Privacy Policy
Privacy Policy
Effective date July 1, 2024
This Privacy Policy describes how GAF Materials LLC d/b/a GAF and GAF Canada ULC and their direct and indirect subsidiaries that do not maintain their own privacy policy (collectively, “Company,” “we,” “us,” or “our”) collect and process your personal information, including the types of personal information we hold about you, our purposes for processing that information, the entities with which we share personal information, and your rights with respect to this information. Personal information is information about an identifiable individual and includes information, or a combination of pieces of information, that can be used to identify you, or, in certain jurisdictions, your device or household. This Privacy Policy applies to all instances in which you provide, or we otherwise collect, personal information, including, but not limited to, through or in connection with (a) our products and services, such as by registering for any of our product warranties or guarantees; (b) our emails and digital platforms, such as social media platforms, portals, websites, and applications, and accounts and subscriptions for such digital platforms (collectively, “our digital platforms”) that link to this Privacy Policy; and (c) our electronic communications, with two exceptions: this Privacy Policy does not apply to personal information that we handle (i) in our capacity as an employer, or (ii) solely on behalf of a contractor or other third party.
By providing us with your personal information, you agree to this Privacy Policy. Your agreement to this Privacy Policy includes changes that we may make to this Privacy Policy as described in the “We may update this Privacy Policy” section below.
We collect personal information from and about you.
Information collected directly from you. We collect the information you provide to us, for example, by making purchases of our products and services, such as registering for one of our product warranties or guarantees or purchasing a subscription to one of our digital platforms; registering for, and entering information on, our digital platforms; or posting in public forums. We may receive the following types of personal information directly from you:
- identifiers (e.g., name, mailing address, email address, phone number, account login credentials for our services);
- protected characteristics (e.g., gender, age, or other classifications under applicable law);
- family details (e.g., name of partner or household members);
- financial information (e.g., income, bank account information, bank or credit card information, and payment information);
- professional or employment-related information (e.g., job title, department, office address and business contact information, professional communications, and correspondence);
- communications (e.g., responses to polls or surveys, questions, comments, or requests you send us);
- audio, electronic, visual, thermal, olfactory, or similar information (e.g., graphics, photographs, recordings of calls or meetings, and ambient conditions such as humidity or temperature);
- commercial information (e.g., records of transactions, records of training, and program status);
- internet or other electronic network activity information (e.g., browsing history, search history, and interactions with our emails and digital platforms (including, but not limited to, downloads) and third party websites and applications);
- geolocation and precise geolocation data; and
- inferences drawn from any of the information identified herein.
You represent and warrant that you own or otherwise control all of the rights to the information, materials and other content that you provide to us; that such information, materials and other content is accurate; and that our use of such information, materials and other content does not, and will not, violate this Privacy Policy or cause injury to any person or entity. We take no responsibility and assume no liability for any information, materials or other content provided to us by you or any third party.
Information we collect automatically or generate about you. We, our service providers, and other businesses that support our business operations, including, but not limited to, third party providers of advertising or analytics services, may use technologies like cookies, other forms of local storage, pixel tags, JavaScript, web beacons, and other computer code to automatically collect information when you access our digital platforms or interact with our electronic communications. The information that we collect automatically or manually may include technical information from or about your computer, mobile device or Wi-Fi network (including, but not limited to, SSID and password for certain applications), DHCP, the browser you use, your search history, the number of times you visit our digital platforms, the device you use, identifiers associated with your device, browser or internet connection (such as IP address), your device’s operating system, the content you view on our digital platforms, the content you view immediately before and after using our digital platforms, product preferences, and the programs and services you use with us or others, as well as data from connected devices, such as ambient humidity or temperature. We, our service providers, and third parties (e.g., network advertising companies) may collect information about your online activities over time and across different websites when you use our digital platforms. In some cases (such as cookies), the tools described here may involve reading information on your device (such as unique identifiers) or storing such information on your device for later review.
Information collected from third parties. We may obtain information about you from third parties. For example, our business partners (such as lead providers, roofing contractors, search engines, data brokers, and their representatives) may provide us with information about you. The types of personal information we may obtain from third parties may include, without limitation, and to the extent permitted by applicable law, the categories set out above.
We use personal information as described here.
We use information to provide you with services, including, without limitation, on our digital platforms or in connection with our products and services, and to respond to your requests, inquiries, comments, and questions. We also use information to provide contractors and others with services.
We use information to troubleshoot and improve our products and services, including, without limitation, our digital platforms. We may use the information we collect to customize your experience with us. We use information for online and offline marketing purposes. For example, we might use the information we collect to send you information about products, services or special offers that we believe may interest you. This might include information about upcoming contests or promotions. We may use the information we collect to deliver advertisements based on your activities on our digital platforms and third party websites and applications. For example, if you view one of our products on our website, you may receive a postcard or an online ad for that product or a related product on our digital platforms or on third party websites and applications.
We use information to communicate with you about your accounts, your subscriptions, or our relationship. For example, we might tell you about changes to our digital platforms or to your accounts or subscriptions with us. Or we might reach out to you and ask you to take a customer satisfaction survey.
We may use the information we collect for analytical purposes, such as to better understand the interests and preferences of our customers, people who use our digital platforms, and people who buy our products and services. For example, we may use information to generate and analyze aggregate statistics about how users interact with our digital platforms.
We may combine the information we collect. For example, we might combine information you give us with information we get from a public source. We might also combine information we collect from you with information we get from third parties. When we do so, we treat the combined information as disclosed in this Privacy Policy.
We use information as permitted or required by law and as otherwise disclosed to you. For example, we may use the information we collect to protect the rights and property of us, you, and others; to comply with any legal or regulatory obligations; to handle legal claims or disputes; or to otherwise operate our business.
We disclose personal information to third parties.
We will disclose information to other members of our corporate family for all reasons described in this Privacy Policy.
We will disclose personal information to vendors and other third parties that help us with various aspects of our business. For example, we may disclose your information to vendors that handle credit card processing and shipping, provide us with data management services, manage our digital platforms, provide advertising services, manage our communications, or perform market research for us.
Service providers and vendors may host or operate those or any other aspects of our business, potentially including any mechanism through which we send or receive communications, such as email systems, call centers, websites, applications, or components of any of them. Vendors and service providers engaged in this manner may collect information from you directly when you communicate or interact with us.
We may disclose information to third parties, such as marketing partners, contractors, and certain vendors, who may use your information for their own purposes, not solely on our behalf. For example:
- We might disclose information to a company with whom we are running a joint promotion, or to online network advertisers and similar companies to facilitate the delivery of marketing communications on our digital platforms and third-party websites and applications. Those communications may include ads regarding our or others’ products based on your interests. We may use third party analytics providers that collect information about your use of our digital platforms to help us understand how people interact with our digital platforms.
- If you participate in our training programs, we may disclose your progress and course completion to your employer or other entities associated with you. We may publish your successful achievement of a training certification we offer.
- We might publish contact information and other business-relevant information about contractors.
We may disclose information to any successor to all or part of our business. We may disclose your information as part of or as reasonably necessary to proceed with a prospective or completed transfer of business assets.
We may disclose information for other reasons we may describe to you. And we may disclose aggregate information or information that does not reasonably identify you with third parties for any reason.
Your privacy rights.
Depending on your jurisdiction, you may have the right to make certain requests related to your personal information. For example, depending on where you live, you may have the right to ask us to:
- Provide you access to or a copy of certain personal information;
- Delete certain personal information;
- Correct or update personal information;
- Restrict or opt you out of certain uses of your information (such as some kinds of profiling for significant decisions);
- Disregard a consent that you previously provided (without affecting the lawfulness of processing based on consent before the withdrawal takes effect); or
- Provide you with certain details regarding the processing of your information (like the categories we collect and how we process it, similar to the detail in this privacy policy).
Certain information is exempt from such requests in certain situations under applicable law. For example, we need to maintain certain personal information to honor an extended warranty we have issued, so we can’t delete it during the period in which we may need to honor the warranty or address matters relating to the warranty.
We may take reasonable steps to verify your identity before responding to certain requests, which may require verifying your name and email address. If we are unable to verify your identity, we may be unable to respond to your requests.
Residents of California and some other jurisdictions have a right to opt out of what the main consumer privacy law in those jurisdictions calls a “sale” of personal information, as well as to opt out of certain uses and disclosures of personal information for certain targeted advertising purposes. Under California law, the disclosures for targeted advertising purposes that are subject to this opt-out are called “sharing.”
During the 12 months leading up to the effective date of this Privacy Policy, we “sold” (as that term is defined under those laws) and disclosed for targeted advertising purposes (“shared” under California law) commercial information (transaction data) and internet or electronic network activity (like a record of a browser’s visit to our website) to marketing and advertising services to assist with such activities. This practice continues today. We do not engage in those disclosures if we have actual knowledge that the relevant consumer is less than 16 years of age.
If you reside in one of these states and would like to exercise these particular opt-out rights, you can take these steps:
- Follow the process on our Your Privacy Choices form or contact the Compliance Team at (866) 958-9975; and
- If you would like your request to apply to personal information collected through cookies and similar technologies during your future visits to a particular GAF website, then, with each browser you use to visit the website, click the Cookie Preferences link in the website’s footer and follow the instructions to turn off all categories of cookies that can be turned off on that website. If you reset your browser, clear your cookies, or use a browser that automatically clears cookies, you'll need to perform these steps again.
Opting out of “sales,” “sharing,” and other disclosures for targeted advertising purposes limits only some types of disclosures of personal information.
In a limited number of states, you can designate an authorized agent to make a privacy request on your behalf. To do so, you must provide us with a written authorization acceptable to us for the agent to act on your behalf. You may still need to verify your identity and confirm the agent’s authority directly with us if we are not convinced of the validity of the agent’s request. For security and legal reasons, we may refuse to accept requests that require us to visit an agent’s website. Because opt-out requests for “sales” and ad-targeting activities that take place through cookies and related technology must be performed from each browser that is used to access our services, it is easiest for the consumer to perform such opt-outs themselves. However, if you wish for an agent to perform browser-based requests on your behalf, you may arrange for the agent to your consumer’s browser to make such requests, but you may not share your login credentials or logged-in access to our websites with an agent or any other third party. We are not responsible for the security risks of giving an agent browser access or any other arrangements that you may have with an agent.
Depending on applicable law, you may have the right to appeal our decision to deny your request. Individuals in states with this right can appeal the decision by writing to us as described at the end of this policy. The appeal should include (i) a detailed explanation of why our decision was mistaken or incorrect, and (ii) any additional information that may help us properly resolve the request.
Details for California Residents:
The following section provides additional detailed information applicable only to California residents under the California Consumer Protection Act (CCPA). It does not cover “publicly available information” as defined in the CCPA.
Collection, Use, and Disclosure of California Personal Information
During the 12 months leading up to the effective date of this Privacy Policy, we have collected all of the types of personal information described in the “We collect personal information from and about you” section of this Privacy Policy. During that period, we made the following disclosures of personal information about Californians for the purposes described in the “We disclose personal information to third parties” section above:
CATEGORY OF PERSONAL INFORMATION | CATEGORIES OF ENTITIES TO WHICH IT WAS DISCLOSED |
identifiers (e.g., name, mailing address, email address, phone number, username, and password) | Affiliates; vendors (e.g., vendors that handle credit card processing and shipping, provide us with data management services, manage our digital platforms, or manage our communications and perform market research for us) and third parties such as marketing partners or contractors |
protected characteristics (e.g., gender, age, or other classifications under applicable law) | Same as first row, except not to vendors that handle credit card processing and shipping |
family details (e.g., name of partner and household members) | Same as first row |
financial information (e.g., bank account information, bank or credit card numbers, and payment information) | Same as the first row (though in some cases a portion of the card number is disclosed instead of the entire number). |
professional or employment-related information (e.g., job title, department, office address and business contact information, professional communications, and correspondence) | Same as first row |
communications (e.g., responses to polls or surveys, questions, comments, or requests you send us) | Same as first row, except not to vendors that handle credit card processing and shipping |
audio, electronic, visual, thermal, olfactory, or similar information (e.g., graphics, photographs, recordings of calls or meetings, and ambient humidity or temperature) | Same as first row, except not to vendors that handle credit card processing and shipping |
commercial information (e.g., records of transactions) | Same as first row |
internet or other electronic network activity information (e.g., browsing history, search history, and interactions with our digital platforms and third party websites and applications) | Same as first row, except not to vendors that handle shipping |
geolocation data | Same as first row, except not to vendors that handle credit card processing |
precise geolocation data | Affiliates, vendors that help us manage our digital platforms |
account login credentials | Affiliates, vendors that help us manage our digital platforms |
Inferences drawn from any of the information identified herein | Same as first row, except not to vendors that handle credit card processing and shipping |
During the 12 months leading up to the effective date of this Privacy Policy, we “sold” and “shared” (as those terms are defined under the CCPA), commercial information (transaction data) and internet or electronic network activity (like a record of a browser’s visit to our website) to marketing and advertising services to assist with such activities. This practice continues today. We do not “sell” or “share” personal information (as those terms are defined under the CCPA) if we have actual knowledge that the consumer is less than 16 years of age.
CCPA-Related Requests
Below are metrics of CCPA-related requests received by GAF during calendar year 2023.
Metrics
REQUESTS TO DELETE | JAN-DEC 2023 |
Total number of Requests Received | 8 |
Total number of Requests Complied in whole or in part | 7 |
Total number of Requests Denied | 1 |
REQUESTS TO CORRECT | JAN-DEC 2023 |
Total number of Requests Received | 3 |
Total number of Requests Complied in whole or in part | 3 |
Total number of Requests Denied | 0 |
REQUESTS TO ACCESS | JAN-DEC 2023 |
Total number of Requests Received | 15 |
Total number of Requests Complied in whole or in part | 11 |
Total number of Requests Denied | 4 |
REQUESTS TO OPT-OUT OF SALE/SHARING | JAN-DEC 2023 |
Average number of days to respond to Access requests | 29 |
Average number of days to respond to Deletion requests | 29 |
Average number of days to respond to DNS requests | 0 |
AVERAGE DAYS TO RESPOND | JAN-DEC 2023 |
Average days to respond to Deletion requests | 11 |
Average days to respond to Correction requests | 7 |
Average days to respond to Access requests | 25 |
Average days to respond to Opt-Out requests | 57 |
We do not engage in any use of “sensitive personal information” (within the meaning of the CCPA) for which the CCPA would require us to offer you the right to limit such use due to its sensitive nature.
California-Specific Detail about Requests Made by Agents
You can designate an authorized agent to make a CCPA request on your behalf. To do so, we must receive a legally sufficient power of attorney signed by you pursuant to California Probate Code sections 4121 to 4130, or other written authorization acceptable to us, for the agent to act on your behalf. You may still need to verify your identity and confirm the agent’s authority directly with us if we are not convinced of the validity of the agent’s request. See the “Your Privacy Rights” section above for additional detail about agents.
Nondiscrimination
You also have a right not to receive “discriminatory treatment” (within the meaning of the CCPA) for the exercise of the privacy rights conferred by the CCPA.
You have certain choices about marketing and cookies.
You can opt out of receiving our marketing emails. If you are a registered user of our digital platforms, you can opt out of marketing emails by clicking here. You can also follow the “unsubscribe” instructions in any promotional message you get from us. Even if you opt out of getting marketing messages, we may still send you service-related announcements and transactional messages. In our applications, you may be able to disable push notifications within the settings menu.
Our websites allow you to control the use of some kinds of cookies. How you can do so depends on the website, but using the Cookie Preferences hyperlink available in the footer of each GAF website you use is the best option when it is available. The choices you make using this cookie control mechanism on a GAF website are specific to that website.
Certain browsers can be set to reject certain kinds of browser cookies. Flash cookies cannot be controlled through browser settings; to control flash cookies go here. If you choose to block cookies, you may not be able to take advantage of all aspects of our digital platforms.
In addition, you can learn about opting out of receiving certain interest-based ads from some participating companies by clicking here and here.
Since most of the cookie-related preferences described above are stored in a cookie, if you change or reset your browser, or your browser’s cookies are cleared, you will need to repeat the cookie-related steps you have taken above.
Our digital platforms and children.
Our digital platforms are intended for people who are 13 years of age or older. We do not knowingly collect personal information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 13 has given us personal information, you can email us at privacy@gaf.com. You can also write to us at the address listed at the end of this Privacy Policy. Please mark your inquiries “CPPA Privacy Request.”
We use security measures.
We use security measures to protect our systems, our digital platforms, and the personal information we hold. Please be aware that, despite our ongoing efforts, no security measure is perfect or impenetrable.
We process your information in the United States and elsewhere.
We process your information in the United States and elsewhere. In some cases, our service providers may transfer or store your information in the United States, or another foreign jurisdiction, that may not have the same legal protections as your home country. Additionally, information located outside of your home country may be subject to access by that country’s government or its agencies under lawful order.
We retain information.
We keep personal information as long as it is necessary or relevant for the practices described in this Privacy Policy. We also keep information as otherwise required by law.
Our digital platforms offer links to other websites and third party services that we don’t control.
If you click on a link to a third party website, you will be taken to a website or application that we do not control such as our business partners’ websites or social media networks. Please read the privacy policies of any third party websites or applications that you visit. Unless otherwise indicated, your use of those websites or applications will not be governed by this Privacy Policy, and we are not responsible for those third party practices. Our digital platforms may also have third party content or services we do not control. This may include passive tracking tools.
Contact us if you have any questions.
If you have any questions about this Privacy Policy or about the manner in which we or our service providers treat your personal information, or if you wish to exercise any available rights with respect to your personal information, please follow the instructions above for California-specific and Virginia-specific rights, and otherwise contact our Compliance team at: privacy@gaf.com.
You can also call or write us at:
GAF Materials LLC d/b/a GAF
(866) 958-9975
1 Campus Drive
Parsippany, NJ 07054
We may update this Privacy Policy.
From time to time we may change our privacy practices, and we will update this Privacy Policy accordingly. We will notify you of any material changes to this Privacy Policy as required by law. We will also post an updated copy on our website. Please check our website periodically for updates.