PRIVACY STATEMENT

Last Updated: February 16, 2024

This Privacy Policy describes how Cornerstone Building Brands, Inc. (“Cornerstone,” “we,” “our,” or “us”) collects, uses, and discloses personal information about individuals who use our websites, customer portals or other online services, who download and use our mobile applications, or who otherwise interact with us online or offline (collectively, our “Services”). Additional policies may apply in other contexts and to other relationships you may have with us. For example, we have a separate Privacy Notice for job applicants, which is available here.

By using our Services or otherwise providing personal information to us, you agree to our Terms of Use and our privacy practices as described in this Policy.

 

Contents

 

Personal Information We Collect and Why We Collect It

Personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal information does not include information that is publicly available as defined by applicable privacy legislation or is anonymized.

Generally, we collect the following categories of personal information, which we use for the business or commercial purposes shown.

Categories of Personal Information Purposes for Collection
Identifiers and Personal Records, including real name, alias, postal address, telephone number, email address, unique personal identifier, online identifier, signature, IP address, account name, or other similar identifiers; employment, employment history, bank account number, credit card number, debit card number, or other financial information

Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Internet or other electronic network activity information, including browsing history, search history, and information regarding your interactions with our websites, applications, or advertisements

Audiovisual information

Professional or employment-related information

To process your transactions or otherwise provide our Services to you

To communicate with you

To respond to your inquiries and provide customer service

To facilitate and personalize your user experience

To prevent fraud and for security purposes

To deliver promotional or advertising content to you

To better understand how users access and use our Services, to improve the Services, to respond to user desires and preferences, auditing, and for other research and analysis

To comply with applicable laws and regulations

Geolocation data inferred from your IP address To process your transactions or otherwise provide our Services to you

To better understand how users access and use our Services, to improve the Services, to respond to user desires and preferences, auditing, and for other research and analysis

Inferences about your preferences and interactions with our Services To better understand how users access and use our Services, to improve the Services, to respond to user desires and preferences, auditing, and for other research and analysis
Characteristics of Protected Classifications under Federal or state law, including military or veteran status To provide military or veteran discounts
“Sensitive Personal Information” as defined under relevant US state privacy law, which may include:

Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

To process your transactions or otherwise provide our Services to you

To prevent fraud and for security purposes

 

In addition to the purposes described above, we may use and disclose any category of personal information or sensitive personal information we collect to respond to law enforcement requests, or as otherwise required or authorized by applicable law, court order, or governmental regulations; to protect our rights and interests and those of others; to resolve any disputes; to enforce our policies; and to evaluate or conduct a merger, sale, or other acquisition of some or all of our assets. We also reserve the right to use personal information we collect for any other purpose identified in an applicable privacy notice, click-through agreement, or other agreement between you and us, or otherwise with your consent.

Sources from Which We Collect Personal Information

Generally, we collect the categories of personal information described above from the following categories of sources:

  • Directly from you
  • From our affiliate organizations
  • Automatically when you use our Services
  • Other companies we do business with, which may include your employer
  • Service providers that help us to run our business
  • Advertising networks
  • Social networks
  • Internet service providers
  • Data analytics providers
  • Third-party data suppliers
  • Other third parties, including your personal contacts or customers
  • Derived from other information we collect or otherwise created by us

Retention of Personal Information

We keep the categories of personal information described above for as long as necessary or permitted for the purposes described in this Privacy Policy or otherwise authorized by law. This generally means holding the information for as long as one of the following apply:

  • Your personal information is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the information;
  • Your personal information is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the personal information was collected;
  • The personal information is reasonably required to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
  • We are otherwise required or permitted to keep your personal information by applicable laws or regulations.

Where information is collected and used for more than one purpose, we will retain it until the purpose with the latest period expires.

How We Disclose Personal Information

We disclose personal information to our brands, subsidiaries, affiliate organizations, service providers and contractors for business purposes as follows:

  • To process your transactions or requests for products or services
  • To perform services (including processing, maintaining, or collecting personal information) on our behalf (e.g., fulfilling orders, processing payments, supporting our promotions, providing communications, technical, analytical, web hosting, cloud hosting and application support, or other services on our behalf)
  • Auditing related to ad impressions
  • To ensure security and integrity of personal information
  • To debug or identify and repair errors that impair existing intended functionality
  • For short-term, transient use, including, but not limited to, non-personalized advertising
  • To provide advertising and marketing services
  • To undertake activities to verify or maintain the quality or safety of our Services
  • To comply with applicable laws and regulations
  • To detect or protect against malicious, deceptive, fraudulent, or illegal activity

Cookies and Other Tracking Technologies

We use cookies and other tracking technologies (such as web beacons) to collect and store information about your interactions with our websites, including information about your browsing behavior. Our websites also support third-party cookies placed by our service providers and third parties, such as advertising partners. This means that our service providers and advertising partners can collect and use information regarding your interactions with our websites as further detailed below.

Cookies are small files that a website transfers to your device through a web browser that enable the website’s or a third party’s systems to recognize your device and capture and remember certain information. Web beacons (also known as tracking pixels) are tiny graphics embedded invisibly on a webpage or in an email that may be used to deliver or communicate with cookies, to count users who have visited certain pages, and to understand usage patterns. In general, we use cookies and other tracking technologies as follows:

  • Where necessary to run our websites
  • To optimize the functionality of our websites
  • For analytics purposes
  • For purposes of ad targeting and marketing
  • To determine if our email messages have been opened and acted upon

Cookies vary in how long they last. “Session cookies” terminate shortly after you terminate your internet session. “Persistent cookies” are stored on your device until a set expiration date. We use both session cookies and persistent cookies on our websites.

If you do not want to have cookies placed on your device, you should set your browser to refuse cookies before accessing our websites. Please review your browser’s Help menu for instructions, or visit https://cookiepedia.co.uk/ for more information about cookies. Additional options for opting out of interest-based advertising can be found here.

Analytics. We use analytics tools including Google Analytics to analyze how you interact with our websites. This software may collect information such as your IP address, location, operating system, access time, duration of visit, and actions you take on our websites. Google Analytics is owned and controlled by Google LLC. Data collected by Google is subject to its privacy policy. You may opt-out of having your website activity made available to Google Analytics by installing the Google Analytics browser add-on, available here.

Session Monitoring. Some of the technologies used on our Services allow us and our service providers to monitor and analyze how visitors use our Services in order to better understand user behavior and improve our Services. When you interact with us online, information related to your browsing behavior may be collected by us and our service providers. FullStory is one of the vendors we may use for session monitoring. For more information regarding FullStory’s collection and use of information, please visit FullStory’s privacy policy .

Do Not Track Signals. Our websites do not respond to “Do Not Track” signals sent by browsers, mobile devices, or other mechanisms.

Targeted Advertising, Sales, and Sharing of Personal Information

Although we do not sell personal information in exchange for money, some of the ways in which we share personal information for targeted advertising may be considered “sales” or “sharing” under US state privacy laws. Listed below are the categories of personal information we share for purposes of targeted/cross-context behavioral advertising or otherwise “sell” for non-monetary consideration:

  • Identifiers
  • Personal records
  • Commercial information
  • Internet or other electronic network activity information
  • Geolocation data
  • Inferences

The types of third parties to which personal information is sold or shared are third-party advertisers, partner businesses, and some analytics vendors. The purposes for which we sell/share this information include: showing you relevant ads while you browse the internet or use social media; marketing and advertising our or our partner businesses’ products and services; certain types of analytics; or similar purposes. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. If you would like to opt out, please see the information below for your state of residence.

Our uses of your personal information are not sales under Nevada law.  If you have any questions or if you would like to receive notice by email in the event we should engage in “sales” of personal information under Nevada law in the future, please contact us using the contact information provided below.

A Note About Our Online Chat Features

Some of our online Services include chat features to assist with answering questions and providing information about our products. When you participate in an interactive chat, either with a virtual or live agent, the contents of the chat may be captured and kept as a transcript. By using a chat feature, you understand that our vendors may process the information obtained through the chat feature in order to provide services on our behalf.

California Privacy Rights

  • This section supplements the other parts of our Privacy Policy and provides disclosures for California residents under the California Consumer Privacy Act (the “CCPA”). Please note that the disclosures below are not intended to apply to employees or job applicants. If you are a California employee, please see our employee privacy notice for more information. If you are a California job applicant, you can find applicable disclosures here.

How to Submit a Request Relating to Your Personal Information. If you are a resident of California, you have the right to submit certain requests relating to your personal information as described below. To exercise any of these rights, please submit a request through our webform or call us at 1-866-526-0152. Please note that if you submit a request to know, request to delete, or request to correct, you will be asked to provide 2-3 pieces of personal information that we will match against our records to verify your identity. You may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed. An authorized agent may submit a request on your behalf using the webform or toll-free number listed above.

Right to Know. You have the right to know what personal information we have collected about you, which includes:

  • The categories of personal information we have collected about you, including
  • The categories of sources from which the personal information was collected
  • Our business or commercial purposes for collecting, selling, or sharing personal information
  • The categories of recipients to which we disclose personal information
  • The categories of personal information that we sold, and for each category identified, the categories of third parties to which we sold that particular category of personal information
  • The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of personal information
  • The specific pieces of personal information we have collected about you.

Right to Delete Your Personal Information. You have the right to request that we delete personal information we collected from you, subject to certain exceptions. Where we use deidentification to satisfy a deletion request, we commit to maintaining and using the information in deidentified form and will not attempt to reidentify the information.

Right to Correct Inaccurate Information. If you believe that personal information we maintain about you is inaccurate, you have the right to request that we correct that information.

Right to Opt Out of Sales and Sharing of Personal Information. You have the right to opt out of the sale of your personal information, and to request that we do not share your personal information for cross-context behavioral advertising. To opt-out, please click here [link to cookie tool/sale opt-out mechanism]. If you choose to use a browser-based opt-out signal, such as the Global Privacy Control (GPC), you will be opted out of cookie-based sales and sharing of personal information, and will need to turn it on for each browser you use. To submit a request to opt out of offline sales and sharing, please use our webform.

Right to Limit Use and Disclosure of Sensitive Personal Information. We do not use sensitive personal information for purposes to which the right to limit use and disclosure applies under the CCPA.

Right to Non-Discrimination for the Exercise of Your Privacy Rights. If you choose to exercise any of your privacy rights under the CCPA, you also have the right not to receive discriminatory treatment by us.

Notice of Financial Incentive. Our rewards programs, including the Cornerstone Building Brands Rewards, Ply Gem Rewards and Simonton ProNetwork, provide benefits such as rewards points and special offers to participating businesses that purchase our products. Participation requires you to provide some personal information, such as Identifiers, Professional or Employment-Related Information, and Commercial Information. We may also offer military or veteran discounts from time to time. The incentives associated with our rewards programs are designed to reward loyal customers based on the volume of products and services they purchase from us. For the full terms and conditions applicable to our rewards programs, please see the applicable terms available through the websites linked above.

We have made a good faith estimate that the value of California residents’ personal information provided in connection with our rewards programs is equivalent to the relevant expenses related to the collection and retention of that personal information. Any difference in price or benefits provided to customers who participate in our rewards programs is reasonably related to the value of the personal information provided. By joining one of our rewards programs, you consent to any financial incentive associated with that program. You have the right to withdraw from the financial incentive at any time by cancelling your participation in the rewards program. You may cancel your rewards membership, by calling 866-526-0152.

Unless you specifically request, submission of a request to delete your personal information will not erase information required for you to continue to participate in our rewards programs. Should you wish to delete your personal information associated with a rewards program (and thereby cancel your participation in the program), please contact us at [email protected] or  866-526-0152.

California’s Shine the Light Law. California consumers have the right to request certain information regarding the types of personal information we shared with third parties for those third parties’ direct marketing purposes during the immediately preceding calendar year. An individual may make one request per year. To make such a request, please send an email to [email protected] or write to us at the mailing address shown in our Contact Information section, below.

Privacy Choices for US Consumers Outside of California

This section supplements the other parts of our Privacy Policy, and provides additional information for consumers in US States other than California. The rights described below are available to consumers who interact with us in an individual or household context.

If you are a resident of California, please review our California-specific disclosures, above.

Access and Data Portability. You may confirm whether we are processing your personal information, access your personal information, and obtain a copy of personal information you provided to us in a portable format.

Correction. You may request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and our purposes for processing it.

Deletion. You may request that we delete your personal information, subject to exceptions.

Right to Opt Out. Under applicable state privacy laws, you may have the right to opt out of the following uses of your personal information: (a) targeted advertising; (b) the sale of personal information; and (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not sell personal information in exchange for money or engage in practices that qualify as profiling producing legal or similarly significant effects under applicable state privacy law. To opt out of targeted advertising / non-monetary “sales” of personal information, please click here.  If you choose to use a browser-based opt-out signal, such as the Global Privacy Control (GPC), you will [be opted out of cookie-based sales and sharing of personal information, and will need to turn it on for each browser you use. To opt out of offline “sales” of personal information, or if you are an authorized agent submitting an opt-out request on behalf of a consumer where allowed by state law, please use the webform listed below. We use commercially reasonable efforts to authenticate the identity of the consumer to whom a request relates and the authorized agent’s authority to act on the consumer’s behalf.

How to Appeal a Decision on a Privacy Request. Sometimes we are unable to process requests relating to your personal information, in which case, your request will be denied. If we previously denied your privacy rights request and you believe we denied it in error, you may appeal for reconsideration of your request using our webform or by contacting us at 866-526-0152

  • Submitting Requests Relating to Your Personal Information. To make a request relating to your personal information, please use our webform or call us at 866-526-0152. Please note that we may need to authenticate your identity before your request can be processed. For authentication, you will be asked to provide 2-3 pieces of personal information that we will match against our records to verify your identity.

Users Outside the United States

If you are using our Services from outside the United States, please be aware that information we obtain about you will be processed in the United States or in other jurisdictions, and may be accessed by the courts, law enforcement and national security authorities in those jurisdictions. By using our Service, you acknowledge and consent to the international transfer and processing of your personal information as described in this Privacy Policy. Please be aware that the data protection laws and regulations that apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence.

Privacy Rights for Residents of Canada

If you would like to submit a request to access, correct, erase or obtain a copy of personal information we maintain about you, or if you would like to receive written information about our policies and practices regarding service providers outside of Canada, please  email us [email protected]. We may require specific information from you to help us verify your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to any legal restrictions on disclosing this information.

Security

We take commercially reasonable measures to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission via the Internet and online digital storage are not completely secure and no security measures can guarantee absolute protection. Accordingly, we cannot guarantee the security of your information collected through the Service.

Email Communications

You can opt out of/withdraw your consent to receiving marketing emails from us at any time by clicking the unsubscribe link found in the emails. Please note that your opt-out is limited to the email address used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscriptions may continue. Even if you opt out of receiving promotional communications, Cornerstone may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or Cornerstone’s ongoing business relations with you.

Services Not for Children

Our Services are not intended for children, and we do not knowingly collect personal information from anyone under the age of majority in their jurisdiction. If we become aware that we have collected personal information from a child, we will delete it in accordance with applicable law.

Revisions

This Privacy Policy is subject to change at our discretion. We will indicate changes, including material changes, to the Privacy Policy by updating the “Last Updated” date at the top of this page. Your continued use of the Services after any update to this Privacy Policy will constitute your acceptance of the changes.

Contact Information

If you have questions about our privacy practices, this Policy, or if you need to access this Policy in an alternative format due to a disability, please contact our privacy compliance team at:

Mail:    Cornerstone Building Brands, Inc.

5020 Weston Parkway

Cary, NC 27513

Email: [email protected]