Scope of the Privacy Notice
Our Privacy Notice explains:
- The personal information we collect, and why we collect it.
- Employee information.
- How we use your personal information.
- How we share your personal information.
- How we protect your personal information.
- How we monitor and enforce.
- Compliance with other regulations.
- PIPEDA (Canada).
- Data transfers and privacy shield framework.
- Information processor activity.
- Children’s online privacy protection act (COPPA).
- Your rights and choices.
- Changes to this privacy notice.
- How to contact us.
The Personal Information We Collect and Why We Collect
Information you give us. This is information about you that you provide to us by filling in forms on our website DFINsolutions.com (Our Site) or by corresponding with us by phone, electronic mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, social media functions on our site or other activities commonly carried out on the site, and when you report a problem with our site.
The information you provide may include basic personal information such as your name, address, e-mail address, phone number, title and company. DFIN may collect more sensitive information from you such as financial and credit card information, social security and other government identification numbers where it is appropriate or necessary for conducting business.
Information we collect about you. With regard to each of your visits to our site, we may automatically collect information such as:
- Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, source domain names, your login information, browser type and version, time zone setting, length of time spent and operating system and platform.
- Information about your visit even if you have not created an account or logged in, including the full Uniform Resource Locators (URL), specific web pages, clickstream to, through and from our site including date and time, products and services you viewed or searched for, page response times, download errors, length of visits to certain pages and any phone number used to call our customer service number.
DFIN may also supplement the personal information we collect from you with information we receive from third parties, including our business partners, contractors, analytics and other service providers.
We process the personal data for certain legitimate reasons, among other things, to help us improve the overall accuracy of the information and its completeness, to help us better tailor our interactions with you and to help us identity and prevent fraud.
The information helps us to enhance the security of our information system and assess the effectiveness of our promotional and advertising campaigns. The information is also used to aggregate statistical data, facilitate system administration and improve our site.
Personal information, also known as personally identifiable information (PII) or personal data, for purposes of this Privacy Notice, means any information that (i) directly and clearly identifies an individual, or (ii) can be used in combination with other information to identify an individual. Personal information does not include such information if it is anonymous or if it has been rendered de-identified by removing personal identifiers.
Examples of personal information includes but not limited to:
- An individual’s name.
- Employee ID number.
- Home address.
- Home phone number.
- Email address.
- Names of family members.
- Date of birth.
- Network ID, IP Address, Network Activities and Communications.
DFIN processes employee data for the performance of a contract that our employees are involved in such as payroll and benefits.
DFIN also processes employee data to meet our legal obligations under applicable legislations such as tax or health laws.
We also process employee data for legitimate business purposes including but not limited to:
- Employee communications, including development and training programs;
- Maintaining a global employee directory;
- Human Resource activities including recruitment process, management of employee performance, beneficiary information, compensation and benefits;
- Managing employee hiring such as background checks, emergency contact list, reference checks and terminations.
- Managing the security of our network infrastructure to protect company, employees and customers’ data through the use of monitoring technologies such as data loss prevention tools, next generation firewall, and security incident and event management tools.
Sensitive employee data such as health information, compensation information and performance evaluations may be accessible by other DFIN employees on a need to know basis only if necessary with respect to legitimate human resource functions or related issues. Donnelley Financial does not sell, lease, or rent any employee personal or family data to any third party.
DFIN will obtain clear affirmative consent from an employee before using such employee's personal data for any purpose inconsistent with the purpose described above.
When you visit our Site, we may automatically collect information such as your IP address, browser type and language, operating system, location, date and time using cookies. A cookie is a small amount of data that is sent to your browser from a web server and stored on your device such as a phone or computer. The cookies are then sent back to the originating website on each subsequent visit to that website. As an example, a cookie may allow us to recognize your browser, whereas another cookie may store your preferences. This helps us to provide you with a good experience when you browse our site and allows us to improve our site. Cookies are a technology that can be used to help personalize your use of our site.
DFIN may use other technologies such as web beacons and remarketing technology to advertise on other websites you may visit. In doing so, a third party may place a unique ad-serving cookie on your device and use technical information about your browser and your activity at our site to serve advertisements to you on websites that are not owned or operated by DFIN.
You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept or decline it at any time.
To enable DFIN to assess the effectiveness and usefulness of our site, and to give you the best user experience, we collect and store information on pages viewed by you, your domain names and similar information. Our site makes use of anonymous cookies for the purposes of:
- Completion and support of site activity;
- Site and system administration;
- Research and development;
- Anonymous user analysis, user profiling, and decision-making.
How We Use Your Personal Information
DFIN uses, stores and processes the personal information we collect to provide you with information, products and services which you request from us or similar products or services which you have already requested. The information is also used to improve our existing services and the content of our site.
When you contact DFIN, we may keep a record of your communication to help solve any issues that you might be facing. Depending on the country in which you live, work or access our site(s), your information may be retained for a reasonable time for use in future contact with you, or for future improvements to DFIN services.
In the event the information you provide to us is an application for employment, that application will be held in accordance with our HR records management policy. You have the option to opt-out or opt-in for further communications from DFIN.
DFIN may also use or disclose your personal information when DFIN believes, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of DFIN, DFIN’s users, or others. DFIN reserves the right to transfer and disclose your information if DFIN becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.
How We Share Your Personal Information
DFIN may share personal information we collect about you with our affiliates, business partners, service providers, subsidiaries, vendors, consultants and other service providers to perform work on our behalf. The information may be shared with third parties to offer or provide related services.
We may also share information with our customers when they need access to such personal information to fulfil specific transactions related to service you requested such as promotional campaigns. You may opt out of sharing your information with customers for related services by sending an email to firstname.lastname@example.org. Upon receipt of your request to opt out of this information sharing, we will acknowledge your request and take appropriate measures in response.
DFIN may share your information in response to a request for information, if upon review, we determine that disclosure is in accordance with, or required by, any applicable law, regulation or legal process.
We may share your information if we determine that your actions are inconsistent with our user agreements or policies, or if we must protect the rights, property and safety of DFIN or others.
DFIN may post links to third party websites as a service to you. These third party websites are operated by companies that are outside of our control, and your activities at those third party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.
DFIN may share your personal information in connection with or during negotiations of any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.
How We Protect Your Personal Information
The security of your personal information is important to us. We use reasonable physical, electronic and procedural safeguards to protect the personal information we collect. DFIN uses reasonable measures to safeguard personally identifiable information from loss, theft, misuse, alteration and unauthorized access or destruction. In addition, we maintain appropriate physical, electronic, and procedural safeguards to protect your personal data, including:
- Restricting access to personal data to our employees or service providers on a “need to know” basis;
- Enforcing policies and procedures for our employees in their handling of personal data; and
- Using technologies designed to safeguard data during its transmission, such as SSL encryption for the data you provide on some parts of our site and using appropriate security to safeguard the data that we have received.
DFIN also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
There is, however, no method of transmission over the Internet, or method of electronic storage that can be 100% secure. Therefore, DFIN cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and DFIN encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
How We Monitor and Enforce
DFIN regularly reviews our compliance with our Privacy Notice. We also adhere to several self-regulatory frameworks in addition to complying with applicable laws. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.
Compliance With Other Regulations
DFIN adheres to US and other international regulations such as PIPEDA and the European Union (“EU”) General Data Regulation 2016/679.
DFIN recognizes and has controls in place to ensure that the privacy of personal information about an “identifiable individual” used in the course of “commercial activity” is protected and managed in such a manner which meets or exceeds the guidelines set out in PIPEDA and applicable provincial legislation.
Data Transfer and Privacy Shield Framework
DFIN is a global organization with legal entities and business processes in operation across borders. DFIN complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union (EU) and Switzerland to the United States, respectively.
DFIN has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability. Donnelley Financial is accordingly subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the Department of Commerce’s Privacy Shield Website at https://www.privacyshield.gov/.
With respect to any sharing of EU and Swiss Business Contact Information for the purposes of marketing DFIN products and services, DFIN obtains assurances from its affiliates, subsidiaries and business partners that such entities will use and disclose such EU and Swiss Business Contact Information for purposes of marketing DFIN products and services only.
In cases of onward transfer of EU or Swiss Business Information to third parties pursuant to Privacy Shield, DFIN is potentially liable in the event of an improper disclosure. In certain situations, individuals may seek to opt-out of disclosures of their EU and Swiss Business Contact Information by contacting DFIN as specified in the “How To Contact Us” section below.
DFIN takes appropriate technical and organizational measures to safeguard EU and Swiss personal data against unauthorized or unlawful processing of, or accidental loss, damage, misuse, unauthorized access, unauthorized disclosure, unauthorized alteration, or destruction, and maintains reasonable procedures to help ensure that such information is relevant for its intended use, accurate, complete, current and not excessive and that such information is not retained longer than is reasonably necessary.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, DFIN is subject to the regulatory enforcement powers of the United States Federal Trade Commission. In certain situations, DFIN may disclose EU and Swiss personal data as necessary in connection with the sale or transfer of all or part of its business, where required or permitted by law, where DFIN believes that such disclosures are appropriate in connection with a law enforcement request or as otherwise permitted by the Privacy Shield Principles, or in order to investigate, prevent or take action regarding illegal activities or suspected fraud or in order to comply with, enforce or apply DFIN agreements.
In compliance with the Privacy Shield Principles, DFIN commits to resolve complaints about our collection or use of your personal data at no cost to the individual. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should contact the director of Global Data Privacy at email@example.com. DFIN will respond to your inquiry within 45 days.
In the event of a reported complaint that DFIN does not resolve itself, DFIN commits to cooperate with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the EU DPA panel or Swiss Commissioner with regard to human resource and non-human resource data transferred from the EU and Switzerland to DFIN in the United States (US).
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Information Processor Activities
DFIN operates as a data processor for our business customers located in the US, EU and other locations worldwide. DFIN’s business customers remain the data controllers with respect to any Customer data that they provide to DFIN for our provision of services. DFIN therefore acts in accordance with the instructions of such customers regarding the collection, processing, storage, deletion, access, rectification, portability and transfer of Customer data.
Children’s Online Privacy Protection Act – COPPA
DFIN does not sell or offer its services and products to children. As such, our sites are designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13. If you are a parent or legal guardian of a minor under the age of 13 and believe that the minor has disclosed personal information to us, please contact us by following the “How to Contact Us” below.
Your Rights and Choices
You may have the right to access and review the personal data stored by us to confirm its accuracy, and if necessary you may request that personal data is updated if it is inaccurate. You may also request that certain personal data be deleted from our files. You may be required log into your account to exercise these rights, or contact us at firstname.lastname@example.org.
DFIN will make reasonable efforts to comply with such requests, unless such requests are prohibited by law, or there is a legitimate business purpose to retain personal data. We reserve the right to verify your identity before any request to update or delete your personal data is processed by us. Please direct any questions about your personal data to DFIN Data Privacy at email@example.com.
In accordance with this Policy and the Privacy Shield Principles, but excluding any transfers of data to third parties performing tasks directly on our behalf and pursuant to our instructions, where we receive Personal Information directly from an EU or Swiss individual to which such Personal Information relates, we will offer the individual the opportunity to choose (opt out) whether his or her Personal Information is (1) disclosed to a third party; or (2) used for a purpose that is materially different than the purpose it was originally collected or subsequently authorized by the individual.
Any individual who wishes to opt out can do so by contacting DFIN at the address provided below under the section of this Policy entitled “HOW TO CONTACT US”.
In situations where we receive Personal Information pertaining to EU and Swiss individuals directly from our clients (and not the individual to whom the Personal Information relates), we will cooperate with our clients’ reasonable requests to:
- assist them in informing the impacted individuals about (a) the possibility that we may disclose such individuals’ information to third parties and (b) the individual’s ability to opt out of such disclosures (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions); and
- reasonably ensure that we process the information for purposes compatible with the purposes for which it was originally collected or subsequently authorized by the impacted individuals. After we have notified our clients, they will then inform us if any individuals have opted out of such disclosures.
In situations where DFIN process “Sensitive Personal Information” (which may include Personal Information relating to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the sex life of the individual, ideological views or activities, social security measures pertaining to an individual, or administrative or criminal proceedings and sanctions), we will seek informed express consent (opt in) from individuals if such information is to be disclosed to a third-party (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions) or used for purposes that are materially different from the purpose it was originally collected or subsequently authorized by the individual.
Changes to this Privacy Notice
DFIN reserves the right at its absolute discretion to change this Privacy Notice from time to time. If this Privacy Notice changes, the revised version will be posted at the “Privacy Notice” link on the Site’s home page. In the event that the change is significant or material, we will notify you of such a change by revising the link on the home page to read “Newly Revised Privacy Notice.” Please check the Privacy Notice frequently. Your continued use of our sites constitutes acceptance of such changes in the Privacy Notice, except where further steps are required by applicable law. This Privacy Notice was last updated in October 30, 2018.
How to Contact Us
If you have any questions regarding DFIN’s privacy practices, the use of your personal data, or about this Privacy Notice, please contact us at:
Donnelley Financial Solutions (DFIN)
Global Data Privacy
35 West Wacker Dr.
Chicago, IL 60601
United States of America