Privacy Policy

Pella by Horne’s Privacy Policy

Last modified: May 27, 2026

I. Purpose

Pella by Horne (“Company” or “We” or “Our”) respects your privacy and is committed to protecting it through compliance with this adopted Policy to govern the treatment of your Personal Information. Protecting the confidentiality and integrity of Personal Information is a critical responsibility that we always take seriously.

The purpose of the Policy is to:

· Define Personal Information and Sensitive Personal Information.

· Establish and inform of our general principles for protecting Personal Information.

· Assign accountability for protection of Personal Information.

II. Scope

This Policy applies to all Company prospective employees, current employees, agents, and representatives, including any third-party provider of services to the Company (“Third-Party Service Provider”) who has access to or provides Personal Information that the Company has collected or otherwise has in its possession. This Policy applies to all Personal Information collected, maintained, transmitted, stored, retained, or otherwise used by the Company for recruiting prospective employees, current employees, former employees, contractors, subcontractors, and temporary employees for which their Personal Information is stored and maintained.

III. Definitions

“Personal Information” means information the Company has collected or otherwise maintains or has in its possession that identifies or can be used to identify or authenticate an individual, including, but not limited to:

· Names.

· Addresses.

· Telephone numbers.

· Email addresses.

· Employee identification numbers.

· Government-issued identification numbers.

· User passwords or PINs.

· User identification and account access credentials, passwords, PINs, and security question answers.

· Financial account numbers.

· Geolocation data.

· Biometric, medical, health, or health insurance information.

· Personal characteristics or profiles connected to a unique individual, including photos, graphics, videos, or information related to interests, habits, or activities.

Personal Information only includes information that is kept in secure files that are not generally accessible to employees on a company-wide basis.

“Data Subject” means the person about whom Personal Information is collected.

“Sensitive Personal Information” means Personal Information that if lost, compromised, accessed, or improperly disclosed could result in harm, embarrassment, inconvenience, or unfairness to an individual and that therefore is subject to heightened protections. Examples of Sensitive Personal Information include, but are not limited to:

· An individual’s government-issued identification number, including a social security number, driver’s license number, or state-issued identification number.

· A financial account number, credit card number, or debit card number with or without any required security code, access code, personal identification number, or password, that would permit access to an individual’s financial account.

· Biometric, medical, health, or health insurance information.

· Precise geolocation data.

· Racial or ethnic origin and citizenship or immigration status.

· Religious or philosophical beliefs or political opinions.

· Criminal records.

· Mail, email, or text message content, unless we are the intended recipient of the communication.

In most jurisdictions, the law will provide for the types of information that are subject to heightened protection. If you have any questions about whether any Personal Information qualifies as Sensitive Personal Information, you should contact humanresources@pellabyhorne.com.

“Security Incident” means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards the Company or a Third-Party Service Provider has put in place to protect Personal Information. The loss of or unauthorized access to, disclosure, or acquisition of Personal Information is a security incident.

IV. Using, Handling, and Retaining Personal Information

Notice and Collection: Whenever the Company collects Personal Information for any purpose, including for human resources or employment purposes, we inform the Data Subject of how it will use, process, disclose, protect, and retain that Personal Information by presenting a privacy policy or privacy notice to the individual at the time the individual provides the Personal Information. We only collect Personal Information in compliance with applicable Company policies, notices, and, when needed, the Data Subject’s consent. The Personal Information collected is limited to that which is reasonably necessary to accomplish the Company’s legitimate business purposes or as necessary to comply with law.

Access, Use, and Sharing of Personal Information: We only access Personal Information when the information relates to and is necessary in our employee recruitment process or execution of employee retention and benefits. We do not access Personal Information for any reason unrelated to your job duties. We only share Personal Information with another Company employee, agent, or representative if the recipient has a job-related need to know the information. Personal Information may only be shared with a Third-Party Service Provider if it has a need to know the information for the purpose of providing the contracted services and if sharing the Personal Information complies with the privacy notice provided to the Data Subject.

Accuracy: We collect, maintain, and use Personal Information that is accurate, complete, and relevant to the purposes for which it was collected. You may send us an email at humanresources@pellabyhorne.com to request access to, correct or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Security: We are responsible for protecting Personal Information. The Company has implemented an Information Security Program (ISP) that sets forth technical, administrative, and physical safeguards for the protection of Personal Information. We follow the security procedures set out in the ISP at all times. We exercise particular care in protecting Sensitive Personal Information from loss, unauthorized access, and unauthorized disclosure.

Data Subject’s Rights: Individuals have rights when it comes to how their Personal Information is handled. These rights may vary depending on the applicable jurisdiction, but may include, for example:

· The right to know what Personal Information the Company maintains about the individual and/or with whom the Company has shared the Personal Information.

· The right to access or correct the Personal Information, including obtaining the specific pieces of information we collected from the Data Subject.

· A right to amend the Personal Information.

· A right to opt-out of Personal Information sales.

· A right to opt-out of using Personal Information for targeting advertising, marketing, or profiling purposes.

· A right to limit or consent to certain sensitive Personal Information uses or disclosures.

Retention and Disposal: We keep Personal Information only for the amount of time it is needed to fulfill the legitimate business purpose for which it was collected or to satisfy a legal requirement. We follow the applicable records retention schedules and policies and destroy any media containing Personal Information in accordance with the applicable records disposal policy. As of the date of this current Policy, resumes submitted will be held by the Company for three years, beginning on the date of submission. Full-time employees’ data will be housed for the duration of their employment plus ten years thereafter, unless directed otherwise.

Use of Personal Information: We do not use Personal Information in a way that is incompatible with the notice given to the Data Subject at the time the information was collected. If you are unsure about whether a specific use or disclosure is appropriate, please contact us at humanresources@pellabyhorne.com. We use Personal Information collected to support our human resources operations, including employee recruitment, applicant evaluation, onboarding, employee retention, benefits administration, payroll processing, training, performance management, and other employment-related purposes. Information may also be used to communicate with applicants and employees regarding available positions, workplace policies, compensation and benefits, company updates, and professional development opportunities. Additionally, we may use collected information to fulfill legal and contractual obligations, maintain employment records, improve workplace operations, and administer employee benefit programs. We may also use aggregated or non-identifiable information for internal reporting, workforce planning, and recruiting analytics, provided that personal information is not disclosed without appropriate authorization or consent.

V. Technologies Used

Our HR and employee management platform may use cookies, web beacons, and similar technologies to support system functionality, improve user experience, and maintain platform security.

Cookies (or browser cookies): Cookies are small files stored on your computer or mobile device when you access the platform. These cookies help us authenticate users, maintain secure login sessions, remember user preferences, improve platform performance, and support HR-related functions such as applicant tracking, employee onboarding, payroll access, benefits administration, and timekeeping features. You may disable cookies through your browser settings; however, doing so may limit your ability to access or use certain features of the platform. Unless your browser settings are configured to reject cookies, our system may place cookies when you access or interact with the platform.

Web Beacons: Certain pages of the platform and electronic communications, including system notifications and HR-related emails, may contain small electronic files known as web beacons, clear gifs, pixel tags, or single-pixel gifs. These technologies allow the Company to measure platform usage, confirm email delivery and engagement, monitor system performance, analyze feature effectiveness, maintain security and server integrity, and improve the overall functionality and user experience of the platform.

VI. Training Employees and Supervising Contractors

All Company personnel who have access to Personal Information are educated and trained on this Policy and the treatment of Personal Information. Whenever we trust Third-Party Service Providers with Personal Information, we also ensure proper management and supervision over the outside party’s handling of that Personal Information through appropriate contracts. Personnel with responsibility for supervising employees or managing Third-Party Service Provider relationships are trained in supervision over those employees and Third-Party Service Providers.

VII. Reporting a Security Incident

If you know or suspect that a Security Incident has occurred, do not attempt to investigate the matter yourself. Immediately contact humanresources@pellabyhorne.com. You should preserve all evidence relating to the potential Security Incident.

VIII. Monitoring Compliance and Enforcement

The Company is responsible for administering and overseeing implementation of this Policy and, as applicable, developing related operating procedures, processes, policies, notices, and guidelines. If you are concerned that any provision of this Policy, or any related policy, operating procedure, process, or guideline designed to protect Personal Information, has been or is being violated, please contact humanresources@pellabyhorne.com. The Company will conduct periodic reviews and audits to assess compliance with this Policy. Employees who violate this Policy and any related guidelines, operating procedures, or processes designed to protect Personal Information and implement this Policy may be subject to discipline.

IX. Related Policies

Other Company policies also apply to the collection, use, storage, protection, and handling of Personal Information and may be relevant to implementing this Policy. You should familiarize yourself with these policies, including our Third-Party Service Providers, such as Employee Navigator, Predictive Index, and certain retirement benefit providers’ policies.

X. Disclaimer of Restrictions on Employees’ Rights

This Policy is not intended to restrict communications or actions protected or required by state or federal law.

XI. Amendment and Revision

This Policy may be revised from time to time. This Policy was last revised on May 27, 2026