Privacy Notice

Kratos Defense & Security Solutions, Inc. and its subsidiaries (“Kratos,” “we,” or “us”) are committed to your privacy and protecting your personal data. This notice explains what personal data is collected and processed by Kratos. If you have any questions or concerns about the information in this notice, we encourage you to contact us.

Who is Kratos?

Kratos is a data controller of personal data we have collected. There are several different ways that you can contact us. You may contact us by mail or telephone at:

10680 Treena Street, 6th Floor
San Diego, CA 92131
Phone: 858.812.7300
Toll-Free: 866.606.KTOS

You may also contact us directly by completing a form here, or preferably, email us at privacy@kratosdefense.com.

When Does This Privacy Notice Apply?

This notice applies to the processing by Kratos of all personal data of customers, suppliers, vendors, visitors, and other individuals. It does not apply to former, current, or prospective employees. Our privacy notice for job applicants can be found here. If you are a California resident, our CCPA notice can be found here.

What Personal Data Do We Process And For What Purpose?

When you directly interact with Kratos

For responding to inquiries or other communications we will process your name, contact details, and any other personal data you include in your communications.

For health, safety, and security, we may process your name, contact details, company details, and your image through CCTV feeds when you visit our premises. In addition, if you visit one of our premises and connect to our IT network, we will process personal data sent from your device, such as your IP address. Such information is needed to provide you with internet access, to monitor your use of our information and communication systems to ensure compliance with our policies, and to ensure network and information security.

When you visit our website

Like most organizations, we use third-party service providers for analytics, which use cookies and similar technologies to automatically collect information when you visit our website, such as your browser type, operating system, IP address, and the domain name from which you accessed the site. When you access our website using a mobile device, information about the type of mobile device you are using is collected. Information is also collected about how you use our website, such as the date and time you visit the site, the areas or pages of the site that you visit, the amount of time you spend viewing the site, the number of times you return to the site, and other click-stream data.

We collect this information to prevent or combat malicious activities, to understand how visitors are using our website, to optimize our website, and for marketing purposes.

If you do not want Kratos or our third-party service providers to use cookies during your visit to our website, your browser may allow you to disable or block certain cookies. Please refer to the help section of your browser for more information.

When you complete and submit a form on our website, we process the personal data that you included in the form so we can respond to your submission and for marketing purposes.

Kratos’ website is not intended for children and we do not knowingly collect information relating to children. If you believe that we have collected the information about a child under the age of 16, please contact us so that we can delete the information.

When you do business with us

Kratos collects personal data that you or your business provides us in connection with a business relationship between your company and Kratos. We process your contact details such as your address, email address, telephone number, and other business contact information, professional details such as your job title, and other categories of personal data that may be contained in written communications or disclosed orally.

We collect such personal data to assess whether to enter into a contact with your company, to enter into a contract with your company, to perform a contract with your company, to enforce contracts, to communicate with your company, to market to your company, and for internal management purposes.

We may also collect personal data about your from publicly available sources, such as LinkedIn.

In addition to the purposes for collecting personal data described under the three headings above, we may also process your personal data for the following purposes that we consider to be everyday business purposes:

  • For legal and regulatory compliance, including all uses and disclosures of personal data required by law or as reasonably needed for compliance with Kratos policies and procedures;
  • For audits, including financial, security, and compliance audits, and analysis and reporting;
  • To respond to and defend against legal claims; and
  • For corporate governance, including mergers, acquisitions, and divestitures.

On What Legal Basis Do We Process Your Personal Data?

We will only collect, process, and share your personal data where we are satisfied that we have an appropriate legal basis to do so. To process your personal data, we may rely on different legal basis, including:

  • Your consent (only when legally required or permitted). If we rely on your consent as a legal basis for processing your personal data, you may withdraw your consent at any time;
  • To establish a contractual relationship with you and to perform our obligations under such contract;
  • To comply with legal obligations and to establish, exercise, and defend our self from legal claims; and
  • To pursue a legitimate interest, including:
    • Marketing to you or your company;
    • Entering into or performing a contract or commencing contractual negotiations as well as communicating with your company;
    • Responding to your inquiries or other direct communications with us; and
    • Ensuring our networks, information, and premises are secure.

If You Fail to Provide Your Information

Failing to provide your personal data to us when you:

  • Directly interact with us may prevent us from being able to respond to your inquiry or other communication.
  • Visit our website may prevent the website from performing optimally and may prevent us from contacting you about products you may be interested in.
  • Visit one of our facilities, we may prevent you from entering the facility beyond the reception area.
  • Or your company has a business relationship with us may prevent us from entering into a contract, performing under the applicable contract, or furthering our business relationship.

Disclosing Your Personal Information

Kratos does not sell, trade, or rent your information to third parties. Nor does Kratos maintain any relationships with any ad server companies, and no advertising appears on our website except our own.

We may share your personal data with third parties if required to perform a contract, take steps to enter such contracts, or otherwise in connection with a business relationship. For example, we may share the contact information of an employee of a business partner with our customer to facilitate communications. Because Kratos subsidiaries often collaborate for purposes of conducting our business, your personal data may be shared between and among Kratos and its subsidiaries. Your personal data will be used for internal business and operational purposes, as well as for purposes consistent with the purpose for which the information was originally collected or subsequently authorized by you.

As described above, Kratos will share your personal data with certain third-party service providers when you visit our website. For analytics, we use Google Analytics and Act-On.

We will also disclose your information to the extent required by law and to comply with legitimate governmental requests, subpoenas, court orders, and to establish or exercise our legal rights or defend against legal claims.

We will also disclose your information to third parties if we choose to sell, transfer, merge, or otherwise dispossess all or parts of our business or our assets.

Transferring Your Information

We transfer, process, and store information about you on servers located in the United States. We may also disclose or transfer your personal data to other entities within Kratos to fulfill one or more of the purposes described above.

Kratos complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Kratos has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Kratos has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Under certain circumstances, Kratos may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Rights You Have About Your Information

When your information is collected in the EEA, you have the right to: (1) request access to, correction, and/or erasure of your personal data; (2) object to our processing of your personal data; (3) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights by reaching out to us through one of the contact methods provided above.

In compliance with the DPF, Kratos commits to resolve complaints about our collection or use of your personal information. EEA individuals with inquiries or complaints regarding our DPF notice should first contact Kratos at: privacy@kratosdefense.com.

Kratos has further committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

The Federal Trade Commission (FTC) has jurisdiction over Kratos’ compliance with the DPF.

Binding Arbitration

If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Kratos’ obligations under the DPF, under certain circumstances you may seek resolution via binding arbitration subject to the terms of and in accordance with Annex 1 of the DPF Principles: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

Legitimate Interest and Direct Marketing Objections

For information collected in the EEA, you may object to Kratos processing your information where we are relying on a legitimate interest. We will stop processing your information unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims.

You may also object to Kratos processing your information for purposes of direct marketing. Anyone can do this no matter where your information was collected by clicking the “Unsubscribe” link in any automated marketing email or by submitting your request to Kratos through one of the contact methods described above.

Security

Kratos takes reasonable and appropriate organizational and technical security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.

How Long Do We Retain Your Personal Data?

We will only retain your personal data for as long as necessary to fulfill the purposes for which the data was collected. When Kratos determines how long to retain your information, we will consider whether we have an active or potential business relationship with you, whether there are any legal obligations to which we are subject, and whether retention is prudent because of legal considerations (such as statute of limitations, litigation, or other investigations).

Kratos May Modify This Notice

Kratos reserves the right to update this notice at any time, without prior notice, to the extent permitted by applicable law and the DPF. The updated notice will be posted on our website. Any changes will be effective immediately unless otherwise stated.

Effective May 25, 2018
Last modified: January 9, 2024