PRIVACY POLICY

Last Reviewed: May 8, 2023

This Privacy Policy describes the types of information Janus International Group, LLC and its U.S. affiliates ("Janus", "JIG", "we", "us", or "our") may collect from you or that you may provide when you visit the websites that we own, operate, or use (each a "Site") and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Privacy Policy does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Sites.

By accessing or using the Sites, you confirm that you have read, understand and acknowledge the terms of this Privacy Policy, and agree to our Terms of Use (available at https://www.janusintl.com/termsofuse) (the "Terms"). Further, by accessing or using the Sites, you acknowledge that you accept the practices and policies described in this Privacy Policy (and as updated from time to time), and you hereby consent that we may collect, use, and share your information as described herein. Any capitalized terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms.

Scope

This Privacy Policy applies to personal information that Janus receives during its business operations as a "data controller," which means we determine the purpose and means of processing such personal information. In some circumstances, we may serve as a " data processor ," which means we will process personal information for, or on the behalf of, a data controller. When Janus serves as a "data processor," we will process personal information for and on the behalf of our customers and clients (i.e., the data controllers) in accordance with our data processing agreement or similar data protection terms and not this Privacy Policy.

Information We Collect

For this Privacy Policy the definition of "Personal Data" means any information that, alone or in conjunction with other information or data, identifies or is linked to a particular individual or household and that is subject to, or otherwise afforded protection under, a data protection law, statute, or regulation. Personal Data does not include your personally identifiable information that has been deidentified, pseudonymized, anonymized, aggregated, and/or otherwise processed so as to be unidentifiable in such a way that the data can no longer be attributed to a specific individual (by reasonable means) without the use of additional information, and where such additional information is kept separate and under adequate security to prevent unauthorized re-identification of a specific individual such that one could not, using reasonable efforts, link such information back to a specific individual (the foregoing in this sentence being referred to as "De-Identified Personal Data").

Personal Data we collect from our Sites includes, but is not limited to:

• Tenant identification information
• Name (first & last)
• Mobile phone number
• Email address
• Registration Data (usernames & passwords)
• Geolocation information, when opted in

Other related data we may collect may include, but is not limited to:

• Tenant unique identifier for the tenant (that the PMS system generates and uses)
• Tenant unit number
• Activity associated with that unit
• Note: Shared Key (we obtain the same information for anyone the "Master" tenant has shared their digital key with)
• Unit identification information
• Unit unique identifier (that the PMS system generates and uses)
• Last Updated
• Unit status - available, rented, overlocked, auction
• Unit name (usually an alphanumeric number associated with the unit)

Information Collected Automatically

We and our third-party service providers, such as advertising and analytics providers, use cookies, web beacons and other data technologies to receive and store certain types of information when you interact with us through your computer or mobile device. Using these technologies helps us recognize you, customize your experience and make relevant marketing messages. Here are the types of information we collect:

• Log & Device Data. When you visit our Site, we may automatically record information ("log data"), including information that your browser sends whenever you visit our Site. This log data may include your web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, time zone and location. The Sites may collect "diagnostic" data related to your use of the Sites, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.
• Our third party service providers may provide us information that tells us how marketing ads, often placed on third party websites, performed and who clicked on them. This information does not identify any specific individual and is generally non-identifying. If we were to associate it with you, we would treat it as Personal Data.

Information Received from Customers Through Our Services

We receive data from our customers through our storage facility-related services. We process this data pursuant to a contract in place with our customers. The use of information processed through these services shall be limited to the purpose of providing the service for which the customer has engaged Janus. We process Personal Data at the direction of our customer and we generally have no direct relationship to the tenants whose Personal Data we receive on behalf of our customers. See below about your choices and access rights related to this data.

Information Received From the Noke® Smart Entry Application

We receive data from our customers' employees, tenants, and certain company managers who use our Noke® Smart Entry app. We process this data pursuant to a data processing agreement or other contract in place with our customers. The use of information processed through our service shall be limited to the purpose of providing the service for which the customer has engaged Janus. See below about your choices and access rights related to this data.

Use of Cookies

Our Sites use "cookies" (a small text file sent by your computer each time you visit our Site) or similar technologies to record log data. Many browsers default to accepting cookies. You may be able to change this setting in your browser and you can also clear your cookies. If you do, you may lose some functionality of our Sites. Check your browser's help function to learn more about your cookie setting options. For more information, please see our Cookie Policy at https://www.janusintl.com/cookiepolicy.

Site Monitoring

Please be aware that we use cookies and other tracking technologies within the Sites to monitor and record any and all activities and communications to, from, and on, the Sites in order to safeguard, improve, and analyze usage of, the Sites, and for the other purposes listed in this Privacy Policy. For the avoidance of doubt, you hereby acknowledge, agree, and consent to, such monitoring and recording.

Audio and Visual Materials

Our Sites may, from time to time, display live or prerecorded videos or similar audio-visual materials ("Videos"). We may collect personal information with respect to you requesting access to, and/or accessing, such Videos, and we may disclose such personal information to third parties, including to our third-party service providers through the use of cookies. By requesting access to, or accessing, such Videos, you hereby agree to our Video Information Disclosure Consent Form at https://www.janusintl.com/videoconsent. The provision of Videos on our Site is not an admission by Janus and it shall not otherwise be interpreted, in any form or manner, to mean that Janus is a "video tape service provider" for purposes of the Video Privacy Protection Act (codified as amended at 18 U.S. Code § 2710) (the "VPPA") or that we are otherwise subject to the VPPA.

Use of Personal Data

We may use your Personal Data as described below:

Marketing and Communications:

• To provide you with information requested from us relating to our products or services.
• To provide information on other products that we feel may be of interest to you if you have consented to receive such information, which are legitimate business interests.
• To notify you about any changes to our Sites, such as improvements or service/product changes, that may affect our service.
• Monitor and analyze trends, usage, and activities in connection with our products or services.
• If you are an existing customer, we may contact you with information about services similar to those already purchased.
• If you do not want us to use your data for ourselves, you will have the opportunity to withhold your consent to this when you provide your details to us on the form that we collect your data.
• With your consent, we will use Personal Data to communicate with you to manage our contractual relationship with you and/or for a legitimate business or commercial purpose.

Deliver the product/service and customer support:

• We will use Personal Data to provide you or our customer's access to the Noke® Smart Entry app and customer support. We will use Personal Data to manage our contractual relationship with you and/or for a legitimate business or commercial interest. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested services.

Business Purposes:

• We use Personal Data to analyze our product and services, as well as the Sites, and to perform audits, security and fraud monitoring and prevention. We also use Personal Data to develop new services, enhance, improve or modify our existing service, identify usage trends, determine the effectiveness of our marketing efforts, and to operate our business. We use Personal Data as described to manage our contractual relationship with you, comply with a legal obligation and/or because we have a legitimate business or commercial interest to do so.
• To process transaction payments (including, but not limited to, service fees, membership dues and subscriptions, registration fees, voluntary contributions, and payments, refunds and reimbursements for any products or services that you choose to purchase from us).
• To ask for anonymized ratings and reviews of the Mobile App and/or the products or services that we offer to you.
• In any other way we may describe when you provide the information or to fulfill any other purpose for which you provide it.

Additional Purposes:

• Personalize our products and services, including providing features or advertisements that match your interests and preferences.
• Comply with applicable due diligence laws and requirements regarding security, anti-terrorism, anti-bribery, customs, immigration, and similar matters.
• We may collect and use your Personal Data for any other purpose for which we obtain your consent.

Sharing and Disclosure

We do not share your Personal Data with others except as indicated within this Privacy Policy or when we inform you and give you an opportunity to opt out of having your Personal Data shared.

We share your Personal Data in the following ways:

Intra-Group. We may share your Personal Data with our parent company, and our affiliates, and subsidiaries.

With third party service providers, agents, or contractors.We use other companies, agents or contractors ("Service Providers") to perform services on our behalf or to assist us with providing services to you. For example, we may engage Service Providers to process credit card transactions or other payment methods, or, we may engage Service Providers to provide services such as marketing, advertising, communications, infrastructure and IT services, to provide customer service, to collect debts, and to analyze and enhance data (including data about users' interactions with our service). These Service Providers may have access to your personal or other information in order to provide these functions. In addition, some of the information we request may be collected by third party providers on our behalf. We do not authorize them to use or disclose your personal information except in connection with providing their services.

Analytics.Specifically, for analytics providers, we use Google Analytics which is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/. Google also recommends installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout, for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

Advertising.We may use third-party Service Providers to show advertisements, which may include targeted advertisements on a third-party Site after you have visited our website. We and the third-party service providers use cookies to inform, optimize, measure performance serve ads based on your previous visits to our Site. Any tracking that a third party performs is subject to their own privacy notice.

Some web browsers may transmit "do-not-track" signals to the website with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Please note that unless otherwise required by law, at this time we do not recognize automated browser signals regarding tracking mechanisms, which may include "do not track" instructions.

To Comply with Legal Process or To Protect Janus. Except as otherwise described in this Privacy Policy, we will not disclose your Personal Data to any third party unless required to do so by law, court order, legal process, or subpoena, including to respond to any government or regulatory request, or if we believe that such action is necessary to (a) comply with the law, comply with legal process served on us or our affiliates, subsidiaries, contracted vendors, or affinity partners, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) enforce our Terms (including for billing and collection purposes); (c) take precautions against liability; (d) investigate and defend ourselves against any third-party claims or allegations; (e) assist government enforcement agencies or to meet national security requirements; (f) to protect the security or integrity of our Sites, our services, or any software we provide related thereto; or, (g) exercise or protect the rights, property, or personal safety of us, our users or others.

We will attempt to notify you about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon us, our users, our Sites, or our services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.

• It is likely that the identity and categories of such third parties will change during the life of your account. We require that our third-party service providers use only your Personal Data as necessary to provide the requested services to us and each service provider is subject to a set of terms consistent with the applicable portions of this Privacy Policy.
• Business Transfers:You consent to our disclosure of your Personal Data and other information to a potential or actual buyer of our company or other successor for the purpose of considering a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or other court proceeding, in which Personal Information held by us is among the assets transferred. You agree to and do hereby consent to (and shall not object to) our assignment, conveyance, transfer, and/or license (whether by contract, merger or operation of law) of any or all of our rights to your Personal Information and your consents, in whole or in part, and other information, with or without notice to you and without your further consent.

Storing your Personal Data/Transfer of Data

This Site is operated in the United States. If you are located in another jurisdiction, please know that your information will be transferred to, stored, and processed in the United States. By using the Sites and providing us with information, you consent to this transfer, processing and storage of your information in the United States. It is important to note that the privacy laws in the United States may be more, or less, comprehensive as those in other countries such as the European Union or Canada. Our Service Providers use appropriate safeguards to transfer your Personal Data to the United States.

• We may transfer Personal Data that we collect from you to locations outside of headquarters for processing and storing. In addition, it may be processed by staff operating outside the office area who work for us or for one of our suppliers. For example, such staff may be engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take commercially reasonable steps to make sure that your Personal Data is treated securely and in accordance with this Privacy Policy.
• Personal Data that is provided to us is stored on our secure servers and/or those of our Service Providers. Details relating to transactions entered into via our Site will be encrypted to ensure its safety.
• The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain areas of our Site, you are responsible for keeping this password confidential.
• The safety and security of your information also depends on you. You should maintain good internet security practices. Where you have password-protected access to certain parts of the Site or Mobile App, you are responsible for keeping this password confidential. You should not share your password with anyone. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. If your email account or Facebook account is compromised this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You must contact us immediately (and in any event within twenty-four (24) hours) if you have reason to believe that your username or password to our Sites and services has been compromised. The information you share in public areas may be viewed by other users. We'll never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate.

Third party links

As a resource to you, we may have links on our Site to other websites that we do not operate. Our Privacy Policy does not apply to such third-party websites or organizations. If you click on a third-party link, you will be taken directly to that website which is governed by its own privacy notice. We strongly encourage you to read that privacy notice. We do not control that website and assume no responsibility for the content, policies or its practices.

Data Retention

The time periods for which we retain your Personal Data depend on the purposes for which we use it. We will keep your Personal Data for as long as your account is active, or as long as you are a registered account holder or user of our Site or Mobile App or for as long as we have another business purpose to do so and, thereafter, for no longer than is required or permitted by law, or our records retention policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request. This period of retention is subject to our review and alteration.

Following termination or deactivation of your account, we may retain your profile information and all information posted to public areas of the Site. Following termination or deactivation of your account, we may retain your Personal Data and other data, but will maintain it as confidential according to the Terms, this Privacy Policy, and as required by applicable law. We have the right to delete all of your Personal Data and other data after termination of your account without notice to you. We may retain De-Identified Personal Information for as long as we choose.

Your California Privacy Rights

Online Privacy Protection Act ("CalOPPA")

Under California Civil Code Sections 1798.83-1798.84 (known as the "Shine the Light" law), California residents are entitled to ask us annually for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties with whom the business has shared such information during the immediately preceding calendar year. To make such a request, please contact us with "Request for California Privacy Information" in the subject line and in the body of your message. We will comply with your request within thirty (30) days or as otherwise required by the statute. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response. To obtain information under CalOPPA from us, please contact us, or, see more at the CalOPPA website

California Consumer Privacy Act of 2018 ("CCPA")

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, click here: https://www.janusintl.com/privacypolicy/californiarights.

Your Virginia Privacy Rights

If you are a Virginia resident, Virginia law may provide you with additional rights regarding our use of your personal information.

Data Privacy Rights. Pursuant to the Virginia Consumer Data Protection Act, Virginia residents are entitled to certain data privacy rights:

• To confirm whether or not Janus is processing your personal information, and to access such personal information.
• To request Janus correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.
• To request Janus delete your personal information.
• To obtain a copy of the personal information that you previously provided us in a portable and, to the extent technically feasible, readily usable format that allows it to be transmitted to another entity without hindrance, where the processing is carried out by automated means.

Submit a Privacy Request. To submit a privacy request, you may contact us using the "Contacting Us" section below.

Privacy Request Verification Process. If you make any request related to your personal information, we will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, before granting you access to, erasing, or correcting, specific pieces or categories of personal information or otherwise responding to your request, we will, to the extent required or permitted by law, (i) require you (or your authorized agent) to verify your request via email, (ii) request certain contact information or government identifiers, and (iii) match at least two pieces of such personal information with data that we have previously collected from you. None of Virginia's privacy rights are absolute, and such rights are subject to exceptions and exemptions. For more information about the Virginia Consumer Data Protection Act, please see https://lis.virginia.gov/cgi-bin/legp604.exe?211+ful+SB1392ES1.

Privacy Requests Appeals Process. If you would like to appeal a decision we made with respect to your privacy request, please email us at privacy@janusintl.com, with the subject line "ATTN: Privacy Appeals," and describe the nature of your request, and the reason for requesting an appellate review. Virginia residents may file privacy complaints with the Virginia Attorney General (https://www.oag.state.va.us/contact-us/contact-info).

Opt-Out Rights / The Sale of Personal Information. Virginia residents have the right to opt out of the "sale" of their personal information. However, Janus does not sell your personal information to third parties for monetary or valuable consideration, and therefore we do not provide opt-out request processes for the sale of personal information (because we do not undertake such activities).

Opt-Out Rights / Targeted Advertising. Virginia residents have the right to opt out of having their personal information used for targeted advertising purposes. We use third-party analytical and targeted advertising features on our Site and similar web tools provided by our marketing partners. To opt out of this sharing of your personal information in these circumstances, please click on the cookie management tool (sometimes visible as a "Your Privacy Choices" or a "Do Not Sell/Share My Personal Information" link on the footer of the Site) to set your cookie preferences.

Opt-Out Rights / Profiling. Virginia residents have the right to opt out of having their personal information used for profiling in furtherance of decisions that produce legal or similarly significant effects. However, Janus does not engage in such activities.

Your Nevada Privacy Rights

We do not currently conduct "sales" of personal information for purposes of Nevada law. Notwithstanding the foregoing, Nevada residents may submit a request directing us to not sell personal information we maintain about them to third parties who will sell or license their information to others. If you would like to exercise this right, please contact us in accordance with the "Contacting Us" section listed below.

Notices; Opting Out

By providing us with your email address (including by "following," "liking," linking your account to our Service or other services, etc., on a third party website or network), you consent to our using the email address to send you service- and business-related notices by email, including any notices required by law, in lieu of communication by postal mail. You also agree that we may send you notifications of activity related to our Sites to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Service, or special offers. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or by clicking "unsubscribe" at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.

You can add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by emailing us. It is your responsibility to maintain your current email address with us.

Security

We use reasonable administrative, logical, physical and managerial measures to safeguard your Personal Data against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information. Moreover, we are not responsible for the security of personal information you transmit to the Sites and/or the services over networks that we do not control, including the internet and wireless networks, and you provide us with any personal information and data at your own risk. To the extent permitted by law, we shall not be liable or otherwise responsible for any data incident or event that may compromise the confidentiality, integrity, or security of your personal information caused by a third party. Where we have given you (or where you have chosen) a username and password to access our Sites or services, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately (and in any event within twenty-four (24) hours) if you have reason to believe that your username or password to our Sites has been compromised. You acknowledge and agree that we may contact you via email or other electronic communications in the event we are legally required to notify you of a data security incident or event related to your personal information.

Sensitive Data

We request that you do not send us any sensitive data such as social security or national identification numbers, information related to racial or ethnic origin, political opinions, religious beliefs, health data, biometrics or genetic, criminal background or trade union membership information. If you do send us this information, then you are consenting to its processing in accordance with this Privacy Policy. To avoid processing of sensitive data, please do not submit it.

Our policy on children's information

Our Site is not directed to children under 16. In the event that we learn that we have collected Personal Data from a child under age 16 without verification of parental consent, we will use commercially reasonable efforts to delete that information from our database. If you learn that your minor child has provided us with Personal Data without your consent, please contact us.

Your Responsibilities

You are permitted, and hereby agree, to only provide personal information to us if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon a person's data privacy rights or privileges. If you provide Personal Data (including personal information concerning a third party) to us, you expressly represent and warrant to us that you have the full right and authority to provide us with such Personal Data (including personal information concerning a third party) and that our use and processing of such Personal Data as set forth herein will not violate any person's rights or privileges, including rights to privacy. You hereby agree to fully and completely indemnify Janus for any claims, harm, or damages that may arise from your provision of Personal Data (including personal information concerning a third party) to Janus.

Updating Your Information

It is important that the personal information that you provide to us is accurate and reliable. In certain circumstances, you may have the ability to directly edit your Janus account to update and change your personal information (e.g., name, telephone number, email), and you must do so when such changes are warranted. You may review, update, or modify your personal data, including profile and contact information, at any time by contacting us in accordance with the "Contacting Us" section below.

Data Protection in Europe

The following provisions apply to you only if you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, and please note that we may transfer your Personal Data to a country or jurisdiction, such as the United States, that does not have the same data protection laws as your jurisdiction. We may do so to process your Personal Data by staff operating outside the EEA who works for us or for one of our service providers. Under the General Data Protection Regulation¹ (GDPR) applicable in the EEA, Switzerland, and the UK, and other countries' privacy laws, you may have certain rights with respect to the processing of your Personal Data. These rights include:

• Choosing not to provide your Personal Data
• Accessing, or obtaining a copy of, your Personal Data
• Checking and editing your data in your user account
• Unsubscribing from direct marketing
• Checking and editing your Personal Data
• Blocking and deleting the cookies
• Permitting or refusing processing of your location data
• Erasure, or restriction of our processing, of your data
• Objecting to the processing of your Personal Data
• Withdrawing your consent
• Porting your data to another controller
• Lodging a claimthe supervisory authority
• Data collected directly by our customers at storage locations

We strive to ensure that the Personal Data we possess are always accurate and therefore we encourage you to update your information in your own account in case any changes have occurred. We have listed below the rights that you may be able to exercise in respect of the processing of your Personal Data, subject to applicable law. We take commercially reasonable step to ensure that the Personal Data that we process are limited to the Personal Data that are reasonably required in connection with the purposes set out in this Privacy Policy.

For purposes of GDPR, and wherever applicable throughout this Privacy Policy, Janus is the data controller collecting Information from the Sites. We can be contacted at privacy@janusintl.com.

Please note that upon exercising any of the rights listed below, you may be requested to provide additional information for identification purposes. Such additional information shall not be used for any other purpose and will be removed after successful identification.

• Providing your data: You may choose not to provide your Personal Data to us. It should be noted that some features of our websites, applications and other services may not be fully available to you if you choose not to provide us with your Personal Data (e.g., we may not be able to process your orders without the necessary details).
• Right of access: You may have the right to request access to, or copies of, your Personal Data, together with information regarding the nature, processing and disclosure of those data.
• Unsubscribing: We include an unsubscribe link in all electronic marketing messages we send to you. You may withdraw your consent to direct marketing at any time. If you do so, we will promptly update our databases, and will not send you further direct marketing, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.
• Checking and editing your Personal Data: Should you have an online user account, you may edit and complete your Personal Data directly yourself. If you do not have an online user account, you may contact us , who will upon your request as soon as possible rectify, remove or complete the information which is incorrect, unnecessary, lacking or outdated.
• Allowing use of location data: You may give your consent to the use of location data in the options of the device or the application. You may also withdraw such consent at any time from the options menu in your account, or by contacting us.
• Erasure, or restriction of our processing, of your data : Should you believe that we process your data which is not accurate; the processing is illegal; we are not processing your data in accordance with the processing purpose or you want to oppose the processing, you may contact us to request the erasure, or restrictions on the processing, of your data. Please note that we will investigate your request reasonably promptly, before deciding what action to take.
• Right to object: You may have the right to object, on legitimate grounds, to the processing of your Personal Data.
• Withdrawing your consent : You may at any time decide to withdraw your consent to the processing of your Personal Data. If your consent is withdrawn, it does not prevent us from processing your Personal Data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law. However, it should be noted that your account(s) on our Web Portal will be altered, and advantages granted to you via your account will be reset. Please note that withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal.
• Right to data portability: You may have the right to have your Personal Data transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable.
• Right to Lodge a Complaint : For European Union residents, if you feel that our processing of your Personal Data infringes on data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state where you habitually reside, your place of work or the location of the alleged infringement. If you are located outside of the European Union, you may have rights under privacy laws in the jurisdiction where you live.

Legal Basis for Processing. We process your personal information in accordance with the legal bases set forth in law. For example, our processing of personal information (as described herein) is justified based on the following legal grounds:

• Consent: Processing is based on your consent (e.g., you register to receive our marketing materials, you voluntarily contact us).
• Legitimate Interests: Processing is necessary for our legitimate interests as set out herein (e.g., monitoring your use of the Site and your compliance with the terms and conditions governing the same, improving our services).
• Contract Undertaking: Processing is necessary for the performance of a contract to which you are a party (e.g., you purchase or consider purchasing our Services).
• Legal Compliance: Processing is required to comply with a legal or statutory obligation (e.g., tax disclosures).

Complaints. In the event you have concerns about our data processing, you have the right to file a complaint with your data protection authority.

• For data protection authorities in the EU, please see here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
• For the data protection authority in Switzerland, please contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
• For the data protection authority in the UK, please contact the Information Commissioner's Office (www.ico.org.uk).

We would, however, appreciate the opportunity to deal with your concerns before you approach a data protection authority with a complaint, and invite you to contact us in the first instance.

Your Canada Privacy Rights

Personal data (as the term is defined in the Personal Data Protection and Electronic Documents Act of Canada ("PIPEDA") will be collected, stored, used and/or processed by Janus in accordance with this Privacy Policy and our obligations under PIPEDA and other applicable Canadian provincial laws. Pursuant to these Canadian laws, you have a right to request access to your personal information and to request that inaccurate personal information be corrected. If you have submitted personal information to us and would like to have access to it, or have it corrected, please contact us in accordance with the "Contacting Us" section listed below. When requesting access to, or correction of, your personal information, we will require that you verify our request via email, and we will request specific data from you to enable us to confirm the authenticity of the request and your identity, and to enable us to search our records and databases. We may charge you a fee to access your personal information, provided that we advise you of any such fee in advance. Your right to access personal information is not absolute, and we may not be able to allow you to access certain personal information in certain circumstances (e.g., if the information contains personal information of other persons or it is subject to legal privilege). In the event that we cannot provide you with access to, or the ability to correct, your personal information, we will use reasonable means to inform you of the reasons why, subject to any legal or regulatory restrictions. To delete your name from our electronic contact lists (text or email), please contact us in accordance with the "Contacting Us" section listed below. If you have concerns with our data processing, you may file a complaint with the Office of the Privacy Commissioner of Canada. For more information about the Office of the Privacy Commissioner of Canada, please access its website.

Persons with Disabilities

We strive to ensure that every person has access to information related to our Services, including this Privacy Policy. Please contact us if you would like this Privacy Policy provided in an alternative format, and we will seek to meet your needs.

Employment Applications and Talent Management

As part of our recruitment and talent management process, we collect personal information with respect to individuals who are interested in working for us. In this context, we collect employment and application data, such as the following: contact information (e.g., name, title, residential or postal address, telephone number, and personal email address); information in a curriculum vitae, resumé, cover letter, or similar documentation; details regarding the type of employment sought, willingness to relocate, job compensation and benefit preferences; health data (e.g., medical conditions); information related to your background, education, criminal record, credit history and similar data; information provided about or by your references or other third parties related to your employment history, skills, qualifications, or education; and information related to previous applications to us or previous employment history with us. When permitted by law, we may collect information about your race and ethnicity to assist with our diversity and inclusion programs. We use this information for the following purposes: to identify and evaluate job applicants; to verify your information; to complete employment, education, background and reference checks; to communicate with you about the recruitment process and your application; to comply with our legal, judicial, regulatory, administrative, or other corporate requirements; to analyze and improve our application and recruitment process; to accommodate individuals who may have specialized needs during the employment process; and to protect the rights, interests, and property of our business, other job applicants, employees, or the public, as required, or permitted, by law. We share this personal information with third parties (see "Sharing Information or Disclosures"), and we may also use this employment and application data for any other purpose set forth in this Privacy Policy.

Events and Video Teleconferencing

We host and use video teleconferencing platforms to facilitate conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., Google, Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and you hereby consent to the recording of such activities.

Changes to the Policy

We reserve the right to amend this Privacy Policy at any time. We will notify you if this Privacy Policy is amended by updating the "Last Reviewed" section listed above. It is your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made hereto. Your use of the Services, and continued use of the Services after any amendments are made to this Privacy Policy, signifies your consent to this Privacy Policy and any amendments hereto. We may, in our sole discretion, provide you communications, including via email or text messages, about changes to our Privacy Policy; however, such communications do not abrogate or otherwise limit your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made hereto.

Contacting us

We welcome any queries, comments or requests you may have regarding this policy please do not hesitate to contact us at privacy@janusintl.com. If you would prefer to write to us, our contact address is:

135 Janus International Blvd.

Temple, GA 30179

Attn: Legal Department

Toll Free: (866) 562-2580

Phone: (770) 562-2850

1 The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. For more information regarding the GDPR, please visit https://eugdpr.org/.