Introduction

Sig Sauer, Inc. (SIG SAUER) respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit our Websites and our practices for
collecting, using, maintaining, protecting and disclosing that information

This policy applies to information we collect:

• On this Website or any other SIG SAUER Website.

• In e-mail, text and other electronic messages between you and this Website.
• Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between
you and this Website.

Unless stated specifically otherwise, this policy does not apply to information collected by:

• us offline or through any other means, including on any other website operated by Company or any third party; or
• any third party, including through any application or content (including advertising) that may link to or be accessible from the Website

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our
policies and practices, your choice is to not use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change
from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy
periodically for updates.

Children Under the Age of 18.

Our Website is not intended for children under 18 years of age. No one under age 18 may provide any personal information to the Website. We do not
knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Website or on or through
any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this
Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user
name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will
delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].

Information We Collect About You and How We Collect It.

We collect several types of information from and about users of our Website, including information:

• by which you may be personally identified, including but not limited to, name, postal address, e-mail address, telephone number and birth
date, (“personal information”) or documents that contain your personal information, such as, a driver’s license, a license to carry, military
identification, law enforcement identification or a completed background screening;
• that is about you but individually does not identify you, such as information about a purchase you have made that qualifies for a warranty or
promotional discount; and/or
• about your internet connection, the equipment you use to access our Website and usage details; and/or
• information that is contained in your public comments and postings on the Website.

We collect this information:

• Directly from you when you provide it to us.

• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses and information
collected through cookies, web beacons and other tracking technologies.

Information You Provide to Us

The information we collect on or through our Website may include:

• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our
Website, posting material, making purchases, or requesting further services. We may also ask you for information when you enter a contest or
promotion sponsored by us, and when you report a problem with our Website.
• Records and copies of your correspondence (including e-mail addresses), if you contact us.
• Your responses to surveys that we might ask you to complete.
 • Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial
information before placing an order through our Website.
• Your search queries on the Website.

You also may provide information to be published or displayed (“posted”) on public areas of the Website, or transmitted to other users of the Website or
third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Please be aware that no
security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to
share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Public Forums
SIG SAUER may make chat rooms, forums, message boards, news groups, and/or product review boards available to its users. Please note that any
information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal
information.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your
equipment, browsing actions and patterns, including:

• Details of your visits to our Website, including traffic data, location data, logs and other communication data and the resources that you
access and use on the Website.
• Information about your computer and internet connection, including your IP address, operating system and browser type.

Some tracking of activity on the Sig Sauer website is conducted through the use of Google Analytics. Information on the Google Analytics’ privacy policies
and terms of use may be found here: https://support.google.com/analytics#topic=1008008.

Although we do not do so currently, we also may use these technologies to collect information about your online activities over time and across third-party
websites or other online services (behavioral tracking). The information we collect automatically may include personal information or we may maintain it or
associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and
more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.

• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by
activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our
Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your
browser to our Website.
• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your
preferences and navigation to, from and on our Website. Flash cookies are not managed by the same browser settings as are used for browser
cookies.
• Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs.
pixel tags and single-pixel gifs) that permit SIG SAUER, for example, to count users who have visited those pages or opened an e-mail and for
other related website statistics.

The World Wide Web Consortium (W3C) is currently in the process of developing a “Do Not Track” Standard. Since the definitions and rules for such a
standard have not yet been defined, and because Sig Sauer does not track the online activity of individuals, Sig Sauer does not yet respond to “Do Not
Track” signals sent from browsers.

Third-party Use of Cookies.

Some content or applications on the Website are served by third-parties. These third parties may use cookies alone or in conjunction with web beacons or
other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal
information or they may collect information, including personal information, about your online activities over time and across different websites and other
online services. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or
other targeted content, you should contact the responsible provider directly for more information or to learn how you can opt out of receiving targeted
advertising.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you.

• To provide you with information, notices, products or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and
collection.
• To notify you about changes to our Website or any products or services we offer or provide though it.
• To allow you to participate in interactive features on our Website.
• To monitor User Contributions for authenticity and compliance with this Policy, and the Terms of Use.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We may also use your information to contact you about our own goods and services that may be of interest to you. If you do not want us to use your
information in this way, please contact us and let us know at [email protected] or unsubscribe via the opt out option in our emails.

Disclosure of Your Information

We may disclose aggregated information about our users without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.

• To contractors, service providers and other third parties we use to support our business.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some
or all of SIG SAUER’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal
information held by SIG SAUER about our Website users is among the assets transferred.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information:

• To comply with any court order, law or legal process, including responding to any government or regulatory request.
• To enforce or apply our Terms of Use or Standard Terms and Conditions for Purchase Orders and other agreements, including for billing and
collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of SIG SAUER, our customers or others. This
includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following
control over your information:

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being
sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse
cookies, please note that some parts of this site may then be inaccessible or not function properly.
• Promotional Offers from the Company. If you do not wish to have your e-mail address and/or contact information used by the Company to
promote our own or third parties’ products or services, you can opt-out by one of the following methods: checking the relevant box located on
the form on which we collect your data, by using the unsubscribe link in the footer of all promotional emails, or by sending us an e-mail stating
your request to [email protected]. Please note that all unsubscribe and opt out methods may not be available at all times. This opt
out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience
or other transactions.

Note that altering settings or opting out tracking technologies on one device (such as a computer, tablet, or smartphone) does not necessarily alter setting
or opt out of tracking on other devices. Users should take care to ensure that the proper settings are applied to all devices through which they connect to
the Website.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with
ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network
Advertising Initiative (“NAI”) on the NAI’s website.

Accessing and Correcting Your Information

You can review and change your personal information by logging into the Website and visiting your account profile page. You may also send us an e-mail
at [email protected] to request access to, correct or delete any personal information that you have provided to us. We cannot delete your
personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change
would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages, or might
have been copied or stored by other Website users. Proper access and use of information provided on the Website, including User Contributions, is
governed by our Terms of Use.

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of
personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to [email protected], fill
out the CCPA request form on sigsauer.com or write us at the address below.

The California Consumer Privacy Act (CCPA; Civil Code §1798.100 et seq.) provides California Consumers with specific rights in relation to their personal
information collected, sold, and/or shared by businesses. This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS is provided to explain these rights. Any
terms defined in the CCPA have the same meaning when used in this section of the Privacy Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or
indirectly, with a particular consumer or device (“personal information”). In particular, we may collect, and have collected in the past twelve (12) months,
the following categories of personal information (as defined by the CCPA):

CATEGORY EXAMPLES COLLECTED?

A. Identifiers A real name, alias, postal address, unique YES
personal identifier, online identifier, Internet
Protocol address, email address, account
name, Social Security number, driver's license
number, passport number, or other similar
identifiers
B. Personal Information categories listed in A name, signature, Social Security number, YES
the California Customer Records statute physical characteristics or description, address,
(Cal. Civ. Code §1798.80(e)) telephone number, passport number, driver's
license or state identification card number,
insurance policy number, education,
employment, employment history, bank
account number, credit card number, debit card
number, or any other financial information,
medical information, or health insurance
information. Some personal information
included in this category may overlap with other
categories
C. Protected classification characteristics Age (40 years or older), race, color, ancestry, YES
under California or federal law national origin, citizenship, religion or creed,
marital status, medical condition, physical or
mental disability, sex (including gender, gender
identity, gender expression, pregnancy or
childbirth and related medical conditions),
sexual orientation, veteran or military status,
genetic information (including familial genetic
information)
D. Commercial Information Records of personal property, products or YES
services purchased, obtained, or considered, or
other purchasing or consuming histories or
tendencies

E. Biometric Information Genetic, physiological, behavioral, and NO

biological characteristics, or activity patterns
used to extract a template or other identifier or
identifying information, such as, fingerprints,
 faceprints, and voiceprints, iris or retina scans,
keystroke, gait, or other physical patterns, and
sleep, health, or exercise data

F. Internet or other similar network activity Browsing history, search history, information on YES
a consumer's interaction with a website,
application, or advertisement
G. Geolocation Data Physical location or movements YES

H. Sensory Data Audio, electronic, visual, thermal, olfactory, or NO

similar information

I. Professional or Employment-related Current or past job history or performance YES

information evaluations

J. Non-public education information (per the Education records directly related to a student NO
Family Educational Rights and Privacy Act maintained by an educational institution or
(20 U.S.C. §1232g, 34 C.F.R. Part 99)) party acting on its behalf, such as grades,
transcripts, class lists, student schedules,
student identification codes, student financial
information, or student disciplinary records
K. Inferences drawn from other personal Profile reflecting a person's preferences, NO
information. characteristics, psychological trends,
predispositions, behavior, attitudes,
intelligence, abilities, and aptitudes

Personal information under the CCPA does not include:

• Publicly available information from government records

• De-identified or aggregated consumer information
• Information excluded from the CCPA’s scope, like:
o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the
California Confidentiality of Medical Information ACT (CMIA) or clinical trial data;
o Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-
Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from our customers or their agents. For example, information that our clients provide to us related to the services or goods which we
provide.
• Indirectly from our customers or their agents. For example, through information we collect from our customers in the course of providing
services to them.
• Directly and indirectly from activity on our website (www.sigsauer.com). For example, submissions through our website portal(s) or website
usage details collected automatically.
• From third-parties that interact with us in connection with the services we perform. For example service providers we work with to provide
promotions on an opt-in basis.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or
incompatible purposes without providing you notice.

Use of Personal Information

We use the categories of personal information outlined above for the following business purposes:

BUSINESS PURPOSE CATEGORIES USED

Auditing related to a current interaction, with the consumer and A, B, C, D, F, G
concurrent transactions, including, but not limited to, counting ad
impressions to unique visitors, verifying positioning and quality of ad
impressions, and auditing compliance
 Detecting security incidents and protecting against malicious, deceptive, A, B, C, D, F, G
fraudulent, or illegal activity, and prosecuting those responsible for that
activity
Debugging to identify and repair errors that impair existing intended A, B, C, D, F
functionality
Short-term transient use, where the information is not provided to a third N/A
party, and not used to build a profile of the consumer or alter the
consumers experience outside of a single transaction
Performing services on our behalf, including maintaining and servicing A, B, C, D, F, G
accounts, providing customer service, processing or fulfilling orders and
transactions, verifying customer information, processing payments,
providing financing, providing advertising or marketing services,
providing analytic services, or providing similar services on our behalf
Undertaking internal research for technological development and A, B, C, D, F, G
demonstration
Undertaking activities to verify or maintain the quality or safety of a N/A
service or device that is owned, manufactured for, or controlled by us,
and to improve, upgrade, or enhance such service or device

Sharing Personal Information

SIG SAUER does not and will not in the future sell personal information of consumers.
SIG SAUER may disclose your personal information to a third party for a business purpose. In the preceding twelve (12) months, we have disclosed the
following categories of personal information for a business purpose:

CATEOGORY OF THIRD PARTY CATEGORIES OF INFORMATION SHARED

Our Affiliates A, B, C, D, F, G
Service Providers A, B, C, D, F, G
Third Parties to whom you authorize us to disclose your information in A, B, C, D, F, G, I, J
connection with products or services we provide
Government entities or other third parties when required to by law or court A, B, C, D, G
order

Your Rights and Choices

The CCPA provides California Consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains
how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12)
months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you

• The categories of sources for the personal information we collected about you
• Our business or commercial purpose for collecting or selling that personal information
• The categories of third parties with whom we share that personal information
• The specific pieces of personal information we collected about you (also called a data portability request)
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
o Sales, identifying the personal information categories that each category of recipient purchased; and
o Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once
we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our
records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions
reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
 3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics
and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you
previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at 603-610-3000 option 1

• Visiting sigsauer.com/CCPA
• Emailing us at [email protected]

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request
related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an
authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm
the personal information relates to you. Making a verifiable consumer does not require you to create an account with us. We will only use personal
information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. To make a verifiable consumer
request, you must provide us with at least the following information to verify your identity: full legal name, phone number, and email address (if available).
If we require additional information in order to verify your identity, we will contact you to request this information. Please be aware that dependent on what
you are requesting, we may need to take additional steps to verify your identity.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the
reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account
with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period
preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the
information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we
determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Information relating to EU Data Subjects

This section applies only to EU citizens accessing SIG SAUER websites from within the EU.

If you are a European Union citizen, and you are accessing the SIG SAUER websites from within the EU, your personal data is protected by the EU’s General
Data Protection Regulation (GDPR). SIG SAUER is committed to controlling and processing your personal data in compliance with the GDPR, and the
following information is provided for your knowledge and benefit.

• Definitions
o “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one
who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number,
 location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic,
cultural, or social identity of that natural person.
o “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others,
determines the purposes and means of the processing of personal data.
o “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of
that controller.
• Lawful Basis/Purposes of Processing: SIG SAUER processes your personal data on the following bases:
o Fulfilling our contractual duties to you
o Pursuing our legitimate interests

As a company involved in retail activities, we may sometimes need to process your data to pursue our legitimate business interests, for example to
prevent fraud, for our own internal administrative purposes, reporting potential crimes, or maintaining legally required records of sales.

Additionally, we may process your data in order to fulfill our contractual duties to you, including the processing of a sales order, providing repair services,
maintaining our warranty registrations and databases, and other tasks related to the provision of goods and services.

Finally, some information you provide we may be required to process and retain in order to comply with applicable law, including records regarding the sale
or other transfer of firearms.

If you choose to create an account on our website, or place an order, you must provide the personal data requested. If you refuse to provide such data, we
will not be able to create an account for you, or fulfill your order.

• Rights of Data Subjects

Under the GDPR you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure
of your personal data, the right to restrict processing, or object to processing of your personal data as well as the right to make a complaint to a
supervisory authority.

In certain circumstances, you may also have the right to data portability and, if processing of your data is based on your consent, the right to withdraw that
consent at any time.

If you would like to exercise any of these rights, or have any concerns as to how your data is being processed you can contact the webmaster at:

Sig Sauer, Inc., 72 Pease Boulevard, Newington, NH 03801

[email protected]

603-610-3000

Data Security
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and
disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL
technology.

The safety and security of your information also depends on you. Where we have given you or where you have chosen a password for access to certain
parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be
careful about giving out information in public areas of the Website like product review boards. The information you share in public areas may be viewed by
any user of the website.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we
cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We
are not responsible for circumvention of any privacy settings or security measures contained on the website.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal
information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page.

Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us at:
Sig Sauer, Inc.
72 Pease Boulevard
Newington, NH 03801
[email protected]
603-610-3000

Last Updated: 12/30/2019