Garrett Marketplace ([ https://shop.garrettmotion.com/) (“Garrett Marketplace”) is a marketplace operated by Garrett Motion Inc. or its affiliates including Garrett Motion Australia Pty LIMITED, Unit 4/14 Alfred Road Chipping Norton NSW 2170 NSW, Australia ("Garrett", “Garrett Motion”, "we" or "us"), that allows users to offer, sell, and buy goods and services in various geographic locations.

This Privacy Statement is intended for users in Europe (that is the European Economic Area, Switzerland and the United Kingdom), United States and Australia and explains the types of regulated Personal Data or personal information (collectively, “Personal Data”) that Garrett collects, uses, and discloses (collectively, “processes”) through its business operations and Garrett Marketplace (its “Website” or the “Marketplace”). The Website includes these sites/domains: https://shop.garrettmotion.com/.

If you reside in Europe the data controller under this Privacy Policy is [Garrett Motion Sàrl, Z.A. La Pièce 16, Rolle, VD, 1180 Switzerland], with company number CHE-110.195.348.

If you have any questions about this Privacy Statement or wish to exercise any of your legal rights, please use the contact information that appears in Section 16 of this Privacy Statement.

Unless otherwise defined in this Privacy Statement, all the defined terms in the Garrett Marketplace User Terms and Conditions (“User T&Cs”) shall have the same meanings when they are used in this Privacy Statement. Your use of Garrett Marketplace and any information you provide through it is subject at all times to this Privacy Statement and the User T&Cs.

General categories of Personal Data we collect

Server login information. Our web server captures certain information automatically. This information may include your Internet protocol (IP) address, approximate geographic location, browser type, computer operating system, time and date you visit, the pages you access, and the address of the page that directed you to our Website. We use this data to understand patterns of Website activity and to improve the Website, so it is more useful for you. This information is not linked in any way to you personally, and we do not have the means to link it to you.

Cookies, pixels, and similar technologies. Our Website uses cookies and similar technologies. Cookies record small amounts of data in your web browser. When you visit the Website, our web server uses these for various purposes, including making our site work properly and optimizing your experience. The cookies and similar technologies we use – and how to control them – are shown in our Cookie Banner, You can also control cookies and some forms of tracking using your web browser. We also use pixels and web beacons, which when viewed by you, tell us whether you have opened a promotional email or taken various actions in connection with our advertising activities.

Personal Data that you intentionally submit. Directly identifiable Personal Data is collected primarily when you submit it. This happens when you communicate with us by email, register on the Marketplace, conduct a business transaction through the Marketplace, participate in a survey or promotional program, submit a product review, enter a contest or sweepstakes, register for a newsletter, or take some other affirmative step. You have control over what you submit through email; online forms will disclose the other types of Personal Data collected.

Personal Data that we obtain from others. We may obtain marketing leads from outside our corporate group. This is normally basic contact information. If we have an advertising service provider perform a blind mailing (a campaign using a mail or email list known to the service provider but not disclosed to us), we do not obtain your Personal Data unless and until you respond.

Aggregated or anonymized information. In some instances, we receive information that either combines the information of numerous consumers or is transformed in such a way that the information can no longer be linked to a particular consumer or their household. Under the law, this is not Personal Data.

Fraud and credit checks. In some instances, we or our payment processors may collect Personal Data about you from fraud-prevention agencies and credit reference agencies.

What do we do with the Personal Data we collect?

Our primary use of your Personal Data is to effect purchases and sales on the Marketplace. When you conduct a purchase or sale on the Marketplace, your Personal Data is used to identify you to the other party (a seller if you are a buyer, and a buyer if you are a seller), to verify eligibility for the sale, and to help make arrangements for a sale and delivery.

We may also use your Personal Data in connection with:

• 1. ensuring the security of persons, products, goods and objects, and performing fraud detection (including on Marketplace);
  2. conducting legal processes and complying with legal requirements, including in relation to legal proceedings and evidence gathering processes, and complying with court orders; and
  3. complying with statutory obligations, including to (i) provide data to authorized authorities in the context of criminal investigations, and (ii) comply with applicable data retention obligations; and
  4. establish the identity of customers or third parties, including to provide access to data centers and our offices.

We may disclose your Personal Data to our affiliates and within the Garrett corporate organization and as permitted by law. We may also disclose your Personal Data with other third parties who provide us with services to support our business. These third parties may include, by categories:

1. Professional services, for example, our auditors, tax preparers, attorneys, and others involved in the administration of our business or compliance with regulatory requirements.
2. General business support, such as website hosting companies, ISPs, mailing houses (physical and email), and certain types of advertising organizations.
3. Marketplace transaction support, such as other Users of Garrett Marketplace transaction support, such as other Users of Garrett Marketplace, payment processors, tax service provider, shipping companies, and customs brokers.

These parties (“Service Providers” or “Processors” as defined by law) receive this data under contracts in which they are obligated to use this Personal Data solely for reasons we have specified and under our instructions. They are not permitted to process or use any of your Personal Data for the benefit of themselves or third parties.

We may also disclose your Personal Data to other organizations, such as analytics and marketing providers and platforms, whether directly or through the use of cookies or pixels on Marketplace or our other sites. Where applicable law regulates this as a “sale” or “sharing,” you may opt-out of it as described in this Privacy Statement.

We also reserve the right to disclose, release or otherwise process Personal Data (i) when the law permits it or requires it (e.g., we have received a subpoena) or we otherwise believe that the law requires us to do so; (ii) when we believe it is necessary to protect and/or enforce the rights, property interests, or safety of Garrett, our users or others; or (iii) as we

deem necessary to resolve disputes, troubleshoot problems, prevent fraud, and otherwise enforce our Privacy Statement.

Additionally, if Garrett or its Marketplace merges with or becomes part of another organization, it is sold, it sells all or substantially all of its assets, it is otherwise reorganized, the information you provide may be one of the transferred assets to the acquiring or reorganized entity.

How Personal Data is Collected and Disclosed

The table below shows the categories of Personal Data that we collect, where/how we collect it, and the processors/service providers or third parties to whom we disclose it.

Garrett and some of our affiliates are located overseas, including in Australia, European Union and the USA. Some of the other third parties listed in the above table and to whom we may disclose Personal Data are also located overseas, including in Australia, European Union and the USA.

How we use your Personal Data and how long we keep it

We request Personal Data when necessary to provide a service, complete a transaction, or otherwise run our business. Please note that the same information may be retained for different reasons, and the expiration of its retention for one reason may not trigger its deletion where it is needed for another purpose.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Uses of data elements by activity	How long we keep the data for that use
General interaction with our websiteInternet usage information	This information is collected in a way that is not associated with you personally. We retain this information as long as needed to enhance the functionality, performance, and security of the Marketplace.Information stored in cookies will be retained as described in the Cookies Banner.
Uses of data elements by activity	How long we keep the data for that use
Site improvementInternet usage information Site/campaign-response activity	We retain this information as long as needed to enhance the functionality, performance, and security of the Marketplace.
General correspondenceContact Information	We maintain this information long enough to fulfill your request/inquiry plus as needed to support any resulting business communications or transactions.
Commercial transactionsContact information Financial informationPurchasing histories, tendencies, or profiles	We maintain basic contact and transaction information for the period required to complete the transaction plus the amount of time required to document the transaction, honor any warranties, and fulfill any recall obligations.We use contact information obtained in transactions as a basis to provide you with information on related offerings and special offers. To be deleted from our promotional mailing lists, please use the “unsubscribe” link at the bottom of a marketing email.
Promotional/marketingContact information Purchasing profilesSite/campaign-response activity Purchasing histories, tendencies, or profiles	We maintain information sufficient to send out mailing lists and other business information or promotions until you unsubscribe from the relevant campaign using the supplied link (for email) or other methods as provided in postal mailings.Information stored in cookies will be retained as described in the Cookies Banner.
Regulatory reporting and due diligenceContact information Financial information	We maintain this information for the period required by applicable law or regulation.

How do we protect your Personal Data?

Although no system is impenetrable, we have established physical, electronic, and procedural safeguards for the information we collect that is reasonable given the nature of the information and its sensitivity.

Data Subject Rights

This Privacy Statement is provided so that you can understand at or before the point of collection what we are collecting and why. It also provides guidance to help you exercise your rights under applicable data privacy laws. These rights do not extend to anonymized or aggregated information that can no longer be connected to you personally, and our ability to honor data subject requests depends on your providing accurate information with which we can conduct a search. Please note also that certain banking and health information is outside

1. Right to access. You have the right to know what Personal Data we have collected about you, including the categories of Personal Data, the categories of sources from which the Personal Data is collected, the business or commercial purpose for collecting, or sharing Personal Data, the categories of third parties to whom we disclose Personal Data, and the specific pieces of Personal Data we have collected about you. These are described generally in this Privacy Statement and the tables above. We will, on request, provide you with access to the Personal Data we hold about you, unless there is an exception to such disclosure which applies under relevant data privacy laws. You can request access to the Personal Data we hold about you by emailing this address: Privacy@GarrettMotion.com.

Unless applicable data privacy laws provide otherwise, we are not required to research Personal Data where it is not in a reasonably searchable format, we maintain the information solely for legal or compliance reasons or the reasons outlined in this Privacy Statement, we do not use the information for ‘commercial purposes’, ‘sell’, or ‘share’ it (as each term is defined by the California Consumer Privacy Act of 2018), and we explain what we are not searching on these grounds. Likewise, we are not required to disclose a particular Social Security number, driver’s license number or another government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions, and answers, or unique biometric data generated from measurements or technical analysis of human characteristics. We will, however, identify which of these items we retain.

You have a right to obtain a copy of your Personal Data in a reasonably usable form.

1. Right to deletion. If you reside in the United States or the European Union, you have the right to delete Personal Data that we have collected from you, subject to certain exceptions. For example, in California, these exceptions apply when the Personal Data is needed to:
   1. Complete a transaction for which the Personal Data was collected, provide a good or service requested by you, reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.
   2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
   3. Debug to identify and repair errors that impair existing intended functionality.
   4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
   5. Comply with the California Electronic Communications Privacy Act under Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the California Penal Code.
   6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research if you have provided informed consent.
   7. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
   8. Comply with a legal obligation.
   9. Otherwise use your Personal Data, internally, in a lawful manner that is compatible with the context in which you provided the information.

Other exceptions may be present under state law, but these are representative. Depending on your state, we may ask you to confirm your election to delete your Personal Data.

1. Right to correct Personal Data. You have the right to correct inaccRight to correct Personal Data. You have the right to correct inaccurate, incomplete, irrelevant or out-of-date Personal Data that we maintain about you. If the

Personal Data we hold about you is inaccurate, incomplete, irrelevant or out-of-date, please contact us and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you. We may request documentation establishing the inaccuracy of the information we have. Per applicable law, these requests may be denied if the totality of the circumstances suggests that the information we have on file is accurate or if we are required by law to keep particular information about you for a certain period of time.

1. Right to limit the use of Sensitive or Special Personal Data. You have the right to limit the use of sensitive or special categories of Personal Data (as defined by law) to that necessary to conduct business with you. Garrett does not collect intentionally collect these types of information from the public and does not use them in its external business dealings.
2. Right to Opt-Out of direct marketing and the sale or sharing of your Personal Data (also includes NV residents). Garrett shares Personal Data with its advertising partners for purposes of interest-based (behavioral) advertising, and in the past 12 months, it has provided such information to the categories of parties identified in the tables above. You have a right to opt-out of such sharing, which you may execute by settings in the Cookies Banner, by opting out from direct marketing messages adjusting browser settings, logging into your Marketplace account and modifying its settings, and installing browser extensions. Upon receipt of your opt-out request, we will opt you out from such activities. Garrett does not sell Personal Data for financial consideration and has not done so in the past 12 months. If you decide to opt-out, this may have affect how you experience our marketing for our services.
3. Right to non-discrimination. You have the right to not be discriminated against for exercising your privacy rights under applicable data privacy law. However, the exercise of certain privacy rights may make it so that we are no longer able to provide you with certain services or communications.
4. Right to opt-out of automated decision-making or profiling. You have the right to know about and opt out of automated decision-making using your Personal Data.

Other rights: if applicable data privacy law where you reside provides other data subject rights that are not shown here, we will honor them.

Exercising your rights. With regard to opt-out, correction and sharing preferences, you can use the self-service function on the Garrett motion Preference Centre https://www.garrettmotion.com/preference-center/. You may also effect deletion of your account information with the exception of that portion relating to pending or completed transactions.

To exercise your other rights under applicable data privacy law, please contact Privacy@GarrettMotion.com and state the nature of your request. We may require you to verify your identity. There are some circumstances in which we are not required to grant requests concerning your Personal Data, including where repeated requests are made for purposes of harassment or fraud.

Authorized agents. We will entertain requests from authorized agents where permitted by law. If you wish to have an authorized agent make a verifiable consulaw. If you wish to have an authorized agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your authorized agent. We will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we have collected Personal Data. We can deny any request made by a purported authorized agent who does not submit proof that are authorized to act on your behalf.

Response time. We will respond within the period required by applicable law.

Statement of Financial Incentives: In the event that we offer incentives for the use of your Personal Data, such as coupon codes in exchange for signing up for mailing lists, the nature of those incentives will be disclosed at the time of offering them.

Do Not Track and Global Privacy Control

Do Not Track (DNT) and Global Privacy Control (GPC) are optional browser settings, and in the case of GPC, an extension that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a signal to the websites you visit, indicating that you do not wish to be tracked. DNT does not have standard implementation, and GPC is emerging as a standard. At present, we are developing a capability to receive and interpret GPC signals, and at present, you are encouraged to use the other methods of preventing data collection described in this Privacy Statement.

Interest-based advertising

As you browse the web, you may see advertisements for our products. In some cases, these are based on your prior visit to our Website. Our advertising providers are members of the Digital Advertising Alliance. To opt-out of these campaigns, please use the opt-out button provided or visit https://youradchoices.com/, and to opt out of advertising on mobile apps, please visit https://youradchoices.com/appchoices.

Some advertising you see on the internet or receive via email is based on a matched audience, not Personal Data that we obtained from you or about you. In those cases, ads are served by a provider to an audience with certain characteristics, but we are not provided with individuals’ identities or have direct control over particular people who will receive the advertising. The providers involved will have their own opt-out mechanisms. For example, Facebook has its own Ad Preferences page, and Google ads can be controlled via Google Ad Settings. If you click through to our Website, then your interactions with us become subject to this Privacy Statement.

Please note that:

1. Many opt-out systems are based on browser/device identification or cookies stored by a particular browser on a particular computer or device. If you change browsers or devices, you may need to opt-out again.
2. If you use tools that change, mask, or randomize browser IDs, for example, iCloud Privacy Relay or certain Virtual Private Networks (VPNs), it may become necessary to opt-out more than once on the same browser.
3. Clearing cookies from your browser, or refusing all cookies, may reset opt-outs. For example, using Private Browsing on Safari and Incognito Mode on Chrome, opting out, and then closing the session may cause opt-out cookies to be deleted on exit. Refusing all cookies via a browser setting may result in an opt-out cookie not being set.

Minors

Our website is not intended to be used by persons under the age of eighteen (18), and we do not knowingly store Personal Data of any kind relating to such persons. If you are the parent or guardian of a minor and believe that a minor’s Personal Data has been collected, please contact us so that we may delete it.

How can you opt out of emails and block or restrict cookies?

Email. You can opt out of receiving future promotional electronic mailings from us by following the unsubscribe procedures indicated in each electronic mailing, such as “unsubscribe” or “manage your preferences”.

Cookies. We use cookies to keep track of and enhance certain user activities on our Website such as saving your preferences and user-specific features. More information and controls are contained in our Cookie Banner. You may additionally block or restrict cookies

on your computer or purge them from your browser by adjusting your web browser preferences. You should consult the operating instructions that apply to your browser for instructions on how to configure your browser setting to meet your preferences. However, because cookies may allow you to take advantage of some features or functions of our Website, we recommend that you leave them turned on.

If you decide not to provide certain Personal Data for the above purposes, or if you subsequently withdraw your consent, this may affect how you experience our marketing for our services.

For more information, our Cookie policy can be consulted here: [Add link to cookie policy].

How can you update your Personal Data?

Website Registration. If you have an account on this Website that requires user identification and a password, you can update the information you have provided to us in the account section of the Website. Please also review our support page for ways to contact us so you can update your information.

Direct contact. If you have another type of account or relationship with us, please contact us as described in Section 16.

What about links to other websites?

This Privacy Statement applies only to this Website. This Website may contain links to third- party websites. We are not responsible for the content or policies of such websites and recommend that you check the privacy statements posted on their websites.

What if this Privacy Statement changes?

Our business changes from time to time, and our Privacy Statement will change too. Your continued use of our Website following the posting of any amendment to this Privacy Statement indicates your acceptance of the revised Privacy Statement.

We may send you notices of changes to our Privacy Statement if we possess your contact information at the time of such updates

1. How do I ask questions or provide feedback if I have a complaint?

If you have questions regarding this Privacy Statement or our handling of your personal information, would like to lodge a complaint, or wish to contact our Data Protection Officer, please contact us using the contact information listed below. We will promptly address your concern and strive to reach a satisfactory resolution.

If you have questions as a data subject related to any of your personal information that is currently handled by Garrett, please contact us by:

Email:

Privacy@GarrettMotion.com

Mailing Address:

Garrett Motion Sarl

Z.A. La Pièce 16, Rolle, VD, 1180 Switzerland

Australia Addendum - For Users in Australia only

Complaints. If you lodge a complaint regarding this Privacy Statement or our handling of your personal information to our Data Protection Officer (see Section 16 above), and you are dissatisfied with our response, you have the right to make a complaint to the Office of the

Australian Information Commissioner by phoning 1300 363 992 or by email at enquiries@oaic.gov.au.

18. European Addendum - For Users in Europe only

A. Legal basis for collecting Personal Data

Your Personal Data is being collected and processed on the following legal bases:

• If it is necessary for pursuing our legitimate interests, considering these interests are not overridden by your fundamental rights and freedoms, e.g. we use your Personal Data to know your preferences so as to be able to better personalize our product offerings, to prevent fraud and to secure our website.
• If it is necessary for performing the contract we have with you, e.g. to verify eligibility for the sale, and to help make arrangements for a sale and delivery.
• When you consented to this, e.g. if you have given your prior express consent thereto we may use your email address for sending you marketing materials.
• If it is necessary for complying with a legal obligation that applies to us.

B. Additional data subject rights

Right to block or suppress further use. You have the right, under certain circumstances, to block or suppress further use of your information. When the processing is restricted, we can still store your information, but we can no longer use it.

Right to withdraw consent. If our processing of your personal information is based specifically on your consent, you have the right to withdraw that consent at any time. This includes your right to withdraw consent to our use of your information for direct marketing purposes.

Right to data portability. You have the right to obtain from us, under certain circumstances, your information in a structured, commonly used and machine readable form so you can reuse it for your own purposes across different services. For example: if you want to work with a different service provider, this enables you to move your information easily and in a secure manner to this new service provider.

C. Right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection authority.

• If you reside in the European Economic Area, you can find the contact details of your national data protection authority here.
• If you reside in the UK, you can file a complaint with the UK Information Commissioner’s Office either online (online via https://ico.org.uk/make-a-complaint/ or via telephone +44 0303 123 1113).
• If you reside in Switzerland you can contact the Data Protection and Information Commissioner (FDPIC) (online via https://www.edoeb.admin.ch/edoeb/en/home.html).

D. Information in this policy that is not relevant for EU Users

The following information outlined in Article 7(a) of this policy is only relevant for users in the United States and therefore are not applicable to EU Users:

“a. Right to access. (…)

_Unless applicable data privacy laws provide otherwise, we are not required to research Personal Data where it is not in a reasonably searchable format, we maintain the information solely for legal or compliance reasons or the reasons outlined in this Privacy Statement, we do not use the information for ‘commercial purposes’, ‘sell’, or ‘share’ it (as each term is defined by the California Consumer Privacy Act of 2018), and we explain what we are not searching on these grounds. Likewise, we are not required to disclose a particular Social Security number, driver’s license number or another government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions, and answers, or unique biometric data generated from measurements or technical analysis of human characteristics. We will, however, identify which of these items we retain._”

19. Anonymous interactions. Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact us with a general enquiry, we will not ask for your name unless we need it to adequately handle your enquiry or where we need to identify you. However, for most of our functions and activities we usually need your name and contact information. If you wish to interact with us anonymously or using a pseudonym, this may have affect our ability to provide services to you.