Effective Date: June 25, 2024

This Privacy Policy (also, the “Policy”) discloses certain information-handling and privacy practices of Installed Building Products and its branches and affiliates (also referred to collectively herein as “we” or “us”). This Policy applies to information collected at the NorthStar Comfort Services, Inc. website at https://www.northstarcomfort.com (the “Website”), through email, text and other electronic messages by visitors, users, and others who access goods, services or information from us (“consumers” or “you”), including through the Website and elsewhere on the Internet.

The Policy addresses:

• What types of information may be collected from you, how it may be used and with whom it may be shared.
• What choices are available to you regarding the use of such information.
• Security procedures intended to protect against the unauthorized disclosure or misuse of such information.
• How you can contact us to correct inaccuracies in the information.

By using the Website, you are acknowledging and accepting the practices described in this Policy and in our Terms of Use.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information” or “personal data“). Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information specified by certain state or federal laws which may thereby be excluded from the scope of “personal information” under some state data privacy laws, such as:
  • health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

In particular, we may have collected the following categories of personal information from consumers within the last twelve (12) months:

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you — contact information, transaction details, preferences, correspondence, and any other information you voluntarily provide.
• Indirectly from you — device and browser information (device identifier, IP address, OS, language) collected automatically via cookies and similar technologies; information about how you interact with the Website (content viewed, links clicked, dates/times); usage logs and metrics; and information from third-party or publicly available sources, including advertising and market research partners.

Use of Cookies, Beacons & SDKs

• Cookies. We may use both session cookies and persistent cookies on this site. A cookie is a small text file stored on a user’s computer for record-keeping purposes. We may link the information stored in cookies to your personal information to provide a faster and more pleasant online experience. You can refuse cookies by turning them off in your browser. If you reject cookies, you may still use our site, but some features may be limited.
• Web Beacons. Web beacons (also called “web tags” or “pixels”) are tiny graphics or scripts that communicate information from your device to a server. They allow a server to read certain types of information from your device, such as when you viewed the content containing the beacon and your IP address. We and third parties use beacons to analyze Website use and to provide more relevant content and ads.
• SDKs. SDKs are third-party computer code we may incorporate into our mobile applications for analytics, social-media integration, feature additions, or online advertising facilitation.

Use of Personal Information

We may use, sell, or disclose the personal information we collect for one or more of the following purposes:

• To fulfill or meet the reason you provided the information (e.g., responding to a price-quote request, processing a payment, facilitating delivery).
• To provide, support, personalize, and develop our Website, products, and services.
• To create, maintain, customize, and secure your account with us.
• To process your requests, purchases, transactions, and payments and prevent transactional fraud.
• To provide customer support and respond to your inquiries.
• To personalize your Website experience and deliver content, product/service offerings, and targeted ads through our Website, third-party sites, and via email or text (with your consent, where required by law).
• To help maintain the safety, security, and integrity of our Website, products, services, databases, and business.
• For testing, research, analysis, and product development.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulation.
• To evaluate or conduct a merger, divestiture, restructuring, or other sale or transfer of some or all of our assets.
• As otherwise described to you when collecting your personal information.

We may also combine information gathered from multiple aspects of the Website into a single user record, and we may use or combine information collected offline or from third-party sources to enhance and check the accuracy of our records.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt-out (see Personal Information Sales Opt-Out Rights below). When we share personal information for a business purpose, it is done pursuant to the terms of a contract. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Third parties who purchase personal information from us are prohibited from reselling it unless you have received explicit notice and an opportunity to opt out of further sales.

We may share your personal information with the following categories of third parties: service providers, data aggregators, affiliates, partners, parent or subsidiary organizations, and cookie data recipients such as Google Analytics.

Disclosures for a Business Purpose

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose: Category A (Identifiers), Category B (Personal information categories), Category C (Commercial information), and Category D (Internet or other similar network activity).

Sale of Personal Information

We may sell your personal information to data aggregators and service providers.

Your Rights and Choices

Some state laws provide consumers with specific rights regarding their personal information. Depending on the state in which you are located, your rights may include the right to:

1. Request access to your personal data;
2. Request corrections to your personal data;
3. Request limitations on collection, storage, and/or use of your personal data;
4. Request that your personal data not be sold;
5. Request erasure of your personal data;
6. Request restriction of or object to processing of your personal data, including opting out of automated decision-making;
7. Request transfer of your personal data in a suitable format;
8. Know what data is being collected;
9. Not face discrimination for exercising such rights; and
10. Withdraw your consent for or opt out of information collection.

Access to Specific Information and Data Portability

You have the right to request that we disclose certain information about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable request, we will disclose: the categories and sources of personal information collected; our business or commercial purpose for collecting or selling it; the categories of third parties with whom we share it; and the specific pieces of personal information collected about you.

Deletion Request Rights

You have the right to request that we delete any personal information we collected from you and retained, subject to certain exceptions. We may deny a deletion request if retaining the information is necessary to complete a transaction, detect security incidents, debug products, comply with a legal obligation, or for other lawful purposes compatible with the context in which you provided it.

Turning Off Cookies

Most web browsers automatically accept cookies but allow you to modify settings to disable or reject them. Some features of the Website may not work if cookies are disabled. Browser-specific instructions:

• Cookie settings in Google Chrome
• Cookie settings in Firefox
• Cookie settings in Internet Explorer
• Cookie settings in Safari (web and iOS)

Learn more at www.allaboutcookies.org.

Opting Out of Targeted Advertising

Third-party advertisers may offer additional choices regarding the collection and use of your information. Learn more at:

• National Advertising Initiative – Opt Out of Interest-Based Advertising
• Digital Advertising Alliance – Your Ad Choices (mobile users: install the AppChoices app)
• European Interactive Digital Advertising Alliance – Your Online Choices

Social Media Settings

If you interact with any IBP page on a social media platform, you may be able to limit the information we obtain by adjusting your settings on that platform. If you withdraw our ability to access certain information, that choice will not apply to information we have already received.

Using Privacy Plug-ins or Browsers

You can block interest-based ad cookies by using a privacy-focused browser like Brave, or by installing plugins such as Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third-party cookies and trackers.

Do Not Track

We currently do not respond to “Do Not Track” or similar signals. For more information, visit www.allaboutdnt.org.

Exercising Access, Data Portability, and Deletion Rights

To exercise these rights, please submit a verifiable consumer request by calling us at 1 (316) 685-2368 or emailing privacy@installed.net. Your request must provide sufficient information to verify your identity and must communicate the request with enough detail for us to properly understand, evaluate, and respond. We endeavor to respond within 45 days; if we require more time (up to 90 days), we will inform you in writing.

Personal Information Sales Opt-Out Rights

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time. To exercise this right, visit: Do Not Sell My Personal Information.

Non-Discrimination

We will not discriminate against you for exercising any of your rights described herein. Unless permitted by law, we will not deny you goods or services, charge different prices or rates, provide a different level or quality of goods or services, or suggest that you may receive different treatment.

Non-U.S. Residents

Non-U.S. residents should be advised that their personal data may be transferred to the United States and to third-party data processors (subject to appropriate safeguards). By using the Website you consent to such transfers.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code § 1798.83) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, email privacy@installed.net or write to the address below.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes, we will post the updated notice on the Website and update the Effective Date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this Privacy Policy, or wish to exercise your rights, please contact us: