- What information we collect, and why we collect it
- How we use that information
- How we protect that information
- How you can control your information, including accessing, updating and deleting what we store
- How we share information collected
Information We Collect & Share
RR Donnelley may collect or record basic personal information (e.g., name, e-mail address, mailing address, phone number) which you voluntarily provide through forms on our Site, through electronic mail you send to us, or through other means of communication between you and RR Donnelley.
RR Donnelley only collects personal information of a more sensitive nature e.g. social security or other governmental ID numbers, credit card details and account numbers) where it is appropriate or necessary for conducting business. This information will be collected, stored, accessed and processed in a secure manner. RR Donnelley may also collect general non-personal information pertaining to users of our sites, including IP addresses, source domain names, specific web pages, length of time spent, and pages accessed. This information is collected, among other things, to aggregate statistical information, facilitate system administration and improve the Site.
RR Donnelley also collects, uses, and discloses identifiable information about individual contacts for RR Donnelley’s customers (“Business Contact Information”) in the ordinary course of its business for managing and maintaining customer relationships. In particular, RR Donnelley may obtain the following types of Business Contact Information: name, address, invoice information including bank account information, and order information. Unless otherwise specified or prohibited, RR Donnelley may share information with affiliates, business partners, service providers, subsidiaries or contractors who are required to provide you with services which you have requested from us.
RR Donnelley may also post links to third party websites as a service to you. These third party websites are operated by companies that are outside of our control, and your activities at those third party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.
How We Use Information
RR Donnelley uses the information we collect to provide you with services which you request and to improve our existing services and the content of our Site. When you contact RR Donnelley, we may keep a record of your communication to help solve any issues that you might be facing. Depending on the country in which you live, work or access our Site(s), your information may be retained for a reasonable time for use in future contact with you, or for future improvements to RR Donnelley services. In the event the information you provide to us is an application for employment, that application will be held in accordance with our HR records management policy. You have the option to opt-out or opt-in for further communications from RR Donnelley.
RR Donnelley may also use or disclose your personal information when RR Donnelley believes, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of RR Donnelley, RR Donnelley’s users, or others. RR Donnelley reserves the right to transfer and disclose your information if RR Donnelley becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.
Cookies are a technology that can be used to help personalize your use of a website. A cookie is an element of information that a website can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or decline at any time. To enable RR Donnelley to access the effectiveness and usefulness of this Site, and to give you the best user experience, we collect and store information on pages viewed by you, your domain names and similar information. Our Site makes use of anonymous cookies for the purposes of:
- Completion and support of Site activity;
- Site and system administration;
- Research and development;
- Anonymous user analysis, user profiling, and decision-making.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
RR Donnelley uses reasonable measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our Sites, RR Donnelley may use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under RR Donnelley’s control. RR Donnelley also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, RR Donnelley cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and RR Donnelley encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
Monitoring and Enforcement
RR Donnelley adheres to US and other international regulations such as PIPEDA, the European Union ("EU") Data Protection (95/46/EC) and ePrivacy (2002/58/EC) Directives (as transposed into national law), and the EU Safe Harbor Privacy Principles published by the US Department of Commerce ("Safe Harbor"), detailed below.
RR Donnelley recognizes and has controls in place to ensure that the privacy of personal information about an "identifiable individual" used in the course of "commercial activity" is protected and managed in such a manner which meets or exceeds the guidelines set out in PIPEDA and applicable provincial legislation.
Safe Harbor (European Union and Switzerland)
RR Donnelley recognizes that the EU has an "omnibus" information protection regime established pursuant to the European Data Protection Directive (95/46/EC) (the "Directive") and that Switzerland has enacted the Swiss Federal Act on Data Protection ("FADP"). Among other things, the Directive and FADP generally restricts the export of personal information from the European Economic Area and Switzerland to the United States, unless the US recipient can give "adequate protection" to such personal information when it is received or processed in the United States. RR Donnelley has signed up to Safe Harbor and has certified that it offers such "adequate protection".
From time to time RR Donnelley affiliates pass to RR Donnelley in the United States certain individually identifiable information about individual contacts for RR Donnelley's customers in the EU and Switzerland ("EU and Swiss Business Contact Information"), individuals in the EU or Switzerland who are customers or employees of RR Donnelley's customers ("EU and Swiss Customer Information") and about individuals in the EU who are RR Donnelley’s or its affiliates' employees ("EU and Swiss Employee Information"). EU and Swiss Business Contact Information and EU and Swiss Customer Information are collectively referred to as "EU and Swiss Personal Information”. Information regarding RR Donnelley's practices concerning EU and Swiss Employee Information is provided to affected EU and Swiss employees through other company policies and procedures. In certain situations, individuals may seek to opt-out of disclosures of their EU and Swiss Business Contact Information by contacting RR Donnelley as specified at the end of this Safe Harbor section. For more information about the Safe Harbor, please refer to the U.S. Department of Commerce website at http://www.export.gov/safeharbor.
RR Donnelley may obtain in the US the following types of EU and Swiss Business Contact Information: name, address, invoice information including bank account information, and order information. RR Donnelley uses EU and Swiss Business Contact Information for the following purposes: managing customer relationships, managing orders, tracking payments and ensuring payment, and otherwise maintaining the customer relationship. RR Donnelley may disclose EU and Swiss Business Contact Information to its affiliates, subsidiaries, business partners, and service providers for the purposes listed above.
In situations where RR Donnelley discloses EU and Swiss Business Contact Information to any third parties acting as service providers or "agents" on behalf of RR Donnelley, RR Donnelley will require the recipient to protect the disclosed EU and Swiss Business Contact Information in accordance with the relevant Safe Harbor Principles, or otherwise take steps to ensure that the EU and Swiss Business Contact Information is appropriately protected. With respect to any sharing of EU and Swiss Business Contact Information for purposes of marketing RR Donnelley products and services, RR Donnelley obtains promises from its affiliates, subsidiaries and business partners that such entities will use and disclose such EU and Swiss Business Contact Information for purposes of marketing RR Donnelley products and services only. In certain situations, individuals may seek to opt-out of disclosures of their EU and Swiss Business Contact Information by contacting RR Donnelley as specified at the end of this Safe Harbor section.
RR Donnelley takes appropriate technical and organizational measures to safeguard EU and Swiss Personal Information against unauthorized or unlawful processing of, or accidental loss, damage, misuse, unauthorized access, unauthorized disclosure, unauthorized alteration, or destruction, and maintains reasonable procedures to help ensure that such information is relevant for its intended use, accurate, complete, current and not excessive and that such information is not retained longer than is reasonably necessary.
RR Donnelley may disclose EU and Swiss Personal Information as necessary in connection with the sale or transfer of all or part of its business, where required or permitted by law, where RR Donnelley believes that such disclosures are appropriate in connection with a law enforcement request or as otherwise permitted by Safe Harbor, or in order to investigate, prevent or take action regarding illegal activities or suspected fraud or in order to comply with, enforce or apply RR Donnelley agreements.
Information Processor Activities
RR Donnelley operates as an information processor for our business customers located in the EU. RR Donnelley’s business customers remain the information controllers with respect to any EU Customer Information that they provide to RR Donnelley for our provision of services. RR Donnelley therefore acts in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of EU Customer Information, as well as other matters such as the provision of access to and rectification of EU Customer Information.
Individuals may contact the RR Donnelley Safe Harbor Privacy Contact identified below to review any personal information held about them. RR Donnelley reserves the right to take reasonable steps to authenticate the identity of any such individual seeking access to such personal information. Questions, comments, or access requests regarding the Safe Harbor or EU Personal Information should be directed to Peter Tiemeyer, the RR Donnelley Safe Harbor Privacy Contact at 4101 Winfield Road, Warrenville, Illinois 60555 USA; telephone 630.963.9494; e-mail email@example.com. If you cannot resolve the issue directly with the RR Donnelley Safe Harbor Privacy Contact, you may contact your local information protection authority for further information.
Children’s Online Privacy Protection - COPPA
RR Donnelley does not sell its services to children. As such, our Sites are designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13.
Accessing and Updating Your Personal Information
If you have provided RR Donnelley with your personal information, you may have the right to inspect the information stored by us for accuracy, or may request that the information be removed from our files. RR Donnelley will make a reasonable effort to comply with such requests except where it would require a disproportionate effort (for example developing a new system or changing an existing practice). We may require that you verify your identity before we act on a request to edit or remove your information. Please direct any questions about your information to RR Donnelley IT Governance at firstname.lastname@example.org.
Contacting RR Donnelley
In Canada, please direct questions to Stephen Wright, the Canadian Privacy Manager at 6100 Vipond Drive, Mississauga, Ontario L5T 2X1; telephone 905-362-3100; email - email@example.com. In the EU please direct questions to Benjamin Banks at Shannon Way, Ashchurch, Tewkesbury, Gloucestershire GL20 8BL England; telephone 44 203 047 5700; email firstname.lastname@example.org.
RR Donnelley welcomes your comments.