GAF Energy Privacy Notice at Collection

Privacy Summary

Effective date January 1, 2023

This is a summary of the collection and use of personal information about California residents by GAF  Energy LLC and their direct and indirect subsidiaries (“Company,” “we,” “us,” or “our”).  For more detail, you can read our Privacy Policy. This summary does not cover our handling of personal information (i) in our capacity as an employer, (ii) solely on behalf of a contractor or other third party, or (iii) in situations where the information is handled in deidentified form or is otherwise not subject to the “notice at collection” requirements of the California Consumer Privacy Act (“CCPA”).

Categories of Personal Information Collected

We collect the categories of personal information described below.  We intend to retain this information for as long as we feel it is necessary for the purposes described further below, or for any longer period required by law.  Because we may collect and use the same category of personal information for different purposes and in different contexts, there is not typically a fixed retention period that always will apply to a particular category of personal information.  Examples of how long we normally intend to retain personal information in certain situations are set forth below.

CATEGORY OF PERSONAL INFORMATIONEXAMPLES OF HOW LONG WE NORMALLY PLAN TO KEEP THIS INFORMATION
identifiers (e.g., name, mailing address, email address, phone number, username, and password);If we collect a homeowner’s name or other identifiers as part of their warranty registration, we plan to retain it for the duration of the warranty and for a short period after that for related administration and sales purposes.  If we instead collect an individual’s name when they sign up for marketing emails, we plan to retain it until they unsubscribe from those emails, and then for two years after that for analytics purposes (but we would keep their email address indefinitely to comply with their unsubscribe request).  
financial information (e.g., income, bank account information, bank or credit card information, and payment information);We retain most accounting related information for 12 years. 
audio, electronic, visual, thermal, olfactory, or similar information (e.g., graphics, photographs, recordings of calls or meetings, and ambient conditions such as humidity or temperature;)In some cases and for certain solar products, we reserve the right to collect and maintain energy generation, use, and storage for the duration of the warranty and for a short period after that for related administration, research and development, and product improvement purposes.  If a contractor submits images of a property to us for assistance with planning an installation that then takes place, we may retain those images for the duration of the warranty and for a short period after that. 
commercial information (e.g., records of transactions, records of training, and program status);We retain many types of transaction records for five years after completion of the transaction, for auditing and customer support purposes.
internet or other electronic network activity information (e.g., browsing history, search history, and interactions with our emails and digital platforms (including downloads) and third party websites and applications), along with data used to generate such information, such as personally identifiable cookie information or personally identifiable device or browser information;We retain the IP address associated with account logins for 90 days, though some systems store user IP Addresses for more extended periods, including for account authentication, fraud detection, and other cybersecurity purposes.
geolocation and precise geolocation data;When we allow a QuickMeasure user to find a place on a map, using pin technology, we delete record of their precise geolocation within 30 days. 
account login credentials; andWe retain data reflecting account credentials for the duration of the account, and may further retain them for fraud prevention and cybersecurity purposes
inferences drawn from any of the information identified above.We often retain inferences for the same period of time for which we retain the underlying data.

We use personal information for the following purposes:

“Sale” or “Sharing”

During the 12 months leading up to the effective date of this Privacy Summary, we “sold” and “shared” (as those terms are defined under the CPRA), commercial information (transaction data) and internet or electronic network activity (such as a record of a browser’s visit to our website) to marketing and advertising services to assist with such activities.  This practice continues today.  We do not “sell” or “share” personal information (as those terms are defined under the CCPA) if we have actual knowledge that the consumer is less than 16 years of age.