CALIFORNIA PRIVACY POLICY
CALIFORNIA PRIVACY POLICY Last Updated: January 7, 2020

Masonite Corporation(“Masonite”, “Company,” “we,” “our,” or “us”) takes your privacy seriously. We want you to know how we collect, use, share, and protect your Personal Information and about the rights of California Consumers under California law.

This Privacy Policy addresses the following topics:

• The Scope of this Privacy Policy
• The Company’s Collection, Use and Disclosure of Personal Information
• Your California Privacy Rights
• How to Exercise Your Rights
• How We Will Verify Your Requests
• Requests by Authorized Agents
• The Company’s Non-Discrimination Policy
• Your Right to Information About Disclosures of Personal Information for Direct Marketing Purposes
• Your “Do Not Track” Browser Setting
• Third-Party Links and Services
• Minors Under 13 Years of Age
• For More Information
• Changes to This California Privacy Policy

Assistance For The Disabled
Alternative formats of this Privacy Statement are available to individuals with a disability. Please contact us at webmaster@Masonite.com for assistance.

The Scope Of This Privacy Policy
What Is Personal Information?
“Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Consumer or household.

Whose Personal Information Is Covered By This Policy?
This California Privacy Policy applies to the Personal Information of residents of the State of California in their capacity as consumers (“California Consumers”).

What Personal Information Does This Privacy Policy Cover?
This Privacy Policy applies to all Personal Information of California Consumers that we collect both online and offline, including through California Consumers’ (a) visits to our website, and (b) use of our products, applications, or services that references this Privacy Policy (collectively, the “Services”).

Whose Personal Information Is Not Covered By This Privacy Policy?
For purposes of this Privacy Policy, “Consumer” does not include:

• California residents who are Company’s employees, job applicants, directors,officers, or independent contractors (collectively, “HR Individuals”), or the emergency contacts of HR Individuals or the dependents or spouses who receive Company benefits by virtue of their relationship to an HR Individual in their capacities as HR Individuals or emergency contacts, dependents, or spouses; or
• California residents who are employees or other agents of a business engaged in a transaction with Company in their capacities as employees or agents of that business.

What Else Should I Know About The Company’s Handling Of California Consumers’ Personal Information?
Please read Masonite’s Terms of Use and Privacy policy available at https://masonite.com/privacy-policy/, as they contain important information about your use of the Services. If you have any questions, please contact us using the information below.

The Company’s Collection, Use And Disclosure Of Personal Information
This section of the Privacy Policy describes, for the 12 months preceding the date last updated, above, (a) the categories of Personal Information we have collected about you, (b) the sources of that Personal Information, (c) the business and commercial purposes for use, and (d) the categories of third party recipients of your Personal Information. Unless we inform you otherwise, this section also serves as our “notice of collection” by informing you of your Personal Information to be collected in the future and the purposes for its use.

Categories Of Personal Information Collected
In the last 12 months, Company collected the following categories of Personal Information about California Consumers:

• Identifiers, including: full name; address; email address; and telephone number.
• Payment Information, including: payment method; credit card number, CVV /CID, expiration date; billing address.
• Product Information, including: product name, serial number, place of purchase, product usage information, color, and version; product reviews.
• Commercial Information, including: products and services purchased; shipping method for purchased products; information about products that you have returned; marketing preferences including email marketing preferences.
• Internet Or Other Electronic Network Activity Information, including: browser used, search requests and results, pages visited on Masonite’s websites and links clicked; IP address; language preferences.
• Inferences, drawn from the categories of Personal Information listed above to create a profile reflecting a consumer’s preferences.

Purposes For Using Personal Information Collected
In the last 12 months, Company used the categories of Personal Information listed above for the following purposes:

Sources Of Personal Information Collected
In the last 12 months, Company collected the following categories of Personal Information about California Consumers from the following sources:

• Directly From California Consumers: (a) Identifiers, (b) Commercial Information, (c) Payment Information, (d) Product Information; (e) Inferences drawn from the aforementioned categories of Personal Information provided by the consumer.
• Data Collection Technologies (described above): Internet Or Other Electronic Network Activity Information.

Disclosure Of Personal Information To Third Parties
In the last twelve months, Masonite disclosed the following categories of Personal Information about California Consumers for a business or commercial purpose to our affiliates and to customers, suppliers, or others involved in the distribution chain to provide the products or services that have been requested by the California Consumer. Category of Personal Information Category of Third Party.

No Sale Of Personal Information
Masonite does not and will not sell California Consumers’ Personal Information.

Your California Privacy Rights
Right to Know
California Consumers have the right to submit a verifiable request to know:

• The categories and specific pieces of Personal Information that Company has collected about them;
• The categories of sources from which Company collected the Personal Information;
• The categories of Personal Information that Company sold or disclosed to a third party (other than a service provider) for a business purpose and the categories of recipients of that information; and
• The business or commercial purposes for Company’s collection, disclosure, or sale of the Personal Information.

Right To Delete
California Consumers have the right to submit a verifiable request for deletion of their Personal Information that Company has collected from the Consumer.

Right to Opt Out of Sale of Personal Information
California Consumers have a right to opt-out of the sale of the Personal Information. However, as stated above, Company does not and will not sell Personal Information.

How to Exercise Your Rights
Masonite will respond to requests in accordance with applicable law if it can verify the identity of the individual submitting the request. California Consumers can exercise their rights in the following ways:

• Complete the online request form available here: https://www.masonite.com/ccpa-form/
• Contact by email here: webmaster@Masonite.com.
• Contact by telephone: 1-800-663-3667.

Requests By Authorized Agents
You may designate an authorized agent to exercise your right to know or your right to delete by submitting to us a completed “Authorized Agent Designation” form. You can obtain the designation form by contacting us at webmaster@Masonite.com. If an authorized agent submits a request to know or a request to delete on your behalf, the authorized agent must submit with the request either (a) a power of attorney that is valid under California law, or (b) a document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your identity.

How We Will Verify Your Requests
The processes that we follow to verify that the person making a request to know or a request to delete is the person about whom we have collected personal information are described below. The relevant process depends on how and why the request is submitted.

Requests Through Your Password-Protected Account
If you created a password-protected account with us before the date of your request, we will rely on the fact that your request has been submitted through your account as verification of your identity. We will require that you re-authenticate yourself before we disclose your personal information in response to a request to know and before we delete your personal information in response to a request to delete. You are responsible for protecting the security of your log-in credentials for your account. Please do not share your log-in credentials with anyone. If we suspect fraudulent or malicious activity on or from your account, we will not respond to a request to know or a request to delete until we have been able to confirm, through further verification procedures, that you made the request.

Requests Other Than Through A Password-Protected Account
If you submit a request by any means other than through a password-protected account that you created before the date of your request, the verification process that we follow will depend on the nature of your request as described below:

• Requests To Know Categories Of Personal Information: We will match at least two data points that you provide with your request to know, or in response to our request for verification information, against information about you we already have in our records and that we have determined to be reliable for purposes of verifying your identity. Examples of relevant data points include your mobile phone number, your zip code, or information about products or services that you have purchased from us.
• Requests To Know Specific Pieces Of Personal Information: We will match at least three data points that you provide with your request to know, or in response to our request for verification information, against information that we already have about you in our records and that we have determined to be reliable for purposes of verifying your identity.
• Requests To Delete Personal Information: Our process for verifying your identity will depend on the sensitivity (as determined by Masonite) of the personal information that you ask us to delete. For less sensitive personal information, we will require a match of two data points as described in Point No. 1, above. For more sensitive personal information, we will require a match of three data points as described in Point No. 2, above.

We have implemented the following additional procedures when verifying the identity of requestors:

1. If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. If we do so, we will permanently delete the verification information that you provide promptly after we have completed the verification process. We will not use that information for any purpose other than verification.
2. If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity.

The Company’s Non-Discrimination Policy
California Consumers have the right not to be subject to discriminatory treatment by Companyfor exercising their privacy rights under the California Consumer Privacy Act, and Companywill not discriminate on that basis. However, Company may charge a California Consumer a different price or rate or provide a different level or quality of goods or services if the difference is reasonably related to the value provided to the California Consumer by the Consumer’s Personal Information. If Company does so, it will provide Consumers with any legally required notice.

Your Right to Information About Disclosures of Personal Information for Direct Marketing Purposes:
Under California law, California Consumers can request information from us whether we have disclosed Personal Information to any third parties for the third parties' direct marketing purposes. We will not sell consumer’s Personal Information to, or share it, with third-party companies for their direct marketing purposes.

Your ‘Do Not Track’ Browser Setting
This site collects personally identifiable information about your online activities over time. However, we do not collect personally identifiable information across third-party websites or online services, and third parties may not collect personally identifiable information about an individual’s online activities over time when an individual uses this website and across third-party websites or online services. We not support the Do Not Track (DNT) browser setting. DNT is a preference you can set in your browser’s settings to let the websites you visit know that you do not want the sites collecting your personally identifiable information. A visitor to this site has control over their individual settings on their browser application which may block collection of information, but we do not push any of these settings to the visitor.

Third-Party Links And Services
We provide links to third party websites operated by organizations not affiliated with Company. We do not disclose your Personal Information to organizations operating such linked third-party websites. We do not review or endorse, and are not responsible for, the privacy practices of these organizations. We encourage you to read the privacy policy of each and every website that you visit. This Privacy Policy applies solely to information collected by Company through the Services.

Minors Under 16 Years of Age
We respect the privacy of children. Our Services are not designed to attract an audience younger than sixteen (16), and we do not knowingly collect Personal Information from children under sixteen (16). If you are under the age of sixteen (16), you are not permitted to use our Services and should not send any information about yourself to us through the Services. Please contact us using the contact details below if you believe we may have collected information from your child under the age of sixteen (16), and we will work to delete it.

For More Information
For questions or concerns about Company’s privacy policies and practices, please contact us at webmaster@Masonite.com.