EU PRIVACY NOTICE
Effective date: November 25, 2019
Johns Manville (“JM,” “we,” “us,” “our”) is committed to fulfilling our responsibilities under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU personal data. This Privacy Notice sets forth how we process EU personal data obtained via our websites – including www.jm.com, www.jmroofing.news, www.jmroofing.events, www.jmextramile.com, www.jmtcsafety.com, email@example.com, www.jminsulationinsider.com, and www.jmgoboard.com (collectively, the “Sites”) – in our role as a data controller (i.e., when we are responsible for determining the purpose and means of the processing).
Personal Data We Collect
Personal data collected via the Sites may include:
● Contact data. You may provide us with your contact details, such as your name, phone number, home address, company name, job title, and email address (for example, when you contact us, provide website feedback, or register for classes or trainings (e.g., through Johns Manville Roofing Institute)).
● Authentication Data. To verify the identity of registered users we may collect a user name, password, and other similar authentication information (for example, if you register an email press release account we will ask that you provide a username and password).
● Account Information. In addition to contact data, when creating an account on one of the Sites you may provide us with additional information about yourself (for example, if you register an email press release account, you may provide us with URLS to your website, blog, Twitter, Facebook, and LinkedIn, and, if you are an accredited member of the news media, a picture of your media badge).
● Interests and Notification Preferences. The Sites may provide mechanisms for you to sign up for notifications regarding products and promotions JM believes are of interest to you based on our interests and preferences (for example, through our Submittal Wizard).
● Business Project Information. You may submit information related to your business projects, including information on the project’s address (for example, through our Submittal Wizard or when you submit a Services Request).
● Supplier Application Information. You may provide information about yourself and your company such as your contact information and your company’s contact information (for example, if you apply to become one of our suppliers through the Supplier Partnership contact form).
● Job Application Information. If you apply for a job through our Careers Page we or our vendor may collect personal data such as your name, e-mail address, physical address, phone number, and CV.
● Device Information. We may obtain information about devices that access our Sites, including the type of device, its operating system, device settings, unique device identifiers, and error data.
● Location Information. The Sites may use GPS (global positioning systems) software, geo-filtering, and other location-aware technologies to locate you (sometimes precisely) (note: you may be able to toggle on or off location technologies using your internet browser (e.g., Google Chrome); if you disable location technologies, you may not be able to use certain features of this Sites).
● Information About Others. The Sites may also allow you submit personal data about third parties (for example, when registering for in-person or on-site classes or trainings, you may provide information related to your emergency contact including their name, phone number, and other contact information). When you submit personal data about third parties, you represent that you have obtained the third party’s consent to disclose their personal data to us.
● Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute such as feedback and user support inquiries regarding the Sites (note: please be aware that information you post on public parts of our Sites may be visible to anyone).
How and Why We Use Your Personal Data
We may process personal data to:
● Transact with you, respond to your comments, questions and requests, provide customer service, send you informational notices, and contact you if we need to obtain or provide additional information.
● Process your Sites registration and identify you as a user.
● Verify your location and deliver or restrict content based on your location.
● Facilitate, manage, personalize, and improve our user and partner relationships.
● Prevent and address fraud, breach of policies or terms, and threats or harm.
● Ensure the security and integrity of the personal data we process.
● Comply with applicable legal requirements.
Our processing of such personal data is carried out pursuant to the following legal bases:
● The processing is necessary for us to provide you with the products and services you request, or to respond to your inquiries.
● We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
● To protect your vital interests, or those of others.
● We have a legitimate interest in carrying out the processing activity. In particular, we have a legitimate interest in the following cases:
o To analyze and improve the safety and security of the Sites. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
o To maintain and improve the Sites.
o To operate the Sites and provide you with certain tailored information and communications to develop and promote our network and opportunities.
● You have consented to the use of your personal data. When you consent, you can change your mind at any time.
If we make a material change to how we process your personal data, we will notify you as appropriate and may also modify this Privacy Notice.
How We May Share Your Personal Data
We may share your personal data:
● With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the Sites.
● With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other platforms, and send marketing and other communications on our behalf.
● To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
● If we are involved in a reorganization, merger, acquisition, or sale of some or all of our assets.
How We Use Tracking Technologies
We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties. As described in more detail below, we use such technologies to:
● Recognize new or past users.
● Store your profile or authentication credentials if you are registered on the Sites.
● Improve the Sites and to better understand your use of the Sites.
● Integrate with third-party social media websites.
● Serve you with interest-based or targeted advertising.
● Observe your behaviors and browsing activities over time across multiple websites or other platforms.
● Better understand the interests of our Sites users.
Different types of cookies may be used for specific purposes, for example:
● Functional cookies and cookies from third parties may be used for analysis and marketing purposes. Functional cookies enable certain parts of the website to work properly, retain user preferences, and allow users to log in using social network user credentials.
● Analysis cookies may collect information on how visitors use a website, the content and products that website users view most frequently, and the effectiveness of third-party advertising.
● Advertising cookies assist in delivering ads to relevant audiences. This may include, for example, placing ads at the top of search results.
Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent” cookies, which remain until you delete them or the party who served the cookie removes it.
Through your device or browser settings you may change your settings to disallow certain Sites’ features, disabling certain tracking technologies. For example, turning off location tracking through your device’s or browser’s settings will disable the Sites’ location tracking technologies. You can set your browser settings either to receive our cookies or use our Sites without cookie functionality. To control flash cookies visit this link. Please note that if you restrict the use of tracking technologies, some functions of the Sites may be unavailable, and we will not be able to present you with personally-tailored content.
We may link the information collected by tracking technologies with other information we collect from you pursuant to this Privacy Notice. Similarly, the third parties who serve tracking technologies on our Sites may link personal data we collect from you to other information they collect. Specifically, we may use Google Analytics. To opt out of Google Analytics, visit their opt-out mechanism.
For more information on our use of tracking technologies and cookies, contact us at firstname.lastname@example.org.
How We Protect Your Personal Data
We maintain appropriate technical and organizational safeguards designed to help protect personal data from unauthorized disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of your information obtained through the Sites.
How Long We Retain Your Personal Data
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.
Links to Third-Party Websites
Some features of the Sites may open your preferred internet browser on your device and allow you to access certain third-party websites. These websites are governed by their own privacy policies, terms, and cookie policies. We encourage you to read the policies and terms of websites that the Sites may link to.
Personal Data Transfers
If we transfer your personal data out of the European Economic Area (“EEA”) to countries not deemed by the European Commission to provide an adequate level of personal data protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal data, where required by EU data protection legislation:
- Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer.
- The EU – U.S. Privacy Shield Framework (for transfers to third parties in the United States that have self-certified to the Framework).
For further information on the mechanism(s) used to transfer your personal data, please contact us at email@example.com.
Your Rights and Choices
The GDPR provides EU data subjects with certain rights regarding their personal data. Subject to certain conditions, you may ask us to take the following actions in relation to your personal data that we hold:
● Provide you with information about our processing of your personal data and give you access to your personal data.
● Update or correct inaccuracies in your personal data.
● Delete your personal data.
● Transfer a machine-readable copy of your personal data to you or a third party of your choice.
● Restrict the processing of your personal data.
● Object to our processing of your personal data for direct marketing purposes.
● Object to reliance on our legitimate interests as the basis for processing of your personal data.
You may exercise some of these rights and choices through Sites’ features such as editing your account settings when you are logged in. Additionally, you can submit these requests by email to firstname.lastname@example.org or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction. You can find information about your data protection regulator here.
How to Contact Us
To make a query, raise a concern, or exercise your data protection rights, please contact us at firstname.lastname@example.org.
The data controller for your personal data is Johns Manville, which you may contact by via email at email@example.com or at the following address:
717 17th Street, 12th floor
Denver, CO 80202
Attn: Data Privacy