North America and
Asia Privacy Notice
Updated Date: March 2021
For those who reside in California, please see “Additional Information for California Residents”.
Collection of Personal Information
We may collect the following categories of personal information from and about you:
- Identifiers such as a name, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers;
- Demographic information, including characteristics protected by law, such as your gender or age;
- Commercial information, such as your purchase history or products you have expressed interest in;
- Biometric information;
- Internet or other electronic network activity information, such as the data we receive when you interact with our website;
- Geolocation data, such as information we receive about your device location (e.g., based on your IP address) to suggest appropriate JM locations;
- Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs, voice recordings, or security camera video footage at our facilities;
- Professional or employment-related information, such as your employer or title;
- Education information; and
- Inferences drawn from the above categories.
We collect personal information about you from a variety of sources, including:
- From you: We collect information that you submit to us. For example, when you contact us, provide website feedback, create an account, sign up for notifications regarding news, products and promotions, respond to surveys, submit comments, submit a service or substitution request, or register for classes or trainings.
For certain features available through the Services, you may submit the personal information of others. For example, when registering for in-person or on-site classes or trainings, you may provide information related to your emergency contact including their name, phone number, and other contact information. When you submit personal information about others, you represent that you have obtained their consent to provide and disclose their personal information to us.
Please note that we or third parties may collect personal information about your online activities over time and across different devices and online properties when you use the Services.
Use of Personal Information
We may use personal information we collect through the Services to:
- Respond to your inquiries and fulfill your requests;
- Complete and process commercial transactions;
- Process your registration and identify you as a user;
- Allow you to participate in surveys;
- Contact you with information, including transactional or promotional information;
- Improve the Services and our marketing or develop new services;
- Administer and troubleshoot the Services;
- Analyze your use of the Services and personalize and enhance your experience;
- Promote security at our facilities;
- Comply with applicable laws, regulations, or legal process, as well as industry standards and our company policies;
- Prevent, investigate, identify, stop, or take any other action with regard to suspected or actual fraudulent or illegal activity, or any activity that violates our policies;
- For any other purpose, in accordance with applicable law
We may also use third-party web analytics services, such as Google Analytics, to help us analyze how visitors use the Services. To learn more about opting out of data collection through Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.
Sharing and Transfer of Personal Information
We may permit our agents, vendors, consultants, and other service providers to access information obtained through the Services to carry out work on our behalf. Our service providers use personal information that we disclose to them only for the purpose for which it was disclosed. We may also share and transfer your personal information among JM's group companies. Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located.
We also may share and transfer your information:
- If we are required to do so by law, regulation, or legal process (such as in response to a subpoena or court order or similar government request for information);
- To respond to requests by government agencies, including law enforcement authorities;
- When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity;
- To enforce our policies, or to protect legal rights, property, or safety; and
- With third parties to investigate or address possible criminal or fraudulent activity.
In addition, we reserve the right to disclose any information we obtain through the Services in the event we sell or transfer all or a portion of our business or assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.
We take reasonable measures to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the Internet and online digital storage are not completely secure and we cannot guarantee the security of your information collected through the Services.
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the laws;
- defend or bring any existing or potential legal claims; and/or
- deal with any queries or complaints you may have.
The Services may include features that are designed to permit interactions that you initiate between the Services and third-party websites or services, including third-party social networks (collectively, “Social Features”). For example, you may be able to “like” or “share” content from the Services on other websites or services.
The Services may enable users to submit their own content, such as comments, messages, questions, or other information (“User-Generated Content”). We or others may store, display, reproduce, publish, distribute, or otherwise use User-Generated Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User-Generated Content and may have the ability to share it with third parties. If you choose to submit User-Generated Content to any public area of the Services, your User-Generated Content will be considered “public” and will be accessible by anyone. Please note that we do not control who will have access to the information that you choose to make available to others and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Services or what others do with information you share with them on the Services. We are not responsible for the accuracy, use, or misuse of any User-Generated Content that you disclose or receive from third parties through the Services.
Changing your Personal Information
You may make changes to your personal information, including keeping your information accurate, by accessing your account settings or contacting us at firstname.lastname@example.org.
You may make changes regarding receiving email communications from us by exercising options indicated at the bottom of each email communication or contacting us at email@example.com. If you register an email press release account, you may make changes to your email press release and alert options through your account settings. Please note that even if you opt out of receiving promotional communications from us, we may continue to send you non-promotional emails, such as communications regarding our ongoing relationship with you.
We may use your personal information to conduct Interest-based Advertising on third-party websites or services. Certain third parties may participate in the Digital Advertising Alliance (“DAA”) AdChoices Program and may display an advertising option icon for interest-based ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps at http://www.aboutads.info/appchoices. In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt out of certain interest-based ads delivered by NAI members’ ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of interest-based ads, you will continue to receive non-targeted ads. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
Do Not Track
Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our websites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, visit http://www.allaboutdnt.com/.
Additional Information for California Residents
|Categories of personal information disclosed for our business purposes||Categories of third parties to whom this information was disclosed|
|Identifiers||Payroll & Benefits, Compliance and Risk Service Provider, Business Solutions, Workforce Management, Information Technology and Security, Communication, Service Provider, Workforce Management, Financial Business Solution|
|Demographic information||Payroll and Benefits, Workforce Management|
|Commercial information||Business Solution, Communication Service Provider, Financial Business Solution|
|Internet or other electronic network activity information||Communication Service Provider, Business Solution, Information Technology and Security|
|Geolocation Data||Workforce Management, Business Solution, Communication Service Provider|
|Audio, electronic, visual, thermal, olfactory, or similar information||Communication Service Provider, Information Technology & Security|
|Professional or employment-related information||Payroll & Benefits, Business Solutions, Workforce Management, Information Technology and Security, Communication Service Provider,|
|Education information||Workforce Management|
|Inferences||Payroll & Benefits, Compliance and Risk Service Provider, Business Solutions, Workforce Management, Information Technology and Security, Communication Service Provider, Workforce Management, Financial Business Solution|
Note that California law characterizes some sharing and transfer of personal information as a “sale,” even when the sharing or transfer is not done in exchange for monetary consideration. JM does not believe that any of the sharing or transfers described in this policy constitute sales under California law.
California law grants its residents certain rights regarding the collection and use of their personal information. Subject to certain limitations, California residents have the following rights:
- Right to know. You have the right to know and request information about the categories and specific pieces of personal information we have collected about you within the last 12 months, as well as the categories of sources from which such information is collected, the purpose for collecting such information, and the categories of third parties with whom we share such information. You also have the right to know if we have sold or disclosed your personal information.
- Right to delete. You have the right to request the deletion of your personal information, subject to certain exceptions.
- Right to non-discrimination. You have the right to not be discriminated against for exercising any of the above-listed rights. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your personal information.
If you are a California resident and would like to exercise any of the above rights, please submit your request at firstname.lastname@example.org or call us at 1-866-256-1943. Please note that we may request specific information from you in order to verify your identity, and there may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain personal information to comply with our legal obligations or other permitted purposes. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request. If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.
Finally, if you reside in California and have provided your personal information to us, you may request information once per calendar year about our disclosures of certain categories of your personal information to third parties for their direct marketing purposes. Such requests must be submitted to us in writing via email at email@example.com or via postal mail at:
717 17th Street
Denver, CO 80202, USA
Point of Contact: Chief Privacy Officer
Information for Users Outside the United States
If you are visiting the Services from outside the United States, please be aware that information we obtain about you will be processed in the United States or in other jurisdictions. Please be aware that the data protection laws and regulations that apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence.
EU Privacy Notice
Updated: March 2021
Johns Manville (“JM,” “we,” “us,” “our”) is committed to fulfilling our responsibilities under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU personal data. This Privacy Notice sets forth how we process EU personal data obtained via our websites – including www.jm.com, www.jmroofing.news,
www.jmtcsafety.com, firstname.lastname@example.org, and www.jminsulationinsider.com (collectively, the “Sites”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing).
Personal Data We Collect
Personal data collected via the Sites may include:
- Contact data. You may provide us with your contact details, such as your name, phone number, home address, company name, job title, and email address (for example, when you contact us, provide website feedback, or register for classes or trainings (e.g., through Johns Manville Roofing Institute)).
- Authentication Data. To verify the identity of registered users we may collect a user name, password, and other similar authentication information (for example, if you register an email press release account we will ask that you provide a username and password).
- Account Information. In addition to contact data, when creating an account on one of the Sites you may provide us with additional information about yourself (for example, if you register an email press release account, you may provide us with URLS to your website, blog, Twitter, Facebook, and LinkedIn, and, if you are an accredited member of the news media, a picture of your media badge).
- Interests and Notification Preferences. The Sites may provide mechanisms for you to sign up for notifications regarding products and promotions JM believes are of interest to you based on our interests and preferences (for example, through our Submittal Wizard).
- Business Project Information. You may submit information related to your business projects, including information on the project’s address (for example, through our Submittal Wizard or when you submit a Services Request).
- Supplier Application Information. You may provide information about yourself and your company such as your contact information and your company’s contact information (for example, if you apply to become one of our suppliers through the Supplier Partnership contact form).
- Job Application Information. If you apply for a job through our Careers Page we or our vendor may collect personal data such as your name, e-mail address, physical address, phone number, and CV.
- Device Information. We may obtain information about devices that access our Sites, including the type of device, its operating system, device settings, unique device identifiers, and error data.
- Location Information. The Sites may use GPS (global positioning systems) software, geo-filtering, and other location-aware technologies to locate you (sometimes precisely) (note: you may be able to toggle on or off location technologies using your internet browser (e.g., Google Chrome); if you disable location technologies, you may not be able to use certain features of this Sites).
- Information About Others. The Sites may also allow you submit personal data about third parties (for example, when registering for in-person or on-site classes or trainings, you may provide information related to your emergency contact including their name, phone number, and other contact information). When you submit personal data about third parties, you represent that you have obtained the third party’s consent to disclose their personal data to us.
- Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute such as feedback and user support inquiries regarding the Sites (note: please be aware that information you post on public parts of our Sites may be visible to anyone).
How and Why We Use Your Personal Data
We may process personal data to:
- Transact with you, respond to your comments, questions and requests, provide customer service, send you informational notices, and contact you if we need to obtain or provide additional information.
- Process your Sites registration and identify you as a user.
- Verify your location and deliver or restrict content based on your location.
- Facilitate, manage, personalize, and improve our user and partner relationships.
- Prevent and address fraud, breach of policies or terms, and threats or harm.
- Ensure the security and integrity of the personal data we process.
- Comply with applicable legal requirements.
Our processing of such personal data is carried out pursuant to the following legal bases:
- The processing is necessary for us to provide you with the products and services you request, or to respond to your inquiries.
- We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in carrying out the processing activity. In particular, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of the Sites. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
- To maintain and improve the Sites.
- To operate the Sites and provide you with certain tailored information and communications to develop and promote our network and opportunities.
- You have consented to the use of your personal data. When you consent, you can change your mind at any time.
If we make a material change to how we process your personal data, we will notify you as appropriate and may also modify this Privacy Notice.
How We May Share Your Personal Data
We may share your personal data:
- With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Sites.
- With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other platforms, and send marketing and other communications on our behalf.
- To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
- If we are involved in a reorganization, merger, acquisition, or sale of some or all of our assets.
How We Use Tracking Technologies
We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:
- Recognize new or past users.
- Store your profile or authentication credentials if you are registered on the Sites.
- Improve the Sites and to better understand your use of the Sites.
- Integrate with third-party social media websites.
- Serve you with interest-based or targeted advertising.
- Observe your behaviors and browsing activities over time across multiple websites or other platforms.
- Better understand the interests of our Sites users.
Different types of cookies may be used for specific purposes, for example:
- Functional cookies and cookies from third parties may be used for analysis and marketing purposes. Functional cookies enable certain parts of the website to work properly, retain user preferences, and allow users to log in using social network user credentials.
- Analysis cookies may collect information on how visitors use a website, the content and products that website users view most frequently, and the effectiveness of third-party advertising.
- Advertising cookies assist in delivering ads to relevant audiences. This may include, for example, placing ads at the top of search results.
Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it.
Through your device or browser settings you may change your settings to disallow certain Sites’ features, disabling certain tracking technologies. For example, turning off location tracking through your device’s or browser’s settings will disable the Sites’ location tracking technologies. You can set your browser settings either to receive our cookies or use our Sites without cookie functionality. To control flash cookies visit this link. Please note that if you restrict the use of tracking technologies, some functions of the Sites may be unavailable, and we will not be able to present you with personally-tailored content.
We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Notice. Similarly, the third parties who serve tracking technologies on our Sites may link personal data we collect from you to other information they collect. Specifically, we may use Google Analytics. To opt out of Google Analytics, visit their opt-out mechanism.
For more information on our use of tracking technologies and cookies, contact us at email@example.com.
How We Protect Your Personal Data
We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of your information obtained through the Sites.
How Long We Retain Your Personal Data
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.
Links to Third-Party Websites
Some features of the Sites may open your preferred internet browser on your device and allow you to access certain third-party websites. These websites are governed by their own privacy policies, terms, and cookie policies. We encourage you to read the policies and terms of websites that the Sites may link to.
Personal Data Transfers
Your Data may be transferred to, stored and processed in a country other than the one in which you provide it, including countries outside the EU.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable data protection laws to ensure that your Data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
To ensure that these transfers comply with legal requirements, including the GDPR, the Company, JM and JM’s other EU subsidiaries have entered into an inter-company agreement incorporating European Commission-approved contractual clauses (the Standard Contractual Clauses). The inter-company agreement sets forth the legal requirements for JM’s use of the Data and describes the technical and organizational measures JM uses to protect and secure the Data. For transfers to the USA, there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 (1) GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection in the USA corresponds to that of the European Union under Art. 6 GDPR. The GDPR requires so-called suitable guarantees for a data transfer to such a third country like the USA. For example, guarantees like Standard Contractual Clauses ("SCC") and Binding Corporate Rules approved by a supervisory authority ("BCR"). Given the ruling by the European Court of Justice ("CJEU") issued in July 2020, the existing SSC with JM USA for data transfers to the USA does not provide an absolute guarantee that data protection of your personal data in the USA corresponds to level of protection in the European Union. For the purposes of transferring your data to the USA for
customer service, business operations, communications and emergencies, compliance investigations, establishing enforcing and defending the legal rights and claims of any JM entity, JM bases the data transfer on any of the legal basis listed above and in some cases your consent.
In general, we will keep your Data for as long as you maintain a business relationship with the Company. Once this relationship with you has come to an end, we will retain your Data for a period of time that enables us to:
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the law;
- defend or bring any existing or potential legal claims; and/or
- deal with any queries or complaints you may have.
We will delete your Data when it is no longer required for these purposes. If there is any Data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the Data.
Your Rights and Choices
The GDPR provides EU data subjects with certain rights regarding their personal data. Subject to certain conditions, you may ask us to take the following actions in relation to your personal data that we hold:
- Provide you with information about our processing of your personal data and give you access to your personal data.
- Update or correct inaccuracies in your personal data.
- Delete your personal data.
- Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict the processing of your personal data.
- Object to our processing of your personal data for direct marketing purposes.
- Object to reliance on our legitimate interests as the basis for processing of your personal data.
You may exercise some of these rights and choices through Sites’ features such as editing your account settings when you are logged in. Additionally, you can submit these requests by email to firstname.lastname@example.org or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Note that these rights are not unlimited; there are exceptions to these rights under the GDPR and applicable local laws. For example, access to your data may be refused if making the information available would reveal personal data about another person or if we are legally prevented from disclosing such information. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction. You can find information about your data protection regulator here.
How to Contact Us
To make a query, raise a concern, or exercise your data protection rights, please contact us at firstname.lastname@example.org.
The data controller for your personal data is Johns Manville, which you may contact by via email at email@example.com or at the following address:
717 17th Street
Denver, CO 80202, USA
Point of Contact: Chief Privacy Officer
Changes to this Privacy Notice