Blurred office door

Privacy Policy

Privacy Policy

Effective date January 1, 2024

This Privacy Policy describes how GAF Materials LLC d/b/a GAF and GAF Canada ULC and their direct and indirect subsidiaries that do not maintain their own privacy policy (collectively, “Company,” “we,” “us,” or “our”) collect and process your personal information, including the types of personal information we hold about you, our purposes for processing that information, the entities with which we share personal information, and your rights with respect to this information. Personal information is information about an identifiable individual and includes information, or a combination of pieces of information, that can be used to identify you, or, in certain jurisdictions, your device or household. This Privacy Policy applies to all instances in which you provide, or we otherwise collect, personal information, including, but not limited to, through or in connection with (a) our products and services, such as by registering for any of our product warranties or guarantees; (b) our emails and digital platforms, such as social media platforms, portals, websites, and applications, and accounts and subscriptions for such digital platforms (collectively, “our digital platforms”) that link to this Privacy Policy; and (c) our electronic communications, with two exceptions: this Privacy Policy does not apply to personal information that we handle (i) in our capacity as an employer, or (ii) solely on behalf of a contractor or other third party.

By providing us with your personal information, you agree to this Privacy Policy. Your agreement to this Privacy Policy includes changes that we may make to this Privacy Policy as described in the “We may update this Privacy Policy” section below.

We collect personal information from and about you.
Information collected directly from you. We collect the information you provide to us, for example, by making purchases of our products and services, such as registering for one of our product warranties or guarantees or purchasing a subscription to one of our digital platforms; registering for, and entering information on, our digital platforms; or posting in public forums. We may receive the following types of personal information directly from you:

  • identifiers (e.g., name, mailing address, email address, phone number, account login credentials for our services);
  • identifiers (e.g., name, mailing address, email address, phone number, account login credentials for our services);
  • family details (e.g., name of partner or household members);
  • financial information (e.g., income, bank account information, bank or credit card information, and payment information);
  • professional or employment-related information (e.g., job title, department, office address and business contact information, professional communications, and correspondence);
  • communications (e.g., responses to polls or surveys, questions, comments, or requests you send us);
  • audio, electronic, visual, thermal, olfactory, or similar information (e.g., graphics, photographs, recordings of calls or meetings, and ambient conditions such as humidity or temperature);
  • commercial information (e.g., records of transactions, records of training, and program status);
  • internet or other electronic network activity information (e.g., browsing history, search history, and interactions with our emails and digital platforms (including, but not limited to, downloads) and third party websites and applications);
  • geolocation and precise geolocation data; and
  • inferences drawn from any of the information identified herein.


You represent and warrant that you own or otherwise control all of the rights to the information, materials and other content that you provide to us; that such information, materials and other content is accurate; and that our use of such information, materials and other content does not, and will not, violate this Privacy Policy or cause injury to any person or entity. We take no responsibility and assume no liability for any information, materials or other content provided to us by you or any third party.

Information we collect automatically or generate about you. We, our service providers, and other businesses that support our business operations, including, but not limited to, third party providers of advertising or analytics services, may use technologies like cookies, other forms of local storage, pixel tags, JavaScript, web beacons, and other computer code to automatically collect information when you access our digital platforms or interact with our electronic communications. The information that we collect automatically or manually may include technical information from or about your computer, mobile device or Wi-Fi network (including, but not limited to, SSID and password for certain applications), DHCP, the browser you use, your search history, the number of times you visit our digital platforms, the device you use, identifiers associated with your device, browser or internet connection (such as IP address), your device’s operating system, the content you view on our digital platforms, the content you view immediately before and after using our digital platforms, product preferences, and the programs and services you use with us or others, as well as data from connected devices, such as ambient humidity or temperature. We, our service providers, and third parties (e.g., network advertising companies) may collect information about your online activities over time and across different websites when you use our digital platforms. In some cases (such as cookies), the tools described here may involve reading information on your device (such as unique identifiers) or storing such information on your device for later review.

Information collected from third parties. We may obtain information about you from third parties. For example, our business partners (such as lead providers, roofing contractors, search engines, data brokers, and their representatives) may provide us with information about you. The types of personal information we may obtain from third parties may include, without limitation, and to the extent permitted by applicable law, the categories set out above.

We use personal information as described here.

We use information to provide you with services, including, without limitation, on our digital platforms or in connection with our products and services, and to respond to your requests, inquiries, comments, and questions. We also use information to provide contractors and others with services.

We use information to troubleshoot and improve our products and services, including, without limitation, our digital platforms. We may use the information we collect to customize your experience with us. We use information for online and offline marketing purposes. For example, we might use the information we collect to send you information about products, services or special offers that we believe may interest you. This might include information about upcoming contests or promotions. We may use the information we collect to deliver advertisements based on your activities on our digital platforms and third party websites and applications. For example, if you view one of our products on our website, you may receive a postcard or an online ad for that product or a related product on our digital platforms or on third party websites and applications. We use information to communicate with you about your accounts, your subscriptions, or our relationship. For example, we might tell you about changes to our digital platforms or to your accounts or subscriptions with us. Or we might reach out to you and ask you to take a customer satisfaction survey.

We may use the information we collect for analytical purposes, such as to better understand the interests and preferences of our customers, people who use our digital platforms, and people who buy our products and services. For example, we may use information to generate and analyze aggregate statistics about how users interact with our digital platforms.

We may combine the information we collect. For example, we might combine information you give us with information we get from a public source. We might also combine information we collect from you with information we get from third parties. When we do so, we treat the combined information as disclosed in this Privacy Policy. We use information as permitted or required by law and as otherwise disclosed to you. For example, we may use the information we collect to protect the rights and property of us, you, and others; to comply with any legal or regulatory obligations; to handle legal claims or disputes; or to otherwise operate our business.

We disclose personal information to third parties.
We will disclose information to other members of our corporate family for all reasons described in this Privacy Policy.

We will disclose information to service providers (including, but not limited to, our affiliates) who perform services on our behalf, in which cases your personal information may be used for any of the purposes set forth in this Privacy Policy. For example, we may disclose your information to vendors that handle credit card processing and shipping, provide us with data management services, manage our digital platforms, provide advertising services, manage our communications, or perform market research for us.

We may disclose information to third parties, such as marketing partners or contractors, who may use your information for their own purposes, not solely on our behalf. For example:

  • We might disclose information to a company with whom we are running a joint promotion, or to online network advertisers and similar companies to facilitate the delivery of marketing communications on our digital platforms and third-party websites and applications. Those communications may include ads regarding our or others’ products based on your interests. We may use third party analytics providers that collect information about your use of our digital platforms to help us understand how people interact with our digital platforms.
  • If you participate in our training programs, we may disclose your progress and course completion to your employer or other entities associated with you. We may publish your successful achievement of a training certification we offer.
  • We might publish contact information and other business-relevant information about contractors.
We will disclose information in order to comply with the law or to protect the Company. For example, we or our service providers will disclose your information to legal authorities when it is permitted or necessary to do so, such as in response to a search warrant or other legally valid inquiry or order, or we may disclose the information to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing, or preventing fraud, or as otherwise may be required or permitted by applicable U.S., Canadian, or other law or legal process, which may include lawful access by U.S. or foreign courts, law enforcement or other 4 government authorities. We may also disclose your information in situations where we think that our rights or the rights of our users or others are at risk.

We may disclose information to any successor to all or part of our business. We may disclose your information as part of or as reasonably necessary to proceed with a prospective or completed transfer of business assets.

We may disclose information for other reasons we may describe to you. And we may disclose aggregate information or information that does not reasonably identify you with third parties for any reason.

Your privacy rights.

Subject to local law, you may have certain rights in relation to your personal information. Such rights may include rights to access your personal information; update your personal information; have inaccurate information corrected; request that your personal information be deleted; limit the use or disclosure of your personal information; or request to receive your personal information in a usable electronic format that can be transmitted to a third party. We will fulfill your data requests in accordance with applicable law.

To exercise these rights, you may be required to provide additional information to verify your identity or otherwise as necessary to assist us in fulfilling your request. Californians can exercise rights under California law by following the instructions in the next section. Link here to Your Privacy Choices.

Details for California Residents:
The following section provides detailed information applicable only to California residents under the California Consumer Protection Act (CCPA). It does not cover “publicly available information” as defined in the CCPA.

Collection, Use, and Disclosure of California Personal Information

During the 12 months leading up to the effective date of this Privacy Policy, we have collected all of the types of personal information described in the “We collect personal information from and about you” section of this Privacy Policy. During that period, we made the following disclosures of personal information about Californians for the purposes described in the “We disclose personal information to third parties” section above:

CATEGORY OF PERSONAL INFORMATION CATEGORIES OF ENTITIES TO WHICH IT WAS DISCLOSED
identifiers (e.g., name, mailing address, email address, phone number, username, and password) Affiliates; vendors (e.g., vendors that handle credit card processing and shipping, provide us with data management services, manage our digital platforms, or manage our communications and perform market research for us) and third parties such as marketing partners or contractors
protected characteristics (e.g., gender, age, or other classifications under applicable law) Same as first row, except not to vendors that handle credit card processing and shipping
family details (e.g., name of partner and household members) Same as first row
financial information (e.g., bank account information, bank or credit card numbers, and payment information) Same as the first row (though in some cases a portion of the card number is disclosed instead of the entire number).
professional or employment-related information (e.g., job title, department, office address and business contact information, professional communications, and correspondence) Same as first row
communications (e.g., responses to polls or surveys, questions, comments, or requests you send us) Same as first row, except not to vendors that handle credit card processing and shipping
audio, electronic, visual, thermal, olfactory, or similar information (e.g., graphics, photographs, recordings of calls or meetings, and ambient humidity or temperature) Same as first row, except not to vendors that handle credit card processing and shipping
commercial information (e.g., records of transactions) Same as first row
internet or other electronic network activity information (e.g., browsing history, search history, and interactions with our digital platforms and third party websites and applications) Same as first row, except not to vendors that handle shipping
geolocation data Same as first row, except not to vendors that handle credit card processing
precise geolocation data Affiliates, vendors that help us manage our digital platforms
account login credentials Affiliates, vendors that help us manage our digital platforms
Inferences drawn from any of the information identified herein Same as first row, except not to vendors that handle credit card processing and shipping

During the 12 months leading up to the effective date of this Privacy Policy, we “sold” and “shared” (as those terms are defined under the CCPA), commercial information (transaction data) and internet or electronic network activity (like a record of a browser’s visit to our website) to marketing and advertising services to assist with such activities. This practice continues today. We do not “sell” or “share” personal information (as those terms are defined under the CCPA) if we have actual knowledge that the consumer is less than 16 years of age.


CCPA-Related Requests

Below are metrics of CCPA-related requests received by GAF during calendar year 2023.

Metrics

ACCESS REQUESTS JAN-DEC 2023
Total number of Requests Received 3
Total number of Requests Complied in whole or in part 3
Total number of Requests Denied 0
DELETION REQUESTS JAN-DEC 2023
Total number of Requests Received 0
Total number of Requests Complied in whole or in part 0
Total number of Requests Denied 0
DO NOT SELL (DNS) REQUESTS JAN-DEC 2023
Total number of Requests Received 13
Total number of Requests Complied in whole or in part 13
Total number of Requests Denied 0
AVERAGE DAYS TO RESPOND JAN-DEC 2023
Average number of days to respond to Access requests 8
Average number of days to respond to Deletion requests 0
Average number of days to respond to DNS requests 51

*We receive Do Not Sell requests in our Privacy online platform. Due to technical limitations in the platform, responses to some Do Not Sell requests were delayed.

Your CCPA Information, Correction & Deletion Rights

The CCPA allows you to request us to:

  • provide access to and/or a copy of certain personal information we hold about you;
  • correct certain personal information we have about you;
  • delete certain personal information we have about you; and
  • inform you about the categories of personal information we have collected about you in the preceding 12 months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we have disclosed certain personal information, and more specific detail about what categories of information were “sold,” “shared” or disclosed to particular categories of third parties, similar to the detail above this section of the Privacy Policy.

If you would like to exercise any of these rights, you may submit your request by completing this Your Privacy Choices form or contacting us as described at the end of this Privacy Policy. Although not legally required, we welcome these types of requests from all customers, and we will consider each request on a case by case basis.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information to provide our services to you, so we may reject a deletion request for that information while providing services to you.

Your CCPA Right to Opt Out of “Sale” or “Sharing” of Personal Information

Californians have a right to direct us not to “sell” or “share” certain personal information as those terms are defined in the CCPA. You can exercise that right by following the steps on our Your Privacy Choices form. You also can contact the Compliance Team at (866) 958-9975 to perform the portion of the “sale”/”sharing” opt-out process in which you provide us with contact information. Your browser may also offer a way to activate the Global Privacy Control signal (“GPC”). Our websites each treat qualifying browsers for which the user has activated the GPC signal as having opted out of what CCPA calls a “sale” of any California personal information that is collected on that site from that browser using cookies and similar technology. You can override that treatment for a GPC-enabled browser by using the cookie controls available from the website’s footer.

Opting out of “sales” and “sharing” limits only some types of disclosures of personal information, and there are exceptions to all of the rights described in this section.

Verification of Requests to Exercise CCPA Rights

We may take reasonable steps to verify your identity before responding to your request, which may include, depending on the sensitivity of the information involved, the nature of our relationship with you, and the type of request you are making, verifying your name, email address, and other information regarding your use of our services.

Requests Made by Agents

You can designate an authorized agent to make a CCPA request on your behalf. To do so, we must receive a legally sufficient power of attorney signed by you pursuant to California Probate Code sections 4121 to 4130, or other written authorization acceptable to us, for the agent to act on your behalf. You may still need to verify your identity and confirm the agent’s authority directly with us if we are not convinced of the validity of the agent’s request. For security and legal reasons, we may refuse to accept requests that require us to visit an agent’s website. Because opt-out requests for sales made through cookies and related technology must be performed from each browser that is used to access our services, it is easiest for the consumer to perform such opt-outs themselves. However, if you wish for an agent to perform browser-based requests on your behalf, you may arrange for the agent to your consumer’s browser to make such requests, but you may not share your login credentials or logged-in access to our websites with an agent or any other third party. We are not responsible for the security risks of giving an agent browser access or any other arrangements that you may have with an agent.

Nondiscrimination

You also have a right not to receive “discriminatory treatment” (within the meaning of the CCPA) for the exercise of the privacy rights conferred by the CCPA.

Details for Virginia residents.
Virginia residents have certain rights to request access to their personal information, correct it, or delete it, which they can exercise by using the Your Privacy Choices form. They also have a right to opt out of the “sale” of their personal information and use/disclosure of their personal information for “targeted advertising,” as those terms are defined under the Virginia Consumer Data Protection Act (“VCDPA”), and they can exercise these rights by following the instructions on our Your Privacy Choices form.

All of the Virginia rights described above have exceptions (such as that they do not apply to personal information about Virginians acting in a professional/commercial capacity). If we refuse to act on a Virginian’s request to exercise any of these VCDPA rights, they can appeal that decision by writing to us as described at the end of this Privacy Policy. The appeal should include (i) a detailed explanation of why our decision was mistaken or incorrect, and (ii) any additional information that may help us properly resolve the request. We will respond to the appeal within 60 days.

You have certain choices about marketing and cookies.

You can opt out of receiving our marketing emails. If you are a registered user of our digital platforms, you can opt out of marketing emails by clicking here. You can also follow the “unsubscribe” instructions in any promotional message you get from us. Even if you opt out of getting marketing messages, we may still send you service-related announcements and transactional messages. In our applications, you may be able to disable push notifications within the settings menu.

Our websites allow you to control the use of some kinds of cookies. How you can do so depends on the website, but using the Cookie Preferences hyperlink available in the footer of each GAF website you use is the best option when it is available. The choices you make using this cookie control mechanism on a GAF website are specific to that website.

Certain browsers can be set to reject certain kinds of browser cookies. Flash cookies cannot be controlled through browser settings; to control flash cookies go here. If you choose to block cookies, you may not be able to take advantage of all aspects of our digital platforms.

In addition, you can learn about opting out of receiving certain interest-based ads from some participating companies by clicking here and here.

Since most of the cookie-related preferences described above are stored in a cookie, if you change or reset your browser, or your browser’s cookies are cleared, you will need to repeat the cookie-related steps you have taken above.

Our digital platforms and children.

Our digital platforms are intended for people who are 13 years of age or older. We do not knowingly collect personal information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 13 has given us personal information, you can email us at privacy@gaf.com. You can also write to us at the address listed at the end of this Privacy Policy. Please mark your inquiries “CPPA Privacy Request.”

We use security measures.
We use security measures to protect our systems, our digital platforms, and the personal information we hold. Please be aware that, despite our ongoing efforts, no security measure is perfect or impenetrable.

We process your information in the United States and elsewhere.
We process your information in the United States and elsewhere. In some cases, our service providers may transfer or store your information in the United States, or another foreign jurisdiction, that may not have the same legal protections as your home country. Additionally, information located outside of your home country may be subject to access by that country’s government or its agencies under lawful order.

We retain information.
We keep personal information as long as it is necessary or relevant for the practices described in this Privacy Policy. We also keep information as otherwise required by law.

Our digital platforms offer links to other websites and third party services that we don’t control.
If you click on a link to a third party website, you will be taken to a website or application that we do not control such as our business partners’ websites or social media networks. Please read the privacy policies of any third party websites or applications that you visit. Unless otherwise indicated, your use of those websites or applications will not be governed by this Privacy Policy, and we are not responsible for those third party practices. Our digital platforms may also have third party content or services we do not control. This may include passive tracking tools.

Contact us if you have any questions.
If you have any questions about this Privacy Policy or about the manner in which we or our service providers treat your personal information, or if you wish to exercise any available rights with respect to your personal information, please follow the instructions above for California-specific and Virginia-specific rights, and otherwise contact our Compliance team at: privacy@gaf.com.

You can also call or write us at:
GAF Materials LLC d/b/a GAF
(866) 958-9975
1 Campus Drive
Parsippany, NJ 07054

We may update this Privacy Policy.
From time to time we may change our privacy practices, and we will update this Privacy Policy accordingly. We will notify you of any material changes to this Privacy Policy as required by law. We will also post an updated copy on our website. Please check our website periodically for updates.