Privacy Policy

Navitas Petroleum: Global Privacy Notice

Effective Date: August 2025

We are Navitas Petroleum ("Navitas", "we", "our"). We take data privacy very seriously and this Privacy
Notice is designed to help you understand how and why we use your personal information.
We encourage you to read this Notice in full. Alternatively, if you wish to read about specific privacy practices
that interest you, please click on the relevant links below.

1. The purpose of this Privacy Notice

1.1. Identity

Navitas is a publicly traded oil and gas exploration and production partnership. We operate out of the United States (Houston), Israel (Herzliya) and the UK. This Privacy Notice applies to each of the following organizations that form part of the Navitas group of companies:

Navitas Petroleum Limited Partnership;
Navitas Petroleum Holdings, LLC;
Peles, LLC;
Navitas Petroleum Limited; and
Navitas Petroleum Development and Production Ltd.

1.2. Our use of personal information

We will collect, use, and share information, including personal information, in connection with the operation of our business.

1.3. This Privacy Notice

This is our main general Privacy Notice that applies across our business, although we may publish additional privacy statements that apply to specific services that we offer from time to time. If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this Privacy Notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this Privacy Notice .

1.4. Updating this Privacy Notice

We may update this Privacy Notice at any time. We will take reasonable measures to communicate any substantial changes that we make to this Privacy Notice to you — for example, by posting an updated version of this Privacy Notice on our website, or by sending you an updated version of this Privacy Notice by email. We also encourage you to check this page from time to time for any changes.

This Privacy Notice is dated August 2025.

1.5. What is personal information?

“Personal information” is any data relating to an identified or identifiable natural person who can be directly or indirectly identified from that data. This includes obvious things like your name, address and telephone number but can also include less obvious things like analysis of your use of our website. There are different types of personal information. The most important types for you to know about are:

Special categories of personal information — these categories of personal information often have additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation. Local data protection laws may limit the way in which we can use this information when compared to, for example, your name and address.
Personal information with special sensitivity — under Israeli law, this includes information that requires heightened protection, including biometric data, genetic information, health information, and other categories as defined under Amendment 13 to the Israeli Privacy Protection Law.
Criminal convictions information — this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address.

1.6. Our responsibility to you

We are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.

2. Your personal information

2.1. Why are we collecting personal information about you?

We collect personal information about you in connection with our provision of services and the running of our business more generally. We may hold information about you if:

you are (or you represent, work for, or own) a prospective, current, or former investor of Navitas;
you are (or you represent, work for, or own) a prospective, current or former customer of Navitas;
you are (or you represent, work for, or own) a supplier of products or services to Navitas; or
you attend our events, subscribe to our mail alerts, contact us through our website or visit our website.

2.2. What personal information do we collect about you?

The types of information we process about you may include:

Types of personal information	Details
Individual details	Your name, address, other contact details (for example, email address and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and job category.
Identification details	Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving license number.
Financial information	Bank account or payment card details, income or other financial information.
Identifiers	Information which can be traced back to you, such as an IP address, a website tracking code or electronic images of you.

2.3. Where do we collect your personal information from?

We may collect your personal information from various sources, including: directly from you;
your employer or the organisation that you represent, work for or own; • our service providers;
publicly accessible registers or sources of information; and
by actively obtaining your personal information ourselves, for example through the use of website tracking devices.

The sources that apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party — in particular, your employer or the organisation that you represent or work for — we may ask them to provide you with a copy of this Privacy Notice (or, if applicable, a shortened version of it) to ensure you know we are processing your information and the reasons why.

Important: We do not process any personal information that has been collected illegally, and we have implemented measures to ensure all data collection complies with applicable laws.

3. Our use of your personal information

3.1. How do we use your personal information and what are our legal grounds for doing so?

We may process your personal information in many different ways — including by collecting, recording, organising, storing, analyzing, modifying, extracting, sharing, deleting and/or destroying it.

In this section we set out in more detail:

he main purposes for which we process your personal information; and
the legal bases upon which we are processing your personal information.

Purpose	Legal bases
Operating our business We may collect your personal information in order to operate our business, for example where you are (or where you are employed by or represent) a Navitas customer, investor or other business partner.	Legitimate interests We have a legitimate interest in using your information where this is necessary or appropriate to operate our business, including to provide our customers with our products and services.
Responding to enquiries We may collect your personal information to respond to enquiries from you and to provide you with information about our business.	Legitimate interests We have a legitimate interest in using your information where this is necessary or appropriate to respond to your enquiries or provide you with information about our business.
Service providers We collect information about you in connection with your provision of products and services to us or your position as a representative or worker of a provider of products or services to us.	Legitimate interests We have a legitimate interest in contacting and dealing with individuals involved in providing services to us.
Events If you wish to attend one of our events, we ask you to provide us with a limited amount of information including your contact details and details about your business or employer, as applicable.	Legitimate interests We have a legitimate interest in processing your information in order to communicate with you about events that you attend and to understand who is attending our events.
Visitors to our website Our website may invite you to provide us with your personal information. Where you provide us with your information, we will only use it for the purpose for which it has been provided by you. Our website uses cookies to help it work more efficiently and to provide us with information on how the website is being used. You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons.	Legitimate interests We have a legitimate interest in providing to you the facilities on our website that you have requested and in understanding how our website is used and the relative popularity of the content on our website.
Visitors to our offices We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need-to-know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident). We do not generally look to collect special categories of personal information and criminal convictions data for this purpose.	Legitimate interests We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure.
Establishing our legal position We may use and/or release your personal information — including sharing it with our legal advisers — when looking to establish our legal position (including with respect to the data protection authorities that regulate our business). In some cases, this information may include special categories of personal information and criminal convictions data.	For all information — legitimate interests. We have a legitimate interest in understanding and establishing our legal rights and obligations. For special category and criminal convictions data — the establishment, exercise, or defense of legal claims.

Purpose

Legal bases

Operating our business

We may collect your personal information in order to operate our business, for example where you are (or where you are employed by or represent) a Navitas customer, investor or other business partner.

Legitimate interests

We have a legitimate interest in using your information where this is necessary or appropriate to operate our business, including to provide our customers with our products and services.

Responding to enquiries

We may collect your personal information to respond to enquiries from you and to provide you with information about our business.

Legitimate interests

We have a legitimate interest in using your information where this is necessary or appropriate to respond to your enquiries or provide you with information about our business.

Service providers

We collect information about you in connection with your provision of products and services to us or your position as a representative or worker of a provider of products or services to us.

Legitimate interests

We have a legitimate interest in contacting and dealing with individuals involved in providing services to us.

Events

If you wish to attend one of our events, we ask you to provide us with a limited amount of information including your contact details and details about your business or employer, as applicable.

Legitimate interests

We have a legitimate interest in processing your information in order to communicate with you about events that you attend and to understand who is attending our events.

Visitors to our website

Our website may invite you to provide us with your personal information. Where you provide us with your information, we will only use it for the purpose for which it has been provided by you.

Our website uses cookies to help it work more efficiently and to provide us with information on how the website is being used. You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons.

Legitimate interests

We have a legitimate interest in providing to you the facilities on our website that you have requested and in understanding how our website is used and the relative popularity of the content on our website.

Visitors to our offices

We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need-to-know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).

We do not generally look to collect special categories of personal information and criminal convictions data for this purpose.

Legitimate interests

We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure.

Establishing our legal position

We may use and/or release your personal information — including sharing it with our legal advisers — when looking to establish our legal position (including with respect to the data protection authorities that regulate our business).

In some cases, this information may include special categories of personal information and criminal convictions data.

For all information — legitimate interests.

We have a legitimate interest in understanding and establishing our legal rights and obligations.

For special category and criminal convictions data — the establishment, exercise, or defense of legal claims.

3.2. Consent

We do not generally process your personal information based on your consent (as we can usually rely on another legal basis). Where we do process your personal information based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent please email us at [email protected].

ISRAEL

Use of the digital services constitutes consent on the part of the user to all the terms, conditions and notices concerning the digital service. Provision of personal information by the user by means of the company’s digital services indicates your consent to the company making use of such data in accordance with this privacy policy. When you provide personal information relevant to the service, you declare that the personal details that you gave to the Company are reliable and accurate. And that you are aware that you are not required by law to provide the information, unless expressly stated otherwise. NAVITAS undertakes to uphold the provisions of the Protection of Privacy Law, 5741-1981 (hereinafter “the Protection of Privacy Law“) and the regulations promulgated by virtue of it, including the Protection of Privacy Regulations (Data Security), 5777-2017 (“Data Security Regulations“), and the relevant guidance of the Privacy Protection Authority, all as shall be updated from time to time.

3.3. Do we share your information with anyone else?

We do not sell your information. However, we may share your information in the following circumstances:

our organisation is a publicly traded company with offices in Israel, the USA and the UK. Where it is necessary or appropriate for the purposes for which we hold your information and we have a lawful basis for doing so, we share your relevant information between our offices. All our offices are covered by this notice and manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements;
in order to operate our business efficiently, we require the assistance of various external service providers, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) involve the service provider holding and using your personal information. In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure and make sure it is properly protected. They are also not permitted to use your information for their own purposes;
in connection with a sale or business transaction. If we sell our business or undergo another business transaction (such as a re-organisation, merger, joint venture, assignment, transfer, or other disposition of any or all portion of our business, assets, or stock, including in connection with any bankruptcy or similar proceedings), then your information may be shared with, or transferred to, a third party. In such circumstances, we will require each such third party to keep your information safe and confidential;
to protect the rights, property and safety of Navitas and others. Such information will be disclosed in accordance with applicable laws and regulations. This includes where we share information with other parties in the context of litigation discovery and in response to subpoenas and court orders; and
we share your personal information with other third parties, such as relevant public and government authorities, including regulators and law enforcement bodies, where we are required or requested to do so to comply with legal or regulatory requirements.

4. Other important things you should know

4.1. Keeping your personal information safe

We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorized disclosure of the personal information we process. Our cybersecurity measures are aligned with industry best practices and applicable regulatory requirements in all jurisdictions where we operate.

4.2. Profiling and automated decision making

We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).

4.3. How long do we keep your personal information?

We keep your personal information for no longer than is necessary for the purposes described in this Privacy Notice and, in any event, no longer than we are permitted to under applicable law. Our retention periods are based on the requirements of relevant data protection laws and legal obligations. The purpose for which the information is collected and used, considering legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice, and our business purposes. If you would like further details regarding applicable retention periods, please email us at [email protected].

4.4. Cross border transfers of your personal information

We are a global business that operates in a number of jurisdictions, including Israel, the USA and the UK. The global nature of our business means that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country. Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws. If you would like further details of how your personal information is protected when transferred from one country to another then please email us at [email protected].

4.5. Local differences

Whilst this Privacy Notice describes the data protection practices adopted by us generally across the world, local data protection laws vary and some countries may place restrictions on our processing activities. This means our actual data protection practices in certain countries may vary from those described here in order to help us ensure we comply with local requirements. Country-specific differences in our data protection practices to help us comply with local requirements are set out below.

Israel

In compliance with Israeli Privacy Protection Law and Amendment 13 (effective August 14, 2025), the following additional provisions apply:

Enhanced Definitions: We comply with updated definitions of personal information and “personal information with special sensitivity” as defined under Israeli law.

USA

Navitas aligns our cybersecurity safeguards and programs with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Furthermore, Navitas follows applicable Texas state law and federal law pertaining to personally identifiable information.

Texas Data Privacy and Security Act (TDPSA): As a company operating in Texas, we comply with the Texas Data Privacy and Security Act, which became effective July 1, 2024. Under this law, Texas residents have the following rights:

The right to access, correct, and delete personal information
The right to opt-out of the sale of personal information and targeted advertising
The right to data portability
The right to exercise opt-out rights through authorized agents (effective January 1, 2025)

Multi-State Compliance: We also comply with applicable privacy laws in other states where we conduct business or process personal information of residents, including but not limited to California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), and other comprehensive state privacy laws.

Federal Restrictions on Foreign Data Transfers: We comply with the Protecting Americans’ Data from Foreign Adversaries Act (PADFA) and other federal restrictions on the transfer of personal information outside the United States.

Navitas does not sell or release personally identifiable information except as specifically described in this Privacy Notice.

We comply with UK data protection laws, including the UK GDPR and Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025. Our UK operations follow all applicable requirements for processing personal information within the UK jurisdiction.

Data (Use and Access) Act 2025: Following the enactment of the Data (Use and Access) Act 2025 (which received Royal Assent on June 19, 2025), we have updated our practices to comply with new requirements, including:

Updated international data transfer mechanisms under the new “data protection test”
In accordance with the revised Privacy and Electronic Communications Regulations (PECR), Navitas has updated its cookie consent practices. Non-essential cookies (such as those used for analytics or advertising) will only be set with your explicit opt-in consent. You can manage your cookie preferences at any time through our website’s cookie settings panel. Adherence to new “recognized legitimate interests” processing basis, where applicable1

UK-EU Adequacy Status: We monitor and comply with requirements to maintain the UK’s adequacy status with the European Union, which enables continued seamless data transfers between the UK and EU.

Information Commissioner’s Office (ICO): We cooperate fully with the ICO in its regulatory capacity and follow all ICO guidance and enforcement requirements.

5. Your rights

5.1. Contact us and your rights

Under certain conditions you may have the right to require us to:

provide you with further details on the use we make of your personal information;
confirm whether we are processing any of your personal information and (where this is the case) provide you with access and a copy to the personal information we hold about you;
update any inaccuracies in the personal information we hold about you;
delete any of your personal information that we no longer have a lawful ground to use;
where processing is based on consent, stop that processing by withdrawing your consent (which you may do at any time);
object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
restrict how we use your personal information whilst a complaint is being investigated; and
transfer your personal information to you or to a third party in a standardized machine-readable format.

In certain circumstances, we may need to restrict your rights, in order to safeguard the public interest (for example, the prevention or detection of crime) and our interests (for example, the maintenance of legal privilege).

To exercise any of your rights, please email us at [email protected]. We will assess any request to exercise your rights on a case-by-case basis and we may ask you for proof of identity or other information before doing so.

We also are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.

Please note that if you ask us to delete your personal information, it may take us more time to delete your information from our back-up systems than it does from our active servers.

Please also note that if you ask us not to process your personal information and unsubscribe from our services such as mail alerts, we may need to keep some information in order to fulfil your request, for example, we will retain enough information about you to ensure that your preference not to receive direct marketing is respected in the future.

5.2. How to contact us and further details

To exercise any of your rights, please email us at [email protected].