Revised January 2024
This information about GDPR and the EU-US (and UK Extension) Data Privacy Framework supplements our Privacy Policy – North America and describes our legal bases for collection of personal data that is subject to GDPR obligations and our commitment to the EU-U.S. (and UK Extension) Data Privacy Framework.
To the extent subject to GDPR, we base the processing of your information on the following legal bases:
• Your consent, if you have given us such consent (art. 6 (1) (a) GDPR),
• The initiation or execution of a contract with you (art. 6 (1) (b) GDPR),
• The fulfilment of legal obligations (art. 6 (1) (c) GDPR),
• The implementation of our legitimate interests (art. 6 (1) (f) GDPR)
James Hardie Building Products Inc. complies with the EU-U.S. (and UK Extension) Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. James
Hardie Building Products Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. (and UK Extension) Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, James Hardie Building Products Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-US.DPF and the UK Extension to the EU-U.S. DPF. Under the DPF, you may invoke binding arbitration by delivering notice to us and following the procedures and subject to conditions set forth in Annex I of Principles. Under the DPF we acknowledge that we may be liable for onward transfers to third parties. We have identified the JAMS IRM Service as the independent recourse mechanism available to address complaints free of charge and provide appropriate recourse. They may be contacted at
jamsadr.com/eu-us-data-privacy-framework. In addition, we acknowledge that we are subject to investigatory and enforcement powers of the Federal Trade Commission (FTC). If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit
dataprivacyframewor.gov/.
