Select Language:
Last updated – December 17, 2024
R. R. Donnelley & Sons Company (RRD) and its worldwide affiliates (“RRD,” “we”, “our”) including Precision Dialogue Marketing LLC, are committed to protecting your privacy. This privacy policy applies to data we collect when you use our websites and other online products, mobile applications, and services that link to this privacy policy (collectively, the "Services") or when you otherwise interact with us. There are various ways that you might interact with RRD, and the data you provide when doing so allows us to improve our services. By using this website (“Site”) and by supplying your details to RRD, you consent to RRD collecting and processing your data.
This privacy policy explains:
-
What data we collect, and why we collect it
-
How we use that data
-
How we protect that data
-
How you can control your data, including accessing, updating and deleting what we store
-
How we share or sell data collected
Data We Collect, Share and Sell
RRD may collect or record basic data (including, name, e-mail address, mailing address, phone number, etc.) that identifies you or your household which you provide through forms on this Site, through social media, subscriptions to our email alerts, electronic mail you send to us, or through other means of communication between you and RRD (collectively, “personal data”).
RRD only collects personal data of a more sensitive nature (such as, social security or other governmental ID numbers, credit card details, account numbers, income range, marital status, and audio/video recordings) where it is appropriate or necessary for conducting business. Information that you voluntarily provide through participation in our Opinion Center will only be sold with your prior explicit consent. This sensitive data provided with your consent through our Opinion Center will be collected, stored, accessed, and processed in a secure manner.
RRD may also collect general non-personal data pertaining to users of our Sites, including IP addresses, source domain names, specific web pages, length of time spent, and pages accessed. This data is collected, among other things, to aggregate statistical data, facilitate system administration and improve this Site.
RRD also collects, uses, and discloses personal data about work-related contacts of RRD’s customers (collectively, “Business Contact Data”) in the ordinary course of its business for managing and maintaining customer relationships. In particular, RRD may obtain the following types of Business Contact data: name, address, invoice data including bank account data, and order data. Unless otherwise specified or prohibited, RRD may share Business Contact Data with affiliates, business partners, service providers, or contractors who are required to provide you with services which you have contracted with us to provide to you.
RRD may also post links to websites owned and controlled by other parties outside of RRD (“third-party websites”). These third–party websites are operated by companies that are outside of our control, and your activities at those third–party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any data, as we are not responsible for the privacy policies of those websites.
How We Use Personal Data
RRD uses the personal data we collect to provide you with services which you contracted with RRD to provide, to improve our existing services and the content of our Site, and to fulfill other RRD internal business needs. When you contact RRD, we may keep a record of your communication to help solve any issues that you might be facing. Depending on the country in which you live, work, or access our Site(s), your data may be retained for a reasonable time for use in future contact with you or for future improvements to RRD services. In the event the data you provide to us is an application for employment, that application will be held in accordance with our HR records management policy. You have the option to opt-out or opt-in for further communications from RRD.
RRD may also use or disclose your personal data when RRD believes, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user Site agreements, or (iii) protect the rights, property, or safety of RRD, RRD employees, our clients, or others. RRD reserves the right to transfer and disclose your personal data, to the extent held by RRD, if RRD becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.
Third Parties With Whom We May Share Your Personal Data
RRD may share your personal data with subcontractors or affiliates who may be performing services to process personal data. All affiliates are under common control with RRD. Subcontractors processing personal data on behalf of RRD or RRD’s clients do so under a written contract restricting or prohibiting, as applicable, their further sharing, collecting, processing, or selling such personal data. Only under government formal request or subpoena would RRD share your personal data with an authorized government agency.
Web User Tracking
When you visit our website, we collect information regarding your connection and activity by using cookies, web beacons and other technologies. These technologies can be used to help personalize your use of a website. A cookie is a small data file that a website can send to your internet browser (such as, Google, Bing, AskJeeves), which may then be stored on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or decline at any time. To enable RRD to assess the effectiveness and usefulness of this Site, and to give you the best user experience, we collect and store data on pages viewed by you, your domain names, and similar data. Our Site makes use of anonymous cookies for the purposes of:
Completion and support of Site activity;
Site and system administration;
Research and development;
Anonymous user analysis, user profiling, and decision-making.
In addition, you can accept or decline the use of these cookies based on your personal preferences.
Please note that when visiting our Sites, RRD does not support “Do Not Track” settings with respect to browser or mobile applications.
RRD Employee Information:
With regard to RRD employee data, RRD collects employee data only for legitimate business purposes, including:
-
Carrying out obligations under employment contracts, employment tax and benefits laws, and in connection with other working relationships or arrangements
-
Employee communications, including development and training programs
-
Maintaining a global employee directory
-
HR activity including:
-
Managing employee compensation and performance
-
Managing employee hiring (including background checks, reference checks) and employee terminations
-
Voluntarily obtaining employee personal data about family members, including emergency points of contact
-
RRD Help Desk activity, including audio recordings as needed
-
Physical security-based video recordings
Employee information on health, performance evaluations and other sensitive employee matters, whether it is stored physically or electronically, is accessible by other RRD employees as needed for human resource functions or issue resolutions. Please note: employee personal/family information is never sold, leased, or rented to any third party. RRD will get affirmative consent from an employee before using such employee’s personal data for any purpose other than described above.
For clarity, employee personal data will never be disclosed to third parties except as follows:
-
To those retained by RRD as agents for the purposes of providing requested services to RRD
-
Where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of RRD
-
Where the employee voluntarily provides personal data and the context makes it clear that such data will be provided to a third party
Where human resource data is transferred from the EU or China to the US in the context of the employment relationship, RRD will cooperate in investigations by and to comply with the advice of the appropriate EU and Chinese authorities.
Security
The security of your personal data is important to us. We follow the generally accepted industry standards for RRD to protect the personal data submitted to us, both during transmission to RRD and while held by RRD for its business purposes.
RRD uses reasonable measures to safeguard personal data, which measures are appropriate to the type of data maintained and follows applicable laws regarding safeguarding any such data under our control. In addition, in some areas of our Sites, RRD may use encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the data under RRD’s control. RRD also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
Monitoring and Enforcement
RRD regularly reviews our compliance with our privacy policy. We also adhere to several self- regulatory frameworks in addition to complying with applicable law. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.
Compliance
RRD adheres to US and other international regulations for its processing of personal data such as:
-
Personal Information Protection and Electronic Document Act (PIPEDA)
-
General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (for the purposes of Article 3(2) of that Regulation.
-
ePrivacy Directive (ePD) - Privacy and Electronic Communications Directive (2002/58/EC)
-
California Consumer Protection Act (CCPA)
-
Colorado Privacy Act (CPA)
Consistent with the spirit of international privacy regulations, RRD aims to resolve complaints about our collection or use of your personal data at no cost to the individual. However, as permitted by applicable law, RRD reserves the right to seek compensation for requests that are unfounded, impose an excessive burden, or have a repetitive character.
PIPEDA (Canada)
RRD recognizes and has controls in place to ensure that the privacy of personal data about an "identifiable individual" used in the course of "commercial activity" is protected and managed in such a manner which meets or exceeds the guidelines set out in PIPEDA and applicable provincial legislation.
GDPR and the Standard Contractual Clauses (European Union, Switzerland and United Kingdom)
RRD uses Standard Contractual Clauses (SCCs) and internal assessments to ensure that appropriate data safeguards can be used as a ground for data transfers from the EU, Switzerland, and UK to third countries. These clauses have been “pre-approved” by the European Commission under the GDPR for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the GDPR) to controllers or processors established outside the EU/EEA (and not subject to the GDPR).
RRD may obtain in the US the following types of EU, UK and Swiss information: name, address, invoice information including bank account information, and order information (“EU, UK and Swiss Business Contact Information”). RRD uses EU, UK and Swiss Business Contact Information for the following purposes: managing customer relationships, managing orders, tracking payments and ensuring payment, and otherwise maintaining the customer relationship. RRD may disclose EU, UK and Swiss Business Contact Information to its affiliates, subsidiaries, business partners, and service providers for the purposes listed above.
In situations where RRD discloses (i.e., onward transfers) EU, UK and Swiss Business Contact Information to any third parties acting as service providers or “agents” on behalf of RRD, RRD will require the recipient to protect the disclosed EU, UK and Swiss Business Contact Information in accordance with the Standard Contractual Clauses, or otherwise take steps to ensure that the EU, UK and Swiss Business Contact Information is appropriately protected. With respect to any sharing of EU, UK and Swiss Business Contact Information for the purposes of marketing RRD products and services, RRD obtains guarantees from its affiliates, subsidiaries and business partners that such entities will use and disclose such EU, UK and Swiss Business Contact Information for purposes of marketing RRD products and services only. In cases of onward transfer of EU, UK or Swiss Business Information to third parties pursuant to Standard Contractual Clauses, RRD is potentially liable in the event of an improper disclosure. In certain situations, individuals may seek to opt-out of disclosures of their EU, UK and Swiss Business Contact Information by contacting RRD as specified in the “Contacting RRD” section below.
RRD takes appropriate technical and organizational measures to safeguard EU, UK and Swiss personal data against unauthorized or unlawful processing of, or accidental loss, damage, misuse, unauthorized access, unauthorized disclosure, unauthorized alteration, or destruction, and maintains reasonable procedures to help ensure that such information is relevant for its intended use, accurate, complete, current and not excessive and that such information is not retained longer than is reasonably necessary.
With respect to personal data received or transferred for processing pursuant to the Standard Contractual Clauses, RRD is subject to the regulatory enforcement powers of the United States Federal Trade Commission. In certain situations, RRD may disclose EU, UK and Swiss personal data as necessary in connection with the sale or transfer of all or part of its business, where required or permitted by law, where RRD believes that such disclosures are appropriate in connection with a law enforcement request or as otherwise permitted by the Standard Contractual Clauses, or in order to investigate, prevent or take action regarding illegal activities or suspected fraud or in order to comply with, enforce or apply RRD agreements.
Additional information for individuals from the European Union, UK and Switzerland: EU-US Data Privacy Framework
As part of RRD’s commitment to maintaining high data protection standards when transferring Personal Information between European Economic Area (“EEA”)/UK/Switzerland and the United States, RRD participates in the EU-US Data Privacy Framework (“EU-US DPF”) and the UK Extension to the EU-US DPF and the Swiss-US Data Privacy Framework (“Swiss-US DPF”), and adheres to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF.
RRD and all our affiliates comply with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce. RRD has certified to the U.S. Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-US DPF and the UK Extension to the EU-US DPF. RRD has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern.
In compliance with the EU-US DPF Principles, RRD commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to the EU/SWISS DPF Principles. European Union, UK and Swiss individuals with DPF inquiries or complaints should first contact RRD: dataprivacy@rrd.com or by calling 1-877-RRD-4411 We will investigate and attempt to resolve any complaints or disputes regarding processing of Personal Information within 45 days of receiving your privacy complaint.
RRD has further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. Under certain conditions, as further explained in the Data Privacy Framework Principles, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The services of JAMS are provided at no cost to you.
Where applicable to the employment relationship, RRD agrees to cooperate and comply with the EEA, UK and Swiss data protection authorities (DPAs, ICO and Swiss FDPIC) regarding the unresolved complaints of employee of European-affiliated companies who are located in the EEA, UK and Switzerland.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2 RRD is subject to the jurisdiction of the US Federal Trade Commission (FTC) for the purposes of DPF enforcement, and will make available any relevant DPF reports consistent with confidentiality requirements that are submitted to the FTC.
Accountability for Onward Transfers. We acknowledge our responsibility for the processing of Personal Information received and subsequently transferred to our Third Parties/Agents/Service Providers. RRD remains liable under the DPF Principles if a Third Party/Agent/Service Provider processes Personal Information covered by this Notice in a manner inconsistent with the DPF Principles, except where RRD can demonstrate that we are not responsible for the event giving rise to the damages.
European Union, UK and Swiss individuals with inquiries or complaints regarding our Privacy policy should contact the RRD Privacy point of contact - at dataprivacy@rrd.com. RRD will respond to your inquiry within 45 days.
In the event of a reported complaint that RRD does not resolve itself, RRD commits to cooperate with the EU Data Protection Authorities (DPA’s) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the EU DPA panel or Swiss Commissioner with regard to human resource and non-human resource data transferred from the EU, UK and Switzerland to RRD in the United States (US).
To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Data Processor Activities
RRD operates as a data processor for our business customers located in the US, EU, UK and other geographic locations worldwide. RRD’s business customers remain the data controllers with respect to any Customer data that they provide to RRD for our provision of services. RRD therefore acts in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of Customer data, as well as other matters such as the provision of access to and rectification of this Customer data.
Children’s Online Privacy Protection
Our Site is not intended for children (under 18 years of age). RRD does not sell its services to children. We don’t knowingly collect personal data of children. As such, our Sites are designed for adult user interaction. We do not knowingly collect, process, store, or sell personal data from children. If you are under 18 years of age, do not use or provide your information on this Site. If we are made aware that we are processing personal data of children in performing services on behalf of RRD’s customers, we use all appropriate safeguards designed to protect such information.
Accessing and Updating Your Personal Data
If you have provided RRD with your personal data you have various rights:
-
If you are a consumer based in in certain US States, and where RRD controls your data (excluding where RRD is processing your data on behalf of our clients), you have the right, once your request has been verified to:
-
request disclosure of personal data collected about you
-
(in certain circumstances) delete your personal data
-
(where applicable) the right to opt-out of the selling of your personal data
-
the right of nondiscrimination for exercising your rights
-
Where the above does not apply to you, you may still have the right to inspect the data RRD controls which we retain about you for accuracy, or you may request that the data be removed from our files. RRD will make a reasonable effort to comply with such requests except where it would require a disproportionate effort (for example, developing a new system or changing an existing practice).
- In compliance with applicable laws and regulations, RRD requires that you verify your identity before we act on a request to edit or remove your data. Please direct any questions about your data to RRD by sending an inquiry to the appropriate contact in the “Contacting RRD” section below.
Changes to this Privacy Policy
RRD may change this privacy policy from time to time. If this privacy policy changes, the revised privacy policy will be posted at the “Privacy Policy" link on the Site’s home page. Your continued use of the Site constitutes acceptance of such changes in the privacy policy, except where further steps are required by applicable law.
Contacting RRD
-
North America
Questions regarding RRD's Privacy Policy should be directed to RRD at dataprivacy@rrd.com or by calling 1-877-RRD-4411. Access and deletion requests should be directed to the RRD Web Form.
-
Philippines
Please direct questions to the Data Protection Officer - Philippines at DataPrivacyPH@rrd.com.
-
EU, UK and the rest of the world
Questions regarding RRD’s Privacy Policy, including access and deletion requests, should be directed to RRD at dataprivacy@rrd.com or by calling 1-877-RRD-4411.