Scope of the Privacy Statement
Our Privacy Notice explains:
- The Personal Information We Collect, And Why We Collect It
- Employee Information
- How We Use Your Personal Information
- How We Share Your Personal Information
- How We Protect Your Personal Information
- How We Monitor and Enforce
- Compliance with Other Regulations
- PIPEDA (Canada)
- Data Transfers and Privacy Shield Framework
- Information Processor Activity
- Children’s Online Privacy Protection Act (COPPA)
- Your Rights and Choices
- Changes to This Privacy Notice
- How to Contact Us
The Personal Information We Collect and Why We Collect
Information you give us. This is information about you that you provide to us by filling in forms on our website dfsco.com (Our Site) or by corresponding with us by phone, electronic mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, social media functions on our site or other activities commonly carried out on the site, and when you report a problem with our site.
The information you provide may include basic personal information such as your name, address, e-mail address, phone number, title, and company. Donnelley Financial may collect more sensitive information from you such as financial and credit card information, social security and other government Identification numbers where it is appropriate or necessary for conducting business.
Information we collect about you. With regard to each of your visits to our site, we may automatically collect information such as:
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, source domain names, your login information, browser type and version, time zone setting, length of time spent, and operating system and platform.
- information about your visit even if you have not created an account or logged in, including the full Uniform Resource Locators (URL), specific web pages, clickstream to, through and from our site including date and time, products and services you viewed or searched for, page response times, download errors, length of visits to certain pages, and any phone number used to call our customer service number.
Donnelley Financial may also supplement the personal information we collect from you with information we receive from third parties, including our business partners, contractors, analytics and other service providers.
We process the personal data for certain legitimate reasons, among other things, to help us improve the overall accuracy of the information and its completeness, to help us better tailor our interactions with you, and to help us identity and prevent fraud.
The information helps us to enhance the security of our information system and assess the effectiveness of our promotional and advertising campaigns. The information is also used to aggregate statistical data, facilitate system administration and improve our site.
Personal information, also known as personally identifiable information (PII) or personal data, for purposes of this Privacy Notice, means any information that (i) directly and clearly identifies an individual, or (ii) can be used in combination with other information to identify an individual. Personal information does not include such information if it is anonymous or if it has been rendered de-identified by removing personal identifiers.
Examples of personal information includes but not limited to:
- An individual’s name.
- Employee ID number.
- Home address.
- Home phone number.
- Email address.
- Names of family members.
- Date of birth.
- Network ID, IP Address, Network Activities and Communications.
Donnelley Financial processes employee data for the performance of a contract that our employees are involved in such as payroll and benefits.
Donnelley Financial also processes employee data to meet our legal obligations under applicable legislations such as tax or health laws.
We also process employee datafor legitimate business purposes including but not limited to:
- Employee communications, including development and training programs;
- Maintaining a global employee directory;
- Human Resource activities including recruitment process, management of employee performance, beneficiary information, compensation and benefits;
- Managing employee hiring such as background checks, emergency contact list, reference checks and terminations.
- Managing the security of our network infrastructure to protect company, employees and customers’ data through the use of monitoring technologies such as data loss prevention tools, next generation firewall, and security incident and event management tools.
Sensitive employee data such as health information, compensation information and performance evaluations may be accessible by other Donnelley Financial employees on a need to know basis only if necessary with respect to legitimate human resource functions or related issues. Donnelley Financial does not sell, lease, or rent any employee personal or family data to any third party.
Donnelley Financial will obtain clear affirmative consent from an employee before using such employee’s personal data for any purpose inconsistent with the purpose described above.
When you visit our Site, we may automatically collect information such as your IP address, browser type and language, operating system, location, date and time using cookies. A cookie is a small amount of data that is sent to your browser from a web server and stored on your device such as a phone or computer. The cookies are then sent back to the originating website on each subsequent visit to that website. As an example, a cookie may allow us to recognize your browser, whereas another cookie may store your preferences. This helps us to provide you with a good experience when you browse our site and allows us to improve our site. Cookies are a technology that can be used to help personalize your use of our site.
Donnelley Financial may use other technologies such as web beacons and remarketing technology to advertise on other websites you may visit. In doing so, a third party may place a unique ad-serving cookie on your device and use technical information about your browser and your activity at our site to serve advertisements to you on websites that are not owned or operated by Donnelley Financial.
You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept or decline it at any time.
To enable Donnelley Financial to assess the effectiveness and usefulness of our site, and to give you the best user experience, we collect and store information on pages viewed by you, your domain names and similar information. Our site makes use of anonymous cookies for the purposes of:
- Completion and support of site activity;
- Site and system administration;
- Research and development;
- Anonymous user analysis, user profiling, and decision-making.
How We Use Your Personal Information
Donnelley Financial uses, stores and processes the personal information we collect to provide you with information, products and services which you request from us or similar products or services which you have already requested. The information is also used to improve our existing services and the content of our site.
When you contact Donnelley Financial, we may keep a record of your communication to help solve any issues that you might be facing. Depending on the country in which you live, work or access our site(s), your information may be retained for a reasonable time for use in future contact with you, or for future improvements to Donnelley Financial services.
In the event the information you provide to us is an application for employment, that application will be held in accordance with our HR records management policy. You have the option to opt-out or opt-in for further communications from Donnelley Financial.
Donnelley Financial may also use or disclose your personal information when Donnelley Financial believes, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of Donnelley Financial, Donnelley Financial’s users, or others. Donnelley Financial reserves the right to transfer and disclose your information if Donnelley Financial becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.
How We Share Your Personal Information
Donnelley Financial may share personal information we collect about you with our affiliates, business partners, service providers, subsidiaries, vendors, consultants and other service providers to perform work on our behalf. The information may be shared with third parties to offer or provide related services.
We may also share information with our customers when they need access to such personal information to fulfil specific transactions related to service you requested such as promotional campaigns. You may opt out of sharing your information with customers for related services by sending an email to email@example.com. Upon receipt of your request to opt out of this information sharing, we will acknowledge your request and take appropriate measures in response.
Donnelley Financial may share your information in response to a request for information, if upon review, we determine that disclosure is in accordance with, or required by, any applicable law, regulation or legal process.
We may share your information if we determine that your actions are inconsistent with our user agreements or policies, or if we must protect the rights, property and safety of Donnelley Financial or others.
Donnelley Financial may post links to third party websites as a service to you. These third party websites are operated by companies that are outside of our control, and your activities at those third party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.
Donnelley Financial may share your personal information in connection with or during negotiations of any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.
How We Protect Your Personal Information
The security of your personal information is important to us. We use reasonable physical, electronic and procedural safeguards to protect the personal information we collect. Donnelley Financial uses reasonable measures to safeguard personally identifiable information from loss, theft, misuse, alteration and unauthorized access or destruction. In addition, we maintain appropriate physical, electronic, and procedural safeguards to protect your personal data, including:
- Restricting access to personal data to our employees or service providers on a “need to know” basis;
- Enforcing policies and procedures for our employees in their handling of personal data; and
- Using technologies designed to safeguard data during its transmission, such as SSL encryption for the data you provide on some parts of our site and using appropriate security to safeguard the data that we have received.
Donnelley Financial also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
There is, however, no method of transmission over the Internet, or method of electronic storage that can be 100% secure. Therefore, Donnelley Financial cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and Donnelley Financial encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
How We Monitor and Enforce
Donnelley Financial regularly reviews our compliance with our Privacy Notice. We also adhere to several self-regulatory frameworks in addition to complying with applicable laws. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.
Compliance With Other Regulations
Donnelley Financial adheres to US and other international regulations such as PIPEDA and the European Union (“EU”) General Data Regulation 2016/679.
Donnelley Financial recognizes and has controls in place to ensure that the privacy of personal information about an “identifiable individual” used in the course of “commercial activity” is protected and managed in such a manner which meets or exceeds the guidelines set out in PIPEDA and applicable provincial legislation.
Data Transfer and Privacy Shield Framework
Donnelley Financial is a global organization with legal entities and business processes in operation across borders. Donnelley Financial complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union (EU) and Switzerland to the United States, respectively.
Donnelley Financial has certified to the Department of Commerce that is adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability. Donnelley Financial is accordingly subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the Department of Commerce’s Privacy Shield Website at https://www.privacyshield.gov/.
With respect to any sharing of EU and Swiss Business Contact Information for the purposes of marketing Donnelley Financial products and services, Donnelley Financial obtains assurances from its affiliates, subsidiaries and business partners that such entities will use and disclose such EU and Swiss Business Contact Information for purposes of marketing Donnelley Financial products and services only.
In cases of onward transfer of EU or Swiss Business Information to third parties pursuant to Privacy Shield, Donnelley Financial is potentially liable in the event of an improper disclosure. In certain situations, individuals may seek to opt-out of disclosures of their EU and Swiss Business Contact Information by contacting Donnelley Financial as specified in the “How To Contact Us” section below.
Donnelley Financial takes appropriate technical and organizational measures to safeguard EU and Swiss personal data against unauthorized or unlawful processing of, or accidental loss, damage, misuse, unauthorized access, unauthorized disclosure, unauthorized alteration, or destruction, and maintains reasonable procedures to help ensure that such information is relevant for its intended use, accurate, complete, current and not excessive and that such information is not retained longer than is reasonably necessary.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Donnelley Financial is subject to the regulatory enforcement powers of the United States Federal Trade Commission. In certain situations, Donnelley Financial may disclose EU and Swiss personal data as necessary in connection with the sale or transfer of all or part of its business, where required or permitted by law, where Donnelley Financial believes that such disclosures are appropriate in connection with a law enforcement request or as otherwise permitted by the Privacy Shield Principles, or in order to investigate, prevent or take action regarding illegal activities or suspected fraud or in order to comply with, enforce or apply Donnelley Financial agreements.
In compliance with the Privacy Shield Principles, Donnelley Financial commits to resolve complaints about our collection or use of your personal data at no cost to the individual. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should contact the Director of Global Data Privacy at firstname.lastname@example.org. Donnelley Financial will respond to your inquiry within 45 days.
In the event of a reported complaint that Donnelley Financial does not resolve itself, Donnelley Financial commits to cooperate with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the EU DPA panel or Swiss Commissioner with regard to human resource and non-human resource data transferred from the EU and Switzerland to Donnelley Financial in the United States (US).
Under certain conditions, more fully described on the Privacy Shield website, (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Information Processor Activities
Donnelley Financial operates as a data processor for our business customers located in the US, EU and other locations worldwide. Donnelley Financial’s business customers remain the data controllers with respect to any Customer data that they provide to Donnelley Financial for our provision of services. Donnelley Financial therefore acts in accordance with the instructions of such customers regarding the collection, processing, storage, deletion, access, rectification, portability and transfer of Customer data.