Skip to Content

Privacy Policy

Last updated: 8/4/2017

RR Donnelley & Sons Company (RRD) and its worldwide subsidiaries (“RRD,” “we”, ”our”) are committed to protecting your privacy. This privacy policy applies to data we collect when you use our websites and other online products, mobile applications, and services that link to this privacy policy (collectively, the "Services") or when you otherwise interact with us. There are various ways that you might interact with RRD, and the data you provide when doing so allows us to improve our services. By using this website (“Site”) and by supplying your details to RRD, you consent to RRD collecting and processing your data.


This privacy policy explains:

  • What data we collect, and why we collect it
  • How we use that data
  • How we protect that data
  • How you can control your data, including accessing, updating and deleting what we store
  • How we share data collected

Data We Collect & Share

RRD may collect or record basic personal data (e.g., name, e-mail address, mailing address, phone number) which you voluntarily provide through forms on our Site, through social media, subscription to our email alerts, electronic mail you send to us, or through other means of communication between you and RRD.


RRD only collects personal data of a more sensitive nature (e.g. social security or other governmental ID numbers, credit card details and account numbers) where it is appropriate or necessary for conducting business. This data will be collected, stored, accessed and processed in a secure manner. RRD may also collect general non-personal data pertaining to users of our sites, including IP addresses, source domain names, specific web pages, length of time spent, and pages accessed. This data is collected, among other things, to aggregate statistical data, facilitate system administration and improve the Site.


RRD also collects, uses, and discloses identifiable data about individual contacts for RRD’s customers (“Business Contact Data”) in the ordinary course of its business for managing and maintaining customer relationships. In particular, RRD may obtain the following types of Business Contact data: name, address, invoice data including bank account data, and order data. Unless otherwise specified or prohibited, RRD may share data with affiliates, business partners, service providers, subsidiaries or contractors who are required to provide you with services which you have requested from us.


RRD may also post links to third party websites as a service to you. These third party websites are operated by companies that are outside of our control, and your activities at those third party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any data, as we are not responsible for the privacy policies of those websites.


How We Use data

RRD uses the data we collect to provide you with services which you request and to improve our existing services and the content of our Site. When you contact RRD, we may keep a record of your communication to help solve any issues that you might be facing. Depending on the country in which you live, work or access our Site(s), your data may be retained for a reasonable time for use in future contact with you, or for future improvements to RRD services. In the event the data you provide to us is an application for employment, that application will be held in accordance with our HR records management policy. You have the option to opt-out or opt-in for further communications from RRD.


RRD may also use or disclose your personal data when RRD believes, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of RRD, RRD users, or others. RRD reserves the right to transfer and disclose your data if RRD becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.


Web User Tracking – Use of Cookies

Cookies are a technology that can be used to help personalize your use of a website. A cookie is an element of data that a website can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or decline at any time. To enable RRD to access the effectiveness and usefulness of this Site, and to give you the best user experience, we collect and store data on pages viewed by you, your domain names and similar data. Our Site makes use of anonymous cookies for the purposes of:


  • Completion and support of Site activity;
  • Site and system administration;
  • Research and development;
  • Anonymous user analysis, user profiling, and decision-making.

Security

The security of your personal data is important to us. We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it.


RRD uses reasonable measures to safeguard personally identifiable data, which measures are appropriate to the type of data maintained, and follows applicable laws regarding safeguarding any such data under our control. In addition, in some areas of our Sites, RRD may use encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the data under RRD’s control. RRD also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.


No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, RRD cannot guarantee the absolute security of your data. The Internet by its nature is a public forum, and RRD encourages you to use caution when disclosing data online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.


Monitoring and Enforcement

RRD regularly reviews our compliance with our privacy policy. We also adhere to several self-regulatory frameworks in addition to complying with applicable law. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.

Compliance

RRD adheres to US and other international regulations such as:

  • PIPEDA
  • (until 24 May 2018) the European Union ("EU") Data Protection (95/46/EC)
  • (after 25 May 2018) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (for the purposes of Article 3(2) of that Regulation.
  • Privacy and Electronic Communications Directive (2002/58/EC) Directives (as amended)

PIPEDA (Canada)

RRD recognizes and has controls in place to ensure that the privacy of personal data about an "identifiable individual" used in the course of "commercial activity" is protected and managed in such a manner which meets or exceeds the guidelines set out in PIPEDA and applicable provincial legislation.


Privacy Shield (European Union and Switzerland)

RRD is currently in the process of self-certifying to the U.S. - EU and the U.S. - Swiss Privacy Shield Principles published by the US Department of Commerce at https://www.privacyshield.gov.  In the interim, any export of personal data by RRD from the European Economic Area (EEA) is made in accordance with the model clauses of the EU Commission.


Data Processor Activities

RRD operates as a data processor for our business customers located in the EU and other geographic locations worldwide. RRD’s business customers remain the data controllers with respect to any Customer data that they provide to RRD for our provision of services. RRD therefore acts in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of Customer data, as well as other matters such as the provision of access to and rectification of this Customer data.


Children’s Online Privacy Protection - COPPA

RRD does not sell its services to children. As such, our Sites are designed for adult user interaction. We do not intentionally collect personally identifiable data from children under the age of 13.


Accessing and Updating Your Personal Data

If you have provided RRD with your personal data you have various rights:


  • If you are a data subject based in the EU (and to the extent that Article 3(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applies to you) and where we control your data you have the right:

    • (in certain circumstances) to erasure of personal data (and to therefore be forgotten);
    • to data portability;
    • to launch a complaint with the office of the Information Commissioner;
    • to inspect the data stored by RRD for accuracy;
    • to have the option to opt-out or opt-in for further communications from RRD
    • via Subject Access Request, to know whether or not we are processing your personal data, the nature of that personal data and the purposes of the processing.

  • Where the above does not apply to you, you may have the right to inspect the data stored by us for accuracy, or may request that the data be removed from our files. RRD will make a reasonable effort to comply with such requests except where it would require a disproportionate effort (for example developing a new system or changing an existing practice). We may require that you verify your identity before we act on a request to edit or remove your data. Please direct any questions about your data to RRD by sending on inquiry to the appropriate contact in the “Contacting RRD” section below.

Changes to this Privacy Policy

RRD may change this privacy policy from time to time. If this privacy policy changes, the revised privacy policy will be posted at the "Privacy Policy " link on the Site's home page. In the event that the change is significant or material, we will notify you of such a change by revising the link on the homepage to read "Newly Revised Privacy Policy." Please check the privacy policy frequently. Your continued use of the Site constitutes acceptance of such changes in the privacy policy, except where further steps are required by applicable law.


Contacting RRD

In the United States, Canada and the rest of the world excluding the EU, questions regarding RRD’s Privacy Policy should be directed to the Canadian or US Data Protection Officer at dataprivacy@rrd.com.


In the EU, please direct questions to the IT Governance Director - Europe at DataPrivacyEurope@rrd.com.

© 1998 - 2017 R.R. Donnelley & Sons Company, all rights reserved. RR DONNELLEY, RRD, RRD (Stylized) and COMMUNICATIONS ENABLED are trademarks or registered trademarks of R. R. Donnelley & Sons Company. All other trademarks are the property of R. R. Donnelley or their respective owners.