NORTH AMERICA AND ASIA PRIVACY NOTICE
EFFECTIVE DATE: March 2020
For those who reside in California, please see “Additional Information for California Residents”.
Collection of Personal Information
We may collect the following categories of personal information from and about you:
- Identifiers such as a name, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers;
- Demographic information, including characteristics protected by law, such as your gender or age;
- Commercial information, such as your purchase history or products you have expressed interest in;
- Biometric information;
- Internet or other electronic network activity information, such as the data we receive when you interact with our website;
- Geolocation data, such as information we receive about your device location (e.g., based on your IP address) to suggest appropriate JM locations;
- Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs or voice recordings;
- Professional or employment-related information, such as your employer or title;
- Education information; and
- Inferences drawn from the above categories.
We collect personal information about you from a variety of sources, including:
- From you: We collect information that you submit to us. For example, when you contact us, provide website feedback, create an account, sign up for notifications regarding news, products and promotions, respond to surveys, submit comments, submit a service or substitution request, or register for classes or trainings.
For certain features available through the Services, you may submit the personal information of others. For example, when registering for in-person or on-site classes or trainings, you may provide information related to your emergency contact including their name, phone number, and other contact information. When you submit personal information about others, you represent that you have obtained their consent to provide and disclose their personal information to us.
Please note that we or third parties may collect personal information about your online activities over time and across different devices and online properties when you use the Services.
Use of Personal Information
We may use personal information we collect through the Services to:
- Respond to your inquiries and fulfill your requests;
- Complete and process commercial transactions;
- Process your registration and identify you as a user;
- Allow you to participate in surveys;
- Contact you with information, including transactional or promotional information;
- Improve the Services and our marketing or develop new services;
- Administer and troubleshoot the Services;
- Analyze your use of the Services and personalize and enhance your experience;
- Comply with applicable laws, regulations, or legal process, as well as industry standards and our company policies;
- Prevent, investigate, identify, stop, or take any other action with regard to suspected or actual fraudulent or illegal activity, or any activity that violates our policies;
- For any other purpose, in accordance with applicable law
We may also use third-party web analytics services, such as Google Analytics, to help us analyze how visitors use the Services. To learn more about opting out of data collection through Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.
Sharing and Transfer of Personal Information
We may permit our agents, vendors, consultants, and other service providers to access information obtained through the Services to carry out work on our behalf. Our service providers use personal information that we disclose to them only for the purpose for which it was disclosed. We may also share and transfer your personal information among JM's group companies. Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located.
We also may share and transfer your information:
- If we are required to do so by law, regulation, or legal process (such as in response to a subpoena or court order or similar government request for information);
- To respond to requests by government agencies, including law enforcement authorities;
- When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity;
- To enforce our policies, or to protect legal rights, property, or safety; and
- With third parties to investigate or address possible criminal or fraudulent activity.
In addition, we reserve the right to disclose any information we obtain through the Services in the event we sell or transfer all or a portion of our business or assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.
We may disclose the following categories of personal information for our business purposes:
- Demographic information;
- Commercial information;
- Biometric information;
- Internet or other electronic network activity information;
- Geolocation data;
- Audio, electronic, visual, thermal, olfactory, or similar information;
- Professional or employment-related information;
- Education information; and
- Inferences drawn from the above categories.
Note that California law characterizes some sharing and transfer of personal information as a “sale,” even when the sharing or transfer is not done in exchange for monetary consideration. JM does not believe that any of the sharing or transfers described in this policy constitute sales under California law.
We take reasonable measures to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the Internet and online digital storage are not completely secure and we cannot guarantee the security of your information collected through the Services.
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the laws;
- defend or bring any existing or potential legal claims; and/or
- deal with any queries or complaints you may have.
The Services may include features that are designed to permit interactions that you initiate between the Services and third-party websites or services, including third-party social networks (collectively, “Social Features”). For example, you may be able to “like” or “share” content from the Services on other websites or services.
collected and stored by the third parties remains subject to those third parties’ privacy practices, including whether the third parties continue to share information with us, the types of information shared, and your choices with regard to what is visible to others on those third-party websites or services.
The Services may enable users to submit their own content, such as comments, messages, questions, or other information (“User-Generated Content”). We or others may store, display, reproduce, publish, distribute, or otherwise use User-Generated Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User-Generated Content and may have the ability to share it with third parties. If you choose to submit User-Generated Content to any public area of the Services, your User-Generated Content will be considered “public” and will be accessible by anyone. Please note that we do not control who will have access to the information that you choose to make available to others and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Services or what others do with information you share with them on the Services. We are not responsible for the accuracy, use, or misuse of any User-Generated Content that you disclose or receive from third parties through the Services.
Changing your Personal Information
You may make changes to your personal information, including keeping your information accurate, by accessing your account settings or contacting us at firstname.lastname@example.org.
You may make changes regarding receiving email communications from us by exercising options indicated at the bottom of each email communication or contacting us at email@example.com. If you register an email press release account, you may make changes to your email press release and alert options through your account settings. Please note that even if you opt out of receiving promotional communications from us, we may continue to send you non-promotional emails, such as communications regarding our ongoing relationship with you.
We may use your personal information to conduct Interest-based Advertising on third-party websites or services. Certain third parties may participate in the Digital Advertising Alliance (“DAA”) AdChoices Program and may display an advertising option icon for interest-based ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps
at http://www.aboutads.info/appchoices. In addition, certain advertising networks and exchanges may
participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt out of certain interest-based ads delivered by NAI members’ ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of interest-based ads, you will continue to receive non-targeted ads. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
Do Not Track
Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our websites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals,
Additional Information for California Residents
California law permits customers in California to request certain details about how their personal information is shared with third parties, if the personal information is shared for those third parties’ own direct marketing purposes. We do not share personal information with third parties for those third parties’ own direct marketing purposes. Californians may request information about our compliance with this law by contacting us
at firstname.lastname@example.org or by postal mail sent to:
Attn: Chief Privacy Officer
717 17th Street
Denver, CO 80202
To make a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident, and provide your current California address to which we will send our response. Your inquiry must specify “California Privacy Rights Request” in the subject line of the email or the first line of the letter, and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year.
California law also grants its residents certain rights regarding the collection and use of their personal information. Subject to certain limitations, California residents have the right to:
- Access personal information we have collected about them;
- Know the categories of personal information we have collected, the sources from which we have collected personal information, the purposes for which we collected and/or shared personal information, the categories of personal information disclosed for consideration, the categories of third parties to whom we disclosed personal information, and the categories of personal information that we disclosed for a business purpose about them; and
- Delete the personal information we have collected about them.
To exercise the above rights, you may submit your request at email@example.com or call us at our toll-free number 1-866-256-1943. Please note, that under certain circumstances, we may be prohibited from complying with, or have the discretion as to whether to comply with, your request in full. We will not engage in illegal discrimination on the basis of you exercising any of the above-listed rights.
Information for Users Outside the United States
If you are visiting the Services from outside the United States, please be aware that information we obtain about you will be processed in the United States or in other jurisdictions. Please be aware that the data protection laws and regulations that apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence.
EU PRIVACY NOTICE
EFFECTIVE DATE: November 25, 2019
Johns Manville (“JM,” “we,” “us,” “our”) is committed to fulfilling our responsibilities under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU personal data. This Privacy Notice sets forth how we process EU personal data obtained via our websites – including www.jm.com, www.jmroofing.news, www.jmroofing.events, www.jmextramile.com, www.jmtcsafety.com, firstname.lastname@example.org, and www.jminsulationinsider.com (collectively, the “Sites”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing).
Personal data collected via the Sites may include:
- Contact data. You may provide us with your contact details, such as your name, phone number, home address, company name, job title, and email address (for example, when you contact us, provide website feedback, or register for classes or trainings (e.g., through Johns Manville Roofing Institute)).
- Authentication Data. To verify the identity of registered users we may collect a user name, password, and other similar authentication information (for example, if you register an email press release account we will ask that you provide a username and password).
- Account Information. In addition to contact data, when creating an account on one of the Sites you may provide us with additional information about yourself (for example, if you register an email press release account, you may provide us with URLS to your website, blog, Twitter, Facebook, and LinkedIn, and, if you are an accredited member of the news media, a picture of your media badge).
- Interests and Notification Preferences. The Sites may provide mechanisms for you to sign up for notifications regarding products and promotions JM believes are of interest to you based on our interests and preferences (for example, through our Submittal Wizard).
- Business Project Information. You may submit information related to your business projects, including information on the project’s address (for example, through our Submittal Wizard or when you submit a Services Request).
- Supplier Application Information. You may provide information about yourself and your company such as your contact information and your company’s contact information (for example, if you apply to become one of our suppliers through the Supplier Partnership contact form).
- Job Application Information. If you apply for a job through our Careers Page we or our vendor may collect personal data such as your name, e-mail address, physical address, phone number, and CV.
- Device Information. We may obtain information about devices that access our Sites, including the type of device, its operating system, device settings, unique device identifiers, and error data.
- Location Information. The Sites may use GPS (global positioning systems) software, geo-filtering, and other location-aware technologies to locate you (sometimes precisely) (note: you may be able to toggle on or off location technologies using your internet browser (e.g., Google Chrome); if you disable location technologies, you may not be able to use certain features of this Sites).
- Information About Others. The Sites may also allow you submit personal data about third parties (for example, when registering for in-person or on-site classes or trainings, you may provide information related to your emergency contact including their name, phone number, and other contact information). When you submit personal data about third parties, you represent that you have obtained the third party’s consent to disclose their personal data to us.
- Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute such as feedback and user support inquiries regarding the Sites (note: please be aware that information you post on public parts of our Sites may be visible to anyone).
How and Why We Use Your Personal Data
We may process personal data to:
- Transact with you, respond to your comments, questions and requests, provide customer service, send you informational notices, and contact you if we need to obtain or provide additional information.
- Process your Sites registration and identify you as a user.
- Verify your location and deliver or restrict content based on your location.
- Facilitate, manage, personalize, and improve our user and partner relationships.
- Prevent and address fraud, breach of policies or terms, and threats or harm.
- Ensure the security and integrity of the personal data we process.
- Comply with applicable legal requirements.
Our processing of such personal data is carried out pursuant to the following legal bases:
- The processing is necessary for us to provide you with the products and services you request, or to respond to your inquiries.
- We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in carrying out the processing activity. In particular, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of the Sites. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
- To maintain and improve the Sites.
- To operate the Sites and provide you with certain tailored information and communications to develop and promote our network and opportunities.
- You have consented to the use of your personal data. When you consent, you can change your mind at any time.
If we make a material change to how we process your personal data, we will notify you as appropriate and may also modify this Privacy Notice.
How We May Share Your Personal Data
We may share your personal data:
- With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Sites.
- With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other platforms, and send marketing and other communications on our behalf.
- To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
- If we are involved in a reorganization, merger, acquisition, or sale of some or all of our assets.
How We Use Tracking Technologies
We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:
- Recognize new or past users.
- Store your profile or authentication credentials if you are registered on the Sites.
- Improve the Sites and to better understand your use of the Sites.
- Integrate with third-party social media websites.
- Serve you with interest-based or targeted advertising.
- Observe your behaviors and browsing activities over time across multiple websites or other platforms.
- Better understand the interests of our Sites users.
Different types of cookies may be used for specific purposes, for example:
- Functional cookies and cookies from third parties may be used for analysis and marketing purposes. Functional cookies enable certain parts of the website to work properly, retain user preferences, and allow users to log in using social network user credentials.
- Analysis cookies may collect information on how visitors use a website, the content and products that website users view most frequently, and the effectiveness of third-party advertising.
- Advertising cookies assist in delivering ads to relevant audiences. This may include, for example, placing ads at the top of search results.
Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it.
Through your device or browser settings you may change your settings to disallow certain Sites’ features, disabling certain tracking technologies. For example, turning off location tracking through your device’s or browser’s settings will disable the Sites’ location tracking technologies. You can set your browser settings either to receive our cookies or use our Sites without cookie functionality. To control flash cookies visit this link. Please note that if you restrict the use of tracking technologies, some functions of the Sites may be unavailable, and we will not be able to present you with personally-tailored content.
We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Notice. Similarly, the third parties who serve tracking technologies on our Sites may link personal data we collect from you to other information they collect. Specifically, we may use Google Analytics. To opt out of Google Analytics, visit their opt-out mechanism.
For more information on our use of tracking technologies and cookies, contact us at email@example.com.
How We Protect Your Personal Data
We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of your information obtained through the Sites.
How Long We Retain Your Personal Data
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.
Links to Third-Party Websites
Some features of the Sites may open your preferred internet browser on your device and allow you to access certain third-party websites. These websites are governed by their own privacy policies, terms, and cookie policies. We encourage you to read the policies and terms of websites that the Sites may link to.
Personal Data Transfers
If we transfer your personal data out of the European Economic Area (“EEA”) to countries not deemed by the European Commission to provide an adequate level of personal data protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal data, where required by EU data protection legislation:
- Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer.
- The EU - U.S. Privacy Shield Framework (for transfers to third parties in the United States that have self-certified to the Framework).
For further information on the mechanism(s) used to transfer your personal data, please contact us at firstname.lastname@example.org.
Your Rights and Choices
The GDPR provides EU data subjects with certain rights regarding their personal data. Subject to certain conditions, you may ask us to take the following actions in relation to your personal data that we hold:
- Provide you with information about our processing of your personal data and give you access to your personal data.
- Update or correct inaccuracies in your personal data.
- Delete your personal data.
- Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict the processing of your personal data.
- Object to our processing of your personal data for direct marketing purposes.
- Object to reliance on our legitimate interests as the basis for processing of your personal data.
You may exercise some of these rights and choices through Sites’ features such as editing your account settings when you are logged in. Additionally, you can submit these requests by email to email@example.com or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us at firstname.lastname@example.org or submit a complaint to the data protection regulator in your jurisdiction. You can find information about your data protection regulator here.
How to Contact Us
To make a query, raise a concern, or exercise your data protection rights, please contact us at email@example.com.
The data controller for your personal data is Johns Manville, which you may contact by via email at firstname.lastname@example.org or at the following address:
717 17th Street, 12th floor
Denver, CO 80202
Attn: Data Privacy