we will provide supplemental notices to cover any additional processing activities not mentioned in this document. If you are a California resident, please see the California Consumer Privacy Act of 2018 (“CCPA”) Addendum appended to this Policy for additional disclosures regarding the information we collect and any rights you may have under California law.

If you have any comments or questions about this Policy, please contact Artech at the contact details in Section 11 below.

1. Types of Job Data we collect

   In the course of your employment at Artech, or when making an application for employment, we may process Job Data about you and your dependents, beneficiaries, and other individuals whose Personal Information has been provided to us by you. We use the term “Personal Information” (also called “personal information” or “personally identifiable information” in the laws of some jurisdictions) to refer to information that reasonably identifies, relates to, describes, or can be associated with you. Data that has been de–identified, anonymized, or aggregated, or that otherwise cannot reasonably be related back to a specific person is not considered Personal Information. The precise definition of Personal Information may vary depending on your state, province, or country of residence, but we take the same approach to protecting your privacy.

   The types of Job Data we may process include, but are not limited to:

   1. Identification data – such as your name, social security number, gender, photograph, date of birth, employee, or staff member IDs.
   2. Contact details – such as home and business address, telephone/email addresses, emergency contact details.
   3. Employment details – such as job title/position, office location, employment contract, performance and disciplinary records, grievance procedures, sickness/time-off records.
   4. Background information – such as academic/professional qualifications, education, CV/résumé, criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
   5. Government identifiers – such as government issued ID/passport, immigration/visa status, or national insurance numbers.
   6. Information on your spouse/partner and/or dependents – such as your marital status, identification and contact data about them and information relevant to any Artech benefits extended to such people.
   7. Financial information – such as bank details, tax information, withholdings, salary, benefits, expenses, company allowances, stock and equity grants.
   8. IT information – information required to provide access to company IT systems and networks (and information collected by / through those systems) such as IP addresses, log files and login information.We may also process sensitive Personal Information relating to you (and your spouse/partner and/or dependents). Sensitive Personal Information includes any information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, sexual orientation, trade union membership, criminal convictions, genetic data, biometric data for the purposes of unique identification, information about your health. In the United States, sensitive Personal Information also includes government identifiers (including social security, driver’s license, state identification card, or passport number), citizenship or immigration status, and precise geolocation data. As a general rule, we try not to collect or process any sensitive Personal Information about you, unless authorized by law or where necessary to comply with applicable laws or to provide benefits. We do not sell sensitive Personal Information collected under this Policy.In some circumstances, however, we may need to collect, or request on a voluntary disclosure basis, some Personal Information for legitimate employment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities (on the basis that it is in the public interest and in accordance with applicable law), monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to provide work-related accommodations, health and insurance benefits to you and your dependents, or to manage absences from work.

2. Sources of Job Data

   In most instances, you will have provided the information we hold about you, but there may be situations where we collect Job Data or Personal Information from other sources. For example, we may collect the following:

   1. Certain background and other information from recruitment agencies, academic institutions, referees, background checking agencies and other third parties during your recruitment.
   2. Certain information on your performance, conduct or other information relevant to formal internal procedures (e.g. disciplinary or whistleblowing procedures), from customers or other organizations you routinely work with.
   3. Information on your training and development from external training partners and information about your experience and impressions of Artech through external survey providers.bod
   4. Information about your health, including your fitness to carry out work and/or any accommodations or adjustments to be considered from your doctor, other specialist medical adviser or Artech’ appointed medical expert.
   5. Information on accidents or incidents from Artech’ insurance brokers, insurers and their appointed agents, where they are involved.
   6. Information on tax payable from local tax authorities and Artech’ appointed payroll agents and tax/financial advisers.
   7. Information collected through Artech’ IT systems and other devices.
   8. Information about your entitlement to participate in, or receive payments or benefits under, any insurance or pension scheme provided by Artech, from the relevant benefit provider or its appointed agent.
   9. Information from publicly available sources (e.g. news sources and/or from social media platforms) in connection with any investigation or formal procedure concerning the same (for instance, for the investigation of an allegation that a staff member has breached our rules on social media use or conduct generally).

3. Purposes for processing Job Data

   1. Recruitment purposesIf you are applying for a role at Artech, then we collect and use your Job Data primarily for recruitment purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications, and background for a particular role, verifying your information, carrying out reference checks or background checks (where applicable) and to generally manage the hiring process and communicate with you about it. If you are accepted for a role at Artech, the information collected during the recruitment process will form part of your ongoing staff member record. If you are not successful, we may still keep your application for internal reporting and to allow us to consider you for other suitable openings within Artech in the future.
   2. Employment or work-related purposesOnce you become an employee or staff member at Artech, we collect and use your Job Data for the purpose of managing our employment or working relationship with you – for example, your employment records and contract information if you have a contract (so we can manage our employment relationship with you), your bank account and salary details (so we can pay you), your equity grants (for stock and benefits plans administration) and details of your spouse and dependents (for emergency contact and benefits purposes).Artech processes Job Data through a human resources system (“HR System”), which provides tools that help us to administer HR matters, compensation, and benefits. This will involve transferring your Job Data to our HR System provider’s servers in the United States. Artech mayhost these servers or utilize third party servers, but in either case will be responsible for the security access of Job Data on the HR System provider’s servers in the United States.
   3. The Artech global directoryArtech maintains a global directory of staff members which contain your professional contact details (such as your name, location, photo, job title and contact details). This information will be available to everyone in the Artech global group of companies to facilitate global cooperation, communication, and teamwork.
   4. Other legitimate business purposesArtech may also collect and use Job Data when it is necessary for other legitimate business purposes, including but not limited to:
      1. to help us conduct our business more effectively and efficiently – for example, for general HR resourcing, reporting or analytics, IT security/management, business continuity purposes, accounting purposes, or financial planning;
      2. to investigate violations of law or breaches of our own internal policies and more generally to protect the rights and interests of Artech’ group, our employees, applicants and others. For instance, we may monitor your browsing or communications activity or location when using our devices or systems, if we suspect that you have been involved in phishing scams, fraudulent activity or activities in competition with or inconsistent with your work for Artech (for more information on such monitoring, refer to the Employee Handbook).
      3. to help secure our networks and systems from unauthorized access, scams, and malicious code. For instance, we may monitor and review electronic mail communications sent or received using Artech issued devices or accounts, or stored on or using such a device or account. We may also monitor and record each website visit, each chat session, newsgroup post, e-mail message, and each file transfer into and out of our systems and networks. Artech may monitor this activity at any time, and, to the extent permitted by laws, users of our networks and systems should not expect privacy when using these systems and devices.
      4. in accordance with any policies pertaining to the use of personal devices for work purposes. For instance, we may deploy security software on your personal device that monitors URLs for phishing risks and other security threats.
      5. to foster diversity, inclusion, and a welcoming work culture.
      6. Artech may also request or require you to enable your device used for work, whether personal or issued by Artech, to recognize facial or fingerprint IDs. Your biometric information will be stored on the device itself, and Artech will never transfer this data to its servers or to any third party. With respect to your personal device, this means that Artech will never collect or possess your biometric information. For company–issued devices, we will only store biometric information on the device itself and only on the basis of your explicit consent, and only for the period of time that such device is issued to you. Artech will adhere to any obligation it has under law to notify and bargain with the applicable bargaining representative before imposing such a requirement on represented employees.
   5. Legally mandated purposesArtech may retain and use your Job Data where we consider it necessary for complying with laws and regulations, including collecting and disclosing employee or staff member Personal Information as required by law (e.g. for tax, health and safety, anti-discrimination and other employment laws), under judicial authorization, to protect your vital interests (or those of another person), or to exercise or defend the legal rights of the Artech global group of companies.

4. Who we share your Personal Data with

   Artech takes care to allow access to Job Data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate business purpose or other lawful ground for accessing it. Whenever we permit a third party to access Job Data, we will implement appropriate measures to ensure the information is used in a manner consistent with this Policy and that the security and confidentiality of the information is maintained.

   1. Transfers to other group companiesArtech will share your Job Data with other members of the Artech group around the world in order to administer human resources, staff member compensation and benefits at an international level on the HR System, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general business management.
   2. Transfers to third party service providersArtech makes certain Job Data available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data privacy laws. For example, some of this information will be made available to:
      1. our benefit/reward plans service providers (including retirement plan and medical insurance providers);
      2. service providers who provide us with payroll, tax and expense administration support services;
      3. providers of our HR Platform, including our recruitment platform;
      4. service providers who provide, support and maintain our IT, security, and communications infrastructure (including for data storage purposes) and/or provide business continuity services;
      5. service providers who assist in the coordination and provision of relocation, travel and/or travel permit services (in connection with work-related travel);
      6. service providers who provide services in relation to staff training and/or qualifications and staff surveys, e.g.; and
      7. auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under a contractual prohibition of using the Personal Data for any other purpose.
   3. Transfers to other third partiesArtech may also disclose Personal Data to third parties on other lawful grounds, including:
      1. Where you have provided your consent;
      2. To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;
      3. In response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes);
      4. As necessary to establish, exercise or defend against potential, threatened or actual legal claims;
      5. Where necessary to protect your vital interests or those of another person; and/or
      6. In connection with the sale, assignment or other transfer of all or part of our business.Artech does not sell the Job Data we collect from and/or about you.

5. Legal basis for processing Personal Data (Europe only)

   This Section 5 only applies to individuals located in Europe. If you are a job applicant, employee or staff member in the United Kingdom, European Economic Area, or Switzerland (collectively, “Europe”), our legal basis for collecting and using the Job Data described above will depend on the Job Data concerned and the specific context in which we collect it. Some of the bases we rely on are set out above. In the ordinary course of business, Artech will normally collect Job Data from you only where:

   1. it is in our legitimate interests (which are not overridden by your rights, particularly taking into consideration the safeguards that we put in place);
   2. we need the Personal Data to perform a contract with you (i.e. to administer an employment or work relationship with us);
   3. to comply with applicable immigration and/or employment laws and regulations;
   4. we have your consent to do so. Where we have requested your consent to process your personal data, you have the right to withdraw your consent at any time;
   5. to protect your vital interests or those of another person; and/or
   6. to protect the rights and interests of the Artech group of companies, our employees, applicants and others, as required and permitted by applicable law.When we collect sensitive Personal Information, we normally do so only:
      1. in circumstances where you have made the data public;
      2. in circumstances where you have given your explicit consent by voluntarily providing it;
      3. to comply with applicable employment, social security, and social protection laws and regulations;
      4. for the assessment of your working capacity;
      5. to protect your vital interests or those of another person;
      6. to establish, exercise or defend legal claims; and/or
      7. for reasons of substantial public interest in accordance with relevant law.

      If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us as per Section 11 below.

      Where we request Job Data and/or sensitive Personal Information from you, you can choose not to provide it to us. However, unless otherwise indicated, the information we request from you is required in order to enter into our employment relationship with you or in order to comply with our legal obligations. Failure to provide it in such circumstances prevents us from effectively administering our employment relationship with you (including any related employment benefits) and/or complying, which may mean we are unable to continue your employment.

6. Transfer of Personal Data abroad (Europe Only)

   This Section 6 only applies to individuals located in Europe. As we operate at a global level, we may need to transfer Job Data to countries other than the ones in which the information was originally collected and in particular our recruitment and staff data is hosted in the United States. When we export your Job Data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer Job Data from Europe to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under European law. However, we have taken appropriate safeguards to require that your Job Data will remain protected in accordance with this Policy.

7. Data retention periods

   Job Data will be stored in accordance with applicable laws and kept as long as Artech has an ongoing legitimate business need to carry out the purposes described in this Policy or as otherwise required by applicable law. Generally this means this means that if your application for employment is unsuccessful, your Job Data is stored in our applicant’s data base for two (2) years from your most recent submission of Job Data. If you are hired by Artech, your Job Data will be retained until the end or your employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries, comply with regulatory obligations, or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper deductions during and on termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits.

8. Response to requests for deletion of Job Data

   Pursuant to certain local, state, provincial, or federal law, you may have the right to request deletion of certain Job Data and/or sensitive Personal Information maintained by Artech. Artech will fully comply with all applicable legal and regulatory obligations, but as set forth herein, there

   are certain legal and regulatory obligations imposed on Artech which require certain Job Data and/or sensitive Personal Information maintained by Artech even if a request for deletion for same is made. In general terms, the following is an illustrative and non-exhaustive list of the types of Job Data and/or sensitive Personal Information which have to be retained by Artech:

   1. Name
   2. SSN
   3. Date of birth
   4. Payroll information (pay history, withholding history)
   5. Existing benefits information for current employees
   6. Racial/gender information retained for reporting purposes
   7. Information required for tax filings
   8. Records relating to HR investigations or actions
   9. Background check reports which serve as the basis for an adverse employment decision or action against the subject employee.
   10. Information that is required to be retained pursuant to applicable lawArtech will respond to all requests we receive from individuals wishing to exercise their data deletion rights in accordance with applicable laws. Artech will need to verify your identify consistent with applicable data protection laws before processing any such request, which may require you to provide additional information so that we may verify that the Job Data subject to the request is of you.

9. Your data privacy rights (Europe Only)

   This Section 9 only applies to individuals located in Europe. If you are in Europe, you may exercise the rights available to you under applicable European data protection laws as follows:

   1. If you wish to access, correct, update or request deletion of your Job Data, you can do so at any time by contacting us using the contact details provided at Section 11 below.
   2. In addition, you can object to processing of your Job Data, ask us to restrict processing of your Job Data or request portability of your Job Data. You can exercise these rights by contacting us using the contact details provided at Section 11 below.
   3. If we have collected and process your Job Data with your consent, then you can withdraw your consent at any time. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Job Data conducted in reliance on lawful processing grounds other than consent.
   4. You have the right to complain to a data protection authority about our collection and use of your Job Data. For more information, please contact your local data protection authority.Artech will respond to all requests we receive from individuals in Europe wishing to exercise their data protection rights in accordance with applicable European data protection laws. Artech will need to verify your identify consistent with applicable data protection laws before processing any such request, which may require you to provide additional information so that we may verify that the Job Data subject to the request is of you.

10. Policy Updates

    This Policy may be updated periodically to reflect changes in our privacy practices. In such cases, we will indicate at the top of the Policy when it was most recently updated, and if we make a material change, we will inform you, for example, on our intranet or by company-wide email. We encourage you to check back periodically in order to ensure you are aware of the most recent version of this Policy. Please note that Artech does not discriminate against those who exercise their rights under applicable data protection laws.

11. Contact details

Please address any questions or requests relating to this Policy to Employeeprivacy@artech.com, or alternatively, you can raise any concerns with your manager or Artech HR partner. If you have disabilities, you may access this notice in an alternative format by contacting askhr@artech.com, or by contacting your Artech TMS or HR representative.

CALIFORNIA CONSUMER PRIVACY ACT ADDENDUM

These provisions apply only to California consumers and supplement the Artech Privacy Policy. The California Consumer Privacy Act of 2018 (“CCPA”), including the California Privacy Rights Act of 2020 and any regulations promulgated thereunder, provides California consumers with specific rights regarding their Information. This CCPA Addendum describes your rights under the CCPA, explains how you may exercise your rights, and provides an overview on the types of

1. Personal Information we collect.

   General information regarding our collection, use, and disclosure of your data is detailed in the Policy that precedes this CCPA Addendum.

   1. Artech Personal Information Collection PracticesThe CCPA defines “Personal Information” as information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. To help consumers make informed privacy decisions, the CCPA classifies Personal Information into defined categories, and our practices regarding Personal Information are organized below into the aforementioned categories. Please note that some types of Personal Information may apply to multiple categories. In the past 12 months, we have collected some or all of the categories of Personal Information described in the table below. The table below further describes the business or commercial purpose(s) for which the Personal Information was collected and the entities to whom such information has been disclosed within the last 12 months:
      

      Category	Examples	Purposes	Disclosed to
      Identifiers	Name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, device, browser, email address, account name, or other similar identifiers	Recruitment; employment or work related purposes; inclusion in the Artech Global Directory; other business purposes set forth in Section 3 of the Policy	Artech group companies; service providers; public or governmental authorities
      Customer records information	Name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, or other similar	Recruitment; employment or work related purposes; inclusion in the Artech Global Directory; other business purposes set forth in Section 3 of the Policy	Artech group companies; service providers; public or governmental authorities
      Characteristics of protected classifications under California or federal law	Age, race, color, ancestry, national origin, citizenship, religion or creed, marital or familial status, medical condition, physical or mental disability, sex, veteran or military status, genetic information, and other similar information	Recruitment; employment or work related purposes	Artech group companies; service providers; public or governmental authorities
      Biometric information**	Fingerprints, facial or hand imagery, or voice recordings	**(We may at a later date collect facial or fingerprint IDs from you on Artech devices and/or personal devices used for work purposes, and we would do so strictly for security and fraud prevention purposes. However, we have not collected this information from employees within the past 12 months.)	N/A
      Internet or other similar network activity information	Browsing history, search history, information regarding consumer’s interaction with a website, application, or advertisement	Security and fraud prevention	Artech group companies; service providers
      Sensory data	Audio, electronic, visual, or similar information	Security and fraud prevention; inclusion in the Artech Global Directory	Artech group companies; service providers
      Professional or employment-related information	Employer, employment history, resumes and CVs, background checks, and other employment-related information	Recruitment; employment or work related purposes; inclusion in the Artech Global Directory; other business purposes set forth in Section 3 of the Policy	Artech group companies; service providers; public or governmental authorities
      Education information	Records maintained by an educational agency or institution that pertain to a student, such as grades and transcripts	Recruitment	Artech group companies; service providers
      Sensitive personal information	Social security, driver’s license, state ID, or passport number; racial or ethnic origin; union membership; biometric information; personal information concerning health, sex life, or sexual orientation.	Recruitment; employment or work related purposes	Artech group companies; service providers

      The Personal Information described in the table above is collected directly from you, or from the sources set forth in the Policy at Section 2, “Sources of Job Data.” In addition to the parties described above, we may disclose your Personal Information to other third parties for legal, security, or safety purposes; to regulatory authorities, courts, and government agencies if required by applicable law; or with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries, or other assets.

   2. We never sell your Personal Information, nor do we share it with third parties for any purposes not identified in the Policy. However, we may use de–identified, anonymized, or aggregated versions of your Personal Information for any purpose.
   3. All requests for action pursuant to the CCPA should be directed to Employeeprivacy@artech.com.

2. Rights To Your Information

   1. Right to KnowAs a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:
      1. The categories of Personal Information that we have collected about you.
      2. The categories of sources from which the Personal Information is collected.
      3. Our business or commercial purpose for collection, use, or disclosure of that Personal Information.
      4. The categories of third parties with whom we sell or share that personal information.
   2. Right to Data PortabilityYou have the right to request a copy of Personal Information collected and maintained about you in the past 12 months. The CCPA allows you to request this information from us up to twice during a 12-month period. We will provide our response in a readily usable (in most cases, electronic) format.
   3. Right to DeleteYou have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records unless an exception applies, as set forth in the Policy. For example, we may deny your deletion request if retention of the Personal Information is:
      1. Necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
      2. Reasonably anticipated within the context of your employment or application for employment with us;
      3. For solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
      4. Necessary to comply with a legal obligation; or
      5. Otherwise necessary for internal use in a lawful manner that is compatible with the context in which you provided the Personal Information.
   4. Right to CorrectYou have the right to request the correction of any Personal Information we maintain about you.
   5. Right to Limit the Use or Disclosure of Sensitive Personal InformationYou have the right to limit the use or disclosure of your Sensitive Personal Information (“SPI”) if we are using your SPI beyond what is reasonable and proportionate within the context of your relationship with us as an employee or job applicant. You can make a request for us to limit the use or disclosure of your SPI by emailing us at Employeeprivacy@artech.com.
   6. Right to Nondiscrimination

   You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights.

3. Exercising Your Rights

   To exercise the rights described above, please submit a request to us by contacting us at Employeeprivacy@artech.com.

   After receiving your request, we will take steps to verify your identity in order for us to properly respond and/or confirm that it is not a fraudulent request. In order to verify your identity, we will request, at a minimum, that you provide your name, email address, address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. If we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request. Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. If you are making a request as the authorized agent of a California consumer, we will ask you also submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf.

   We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We may contact you within 45 days from the date you contacted us to inform you if we need more time to respond.

4. Contact

If you have any questions, comments, or complaints about how we use your information, or would like to exercise any rights that you may have under the CCPA, please reach out to us by using the contact information provided in Section 11 (“Contact Details”) in the above Policy.