Privacy Notice

Last Updated: May 1, 2025

Donnelley Financial Solutions, Inc. and its worldwide subsidiaries (DFIN) respect your privacy and know that you care about how we use and share your information. DFIN is a global business with approximately 1,800 employees in twelve countries. This notice describes how DFIN collects, shares, uses, and protects personal information in accordance with the requirements of privacy laws in the jurisdictions that we operate in, including but not limited to, the EU and UK General Data Protection Regulation (GDPR) and California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA).

By using this website and other websites that we operate (Our Site(s)) including those where we post a direct link or otherwise reference this Privacy Notice, you are accepting and consenting to the practices described in this Privacy Notice.

Our Privacy Notice explains:

Personal Information We Collect and Why We Collect

This is information about you that you provide to us by filling in forms on our Sites(s), participating at events organized or attended by DFIN, corresponding with us by phone, electronic mail or otherwise, or visiting our offices. It includes information that you provide when you register to use our Site(s), subscribe to our services, engage in social media functions on our Site(s) or otherwise engage with the site’s functionality and activities, as well as when you report a problem with our Site(s).

Personal Information (PI), also known as personally identifiable information (PII) or personal data, for purposes of this Privacy Notice (including other similar terms under applicable privacy laws), means any information that (i) directly and clearly identifies an individual, or (ii) can be used in combination with other information to identify an individual. Personal information does not include such information if it is anonymous or if it has been rendered de-identified by removing personal identifiers. We may automatically collect information such as:

  • Technical Information – This includes but is not limited to the Internet Protocol (IP) address used to connect your device to the Internet, source domain names, login information, browser type and version, time zone setting, length of time spent on our Site(s), engagement or use of the functionality and activities on our Site, operating system, and platform.
  • Uniform Resource Locators (URL) – These include but are not limited to specific web pages, clickstream to, throughout, and from our Site(s) including date and time, anything you viewed or searched for on our Site(s), page response times, download errors, length of visits to certain pages, and any format by which we contact or engage with an individual (data subject).

DFIN may also collect Sensitive Personal Information (SPI) from you where it is appropriate or necessary for conducting business or providing a service to you, as well as a part of your employment at DFIN. SPI may include information relating to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, gender, sexual orientation, ideological views or activities, social security information, or administrative or criminal proceedings and sanctions. DFIN limits its collection and use of personal information to the minimum identifiers that are necessary for performing the specific task related to the purpose for which the personal information is collected.

  • DFIN may also supplement the personal information we collect from you with information we receive from third parties, including our business partners, contractors, analytics, and other service providers.

Categories of Personal Information Collected by DFIN

Within the last twelve (12) months, the following categories of personal information may have been collected by us. This collection of data is reasonable and proportionate to the business, commercial, and regulatory activities of DFIN

Category

Examples

Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name and login information, Social Security number, driver's license number, passport number, or other similar identifiers.

Personal information categories listed under applicable laws.

A name, signature, Social Security number, physical characteristics or description, address, telephone number, text messages, email, passport number, driver's license or state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, or any similar information.

Sensitive Personal Information (SPI) – Protected classification characteristics under applicable laws.

Age, race, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, pregnancy, childbirth, and related medical conditions), sexual orientation, veteran or military status, and neural data.

Contractual information.

Information collected as part of the products and services we provide to you.

Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Human Resources (HR) data.

Employee compensation, demographics, health and financial benefits, job performance evaluations, training records, and attendance records.

Professional or employment-related information.

Current or past employment history or performance evaluations.

These categories of personal information are obtained from the following categories of sources:

  • Directly from you or our customers. For example, when you contact us by telephone, e-mail, post, Site chatbot, the use of any of our digital platforms, forms you complete, or products and services you purchase.
  • Indirectly from you. For example, from observing your actions on Our Sites.

Purposes for Which We Use Your Personal Information

DFIN uses, stores, and processes the personal information we collect to:

  • Where relevant, operate and provide DFIN’s products and services, including registering, creating, maintaining, customizing, and securing your customer account with us.
  • Fulfil our obligations under a contract with you, which may include enforcing and/or applying the terms of any of our user agreements.
  • Follow up on our communication with you and create a record of our communication with you for quality purposes.
  • Process your requests, purchases, transactions, and payments.
  • Where appropriate, provide you with information or marketing communications for DFIN products and services which you request from us or similar products or services which you have already requested, or personalized offers and content based on your interactions with us and usage of our products.
  • Provide testing, research, analysis, and product development, including developing and improving our Site(s), products, and services.
  • Provide technical support, respond to inquiries, investigate and address concerns, and monitor and improve our responses.
  • Maintain the safety, security, and integrity of our Site(s), rights, property, products and services, databases and other technology assets, and business of DFIN, DFIN’s users, or others.
  • Cooperate with law enforcement requests and as required by applicable law, court orders, or governmental regulations.
  • Manage our everyday business needs, such as internal account management, customer reporting, contract management, site administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance.
  • As described to you when collecting your personal information or sensitive personal information.
  • Any other basis that lawfully entitles us to process your personal information.

DFIN reserves the right to transfer and disclose your information if DFIN becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.

Certain privacy laws, such as the GDPR, require that we inform you of the legal bases for our processing of your personal information. We process personal information for the following legal bases:

  • Consent: where you have given clear consent for us to process your personal information for a specific purpose.
  • Contract: where our use of your personal information is necessary for a contract we have with you, your employer, or other parties for projects or transactions with which you are affiliated, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: where our use of your personal information is necessary for us to comply with the law.
  • Vital interests: where our use of your personal information is necessary to protect you or someone else’s life.
  • Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party.

If certain personal information is not provided to us, depending on the purposes for which we have collected it, we may not be able to provide the information, products, or services you have asked for or process your requests, applications, subscriptions, or registrations, and may not be able to perform or discharge applicable legal obligations.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice. DFIN does not use or disclose sensitive personal Information for purposes other than those specified in this Notice or as permitted under applicable laws.

How We Share Your Personal Information

DFIN may have to share your personal information with entities and persons set out below, for the purposes listed herein:

  • Our affiliates, subsidiaries, vendors, consultants, and other service providers to perform the services on our behalf and to ensure the efficient operation of our business.
  • Where required, with professional advisors or consultants, including lawyers, banks, auditors, accountants, and insurers providing consultancy, legal, banking, audit, accounting, or insurance services to us; any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body.
  • Service providers who provide information technology and system administration services to us.

Categories of Personal Information Shared by DFIN

In the preceding twelve (12) months, DFIN has disclosed personal information for a business purpose to the following categories of third parties:

Category

Category of Third-Party Recipients

 

Business Purpose Disclosures

Identifiers.

Our affiliates, vendors, consultants, and other service providers. 

Professional advisors or consultants.

California Customer Records personal information categories.

Our affiliates, vendors, consultants, and other service providers. 

Professional advisors or consultants.

Commercial information.

Our affiliates, vendors, consultants, and other service providers. 

Professional advisors or consultants.

Internet or other similar network activity.

Our affiliates, vendors, consultants, and other service providers.

Professional or employment related information.

Our affiliates, vendors, consultants, and other service providers.


DFIN may also share your personal information:

  • In connection with or during negotiations of any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.
  • With our customers when they need access to such information to fulfil specific transactions related to services you requested. You may opt out of sharing your information with our customers for related services by sending an email to dataprivacy@dfinsolutions.com. Upon receipt of your request to opt out of this information sharing, we will acknowledge your request and take appropriate measures in response.
  • If we determine that your actions are inconsistent with our user agreements or policies, or if we must protect the rights, property, and safety of DFIN or others in accordance with, or required by, any applicable law, regulation, or legal process.

Sale or Sharing of Personal Information

In the preceding twelve (12) months we have not “sold” personal information set forth in this Notice for the purposes of the CCPA. DFIN does not sell the personal information of its employees, contractors, customers, third parties, or any other affiliation to others.

DFIN does not sell or share personal information for cross-context behavioral advertising. DFIN will only disclose your personal information for advertising purposes through targeting or advertising cookies with your affirmative, opt in consent. For more information on cookies, please refer to our Cookie Notice.

We do not have actual knowledge that we sell or share personal information of minors under 16 years of age. DFIN does not conduct business directly with individual consumers. Our business relationships are business-to-business (B2B).

Data Transfers

As a global organization with legal entities and business processes in operation across borders, we cannot always limit the processing of personal information to the country in which an individual is based. In the course of providing our services, DFIN may need to transfer personal information to locations outside the jurisdiction in which our customers are located or where our Sites are viewed. We design processes to comply and ensure adequate safeguards for the transfer of personal information.

Data transfers between the U.S., EU, UK, and other countries will be done subject to compliance with applicable law and appropriate technical and organization safeguards. This includes onward transfers to third parties. DFIN requests our third parties to implement the necessary safeguards to protect personal information both in transit and at rest. DFIN transfers personal information to third parties only for limited and specified purposes.

  • DFIN will comply with the advice given by the appropriate regulatory body regarding the transferring of HR and non-human resource data. Data transfers will be done subject to compliance with applicable law, and appropriate technical and organization safeguards. This includes onward transfers to third parties.
  • DFIN commits to resolving complaints about our collection or use of your personal information at no cost to the individual. Individuals with inquiries or complaints regarding DFIN’s use of their personal information should first contact DFIN’s Global Data Privacy department at dataprivacy@dfinsolutions.com. DFIN will respond to your inquiry within 45 days.
  • In the event of a reported employee complaint that DFIN does not resolve itself, DFIN commits to cooperate and comply with the advice of the applicable regulatory authorities with regard to unresolved complaints concerning our handling of human resources (HR) data received in the context of the employment relationship between DFIN and its employees.

Under certain conditions, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

DFIN takes appropriate technical and organizational measures to safeguard all personal information against unauthorized or unlawful processing, accidental loss, damage, misuse, unauthorized access, unauthorized disclosure, unauthorized alteration, and destruction. We maintain reasonable procedures to help ensure that personal information is relevant for its intended use, accurate, complete, current, not excessive and that such information is not retained longer than is reasonably necessary.

With respect to any sharing of business contact information for the purposes of marketing DFIN products and services, DFIN obtains assurances from its affiliates, subsidiaries, and business partners that such entities will use and disclose such business contact information for purposes of marketing DFIN products and services only. We acknowledge that we may be required by applicable law to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. DFIN will use commercially reasonable efforts to ensure any data is processed lawfully.

How We Protect Your Personal Information

The security of your personal information is important to us. We use reasonable physical, electronic, and procedural safeguards to protect the personal information we collect from loss, theft, misuse, alteration and unauthorized access or destruction. In addition, we maintain appropriate physical, electronic, and procedural safeguards to protect your personal information, including:

  • Restricting access to personal information to our employees or service providers on a “need-to-know” basis.
  • Enforcing policies and procedures for our employees in their handling of personal information.
  • Using technologies designed to safeguard data during its transmission, such as SSL (Secure Socket Layer) encryption for the information you provide on some parts of our Site(s) and using appropriate security to safeguard the data that we have received.

DFIN also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.

There is, however, no method of transmission over the Internet or method of electronic storage that can be 100% secure. Therefore, DFIN cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and DFIN encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.

DFIN Products

DFIN has a strong corporate commitment to data privacy. We commit to using data privacy principles and strategies to implement Privacy by Design and Default whenever possible within our applications, practices, and organization. DFIN incorporates various technologies into our applications to streamline data-gathering and reporting processes, protect and secure data, enhance user experience, and efficiently improve performance. Depending on the product(s) in scope, the utilization of these technologies may include but are not limited to: artificial intelligence (AI) powered software, automated data extraction, natural language processing technology combined with machine learning, the study of algorithms, tokenized redaction, proprietary pattern matching technology, redaction masking or anonymization to data files, single sign-on (SSO) access, built-in and customized exception and audit reporting, data integration, built-in safeguards to flag non-compliance requirements, streamlined features for safe real-time collaboration and accurate financial reporting, AES 256-bit encryption at rest and in transit, multifactor authentication (MFA), robust role-based access control (RBAC), cloud-based workflow tools, in-app automated publishing capabilities, and Straight Through Processing (STP). These and other technologies continuously provide effective, robust, and innovative forward protections over DFIN’s customers, employees, and stakeholders' personal information. DFIN does not incorporate personal information or confidential information in the development or training of artificial intelligence technologies.

How We Monitor and Enforce

DFIN regularly reviews our compliance with our Privacy Notice. We also adhere to several self-regulatory frameworks in addition to complying with applicable laws. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.

How Long We Keep Your Personal Information

We will retain your personal information for as long as you have an account with us, or we are providing products or services to you. Thereafter, we will keep your personal information for only as long as is necessary to:

  • Respond to any questions, complaints, or claims made by you or on your behalf.
  • Keep records required by applicable laws and regulations or DFIN's retention and deletion policies.

We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Notice.

Your Rights and Choices

Under specific global privacy laws, individuals are afforded certain rights related to the handling and processing of their personal information. DFIN respects your rights to exercise these rights. DFIN will make reasonable efforts to comply with your requests, unless such requests are prohibited by law, or there is a legitimate business purpose to retain personal information. We reserve the right to verify your identity before complying with such requests.

As permitted under applicable law, you may have the right to access and review personal information stored by us to confirm its accuracy. If necessary, you may request that personal information is updated if it is inaccurate. You may also have the right to request that certain personal information be corrected, amended, or deleted from our files. Your rights may also include limiting the use and disclosure of your personal information and restricting the processing of it. To exercise these rights and others (as permitted under applicable law), you may be required to log into your account or contact us at dataprivacy@dfinsolutions.com.

Please direct any questions about your personal information to DFIN’s Global Data Privacy department at dataprivacy@dfinsolutions.com.

In accordance with this Privacy Notice, where we receive personal information directly from an individual to which such personal information relates, where applicable, we will offer the individual the opportunity to choose (opt-out) whether their personal information is (i) disclosed to a third party or (ii) used for a purpose that is materially different from the purpose it was originally collected or subsequently authorized by the individual. This will not apply to transfers of data to third parties performing tasks on our behalf or at our instruction.

Any individual who wishes to opt out can do so by contacting DFIN at the address provided below under the section of this Privacy Notice entitled “How to Contact Us.”

In situations where we receive personal information pertaining to individuals directly from our customers (and not the individual to whom the personal information relates), we will cooperate with our customers’ reasonable requests to:

  • Assist them in informing the impacted individuals about (i) the possibility that we may disclose such individuals’ information to third parties and (ii) the individual’s ability to opt out of such disclosures (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions).
  • Reasonably ensure that we process the information for purposes compatible with the purposes for which it was originally collected or subsequently authorized by the impacted individuals. If our customers inform us that an individual has opted out of disclosures of previously provided personal information, we will make reasonable efforts to comply with such opt-out requests.

In situations where DFIN processes sensitive personal information, we will seek informed express consent (opt in) from individuals if such information is to be disclosed to a third-party (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions) or used for purposes that are materially different from the purpose it was originally collected or subsequently authorized by the individual.

California Consumer Rights and Choices

The California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA) provides California residents with specific rights regarding their personal information and sensitive personal information.

CCPA may be applicable when personal information is processed in the following formats:

  • Physical. This includes paper documents, printed images, vinyl records, or video tapes.
  • Digital. Such as within text, images, audio, or video files.
  • Abstract Digital. This consists of compressed or encrypted files, metadata, and AI systems that are capable of outputting personal information.

Additionally, under the CCPA, sensitive personal information also applies to neural data (information that is generated by measuring the activity of an individual’s central or peripheral nervous system, and that is not inferred from nonneural information).

California residents have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months, these rights are the:

  • Right to Know what personal information is being collected about you. Right to Access your own personal information. You may request that we disclose information related to:
    • The categories of personal information we have collected about you.
    • The categories of sources from which the personal information is collected.
    • The business or commercial purpose for collecting, selling, or sharing personal information.
    • The categories of third parties to whom we disclosed your personal information.
    • The specific pieces of personal information that we have collected about you.
  • Right to Know what personal information is sold or shared and to whom. You may request that we disclose information related to:
    • The categories of personal information we have collected about you.
    • The categories of personal information that we sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared.
    • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
  • Right to Opt-Out of the sale or sharing of your personal information.
  • Right to Non-discriminatory treatment for exercising your rights.
    • We will not discriminate against customers who exercise their privacy rights.
    • We will not retaliate against an employee, applicant for employment, or independent contractor for exercising their rights.
  • Right to Delete personal information that we collected from you, subject to certain exceptions.
  • Right to Correct inaccurate personal information.
  • Right to Limit the use and disclosure of sensitive personal information.

The CCPA has extended these rights to be afforded to all employees who are residents of California. Under the CCPA, employees are defined as: full or part-time employees, independent contractors, and/or job applicants who are residents of California.

A Right to Know request may be submitted twice within a 12-month period, free of charge.

Exercising the Right to Delete personal information is subject to certain exceptions under CCPA.

  • DFIN is not required to delete personal information if it is still needed in order to complete the transaction for which the information was collected, provide a product or service requested by you (or that we reasonably anticipate based on our relationship with you), perform a contract with you, your employer, or other parties for projects or transactions with which you are affiliated, to comply with legal obligations, or accomplish any other objective recognized as an exception to the right to deletion under CCPA.

The CCPA grants businesses 45 days to respond to a consumer rights request. An extension period of up to an additional 90 days is allowed.

All California Consumer Rights requests including deletion requests can be emailed directly to dataprivacy@dfinsolutions.com.

Exercising Your Rights

DFIN will never charge you or discriminate against you for choosing to exercise your rights. DFIN will make reasonable efforts to comply with all consumer rights requests. Only you or a person registered with the specific Secretary of State in which you reside and that you have authorized to act on your behalf, may make a verifiable consumer request related to your personal information.

An authorized agent can make a request on a residents’ behalf by providing a power of attorney valid under the appropriate U.S. State or Global privacy law. Additionally, an authorized agent must provide: (i) proof that the consumer authorized the agent to act on their behalf; (ii) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete which are outlined above; and (iii) direct confirmation that the consumer provided the authorized agent permission to submit the request.

You may also make a verifiable consumer request on behalf of your minor child. DFIN reserves the right to verify your identity before any request to know, access, update, correct, or delete your personal information is processed by us. The verifiable consumer request must provide sufficient information that allows DFIN to reasonably verify you are the person about whom we collected personal information or an authorized representative, as well as describe your request with sufficient detail that allows DFIN to properly understand, evaluate, and respond to it. We will verify your identity to a reasonable degree of certainty by matching the data points provided by you against information in our systems which are considered reasonably reliable for the purposes of verifying a consumer’s identity.

Individuals who would like to opt-out of correspondence or modify their online communications preferences with DFIN, should visit DFIN’s online Preference Center at: https://info.dfinsolutions.com/preferencecenter.

This section does not address or apply to our handling of:

  • Publicly available information from government records.
  • Information excluded from the relative privacy regulation’s scope, including but not limited to health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), or the Gramm-Leach-Bliley Act (GLBA).
  • De-identified or aggregated consumer information. De-identified information is data that has had all personally identified information removed from it. Aggregated information is numerical or non-numerical information that is compiled into data summaries or summary reports for data statistics or public reporting.

Other Privacy Laws

  • New York SHIELD Act (New York). The New York Stop Hacks and Improve Electronic Data (SHIELD) Security Act applies to any person or business that owns or licenses computerized data which includes private information, regardless of corporate structure, revenues, or location. DFIN conducts business within New York (NY) state and has realigned its processes and procedures to adhere to the requirements established within the SHIELD Act to support the protection of New York residents’ personal and private information.
  • PIPEDA (Canada). DFIN has controls in place to ensure that the privacy of personal information about an “identifiable individual” used in the course of “commercial activity” is protected and managed in such a manner which meets or exceeds the guidelines set out in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation.
  • GDPR (EU and UK). DFIN may act as a Controller or a Processor under the EU and United Kingdom (UK) General Data Protection Regulation (GDPR). In respect of business customers located in the U.S., UK, EU, and other locations worldwide, DFIN operates as a data processor. DFIN’s business customers remain the data controllers with respect to any customer data that they provide to DFIN for our provision of services. DFIN therefore acts in accordance with the instructions of such customers regarding the collection, processing, storage, deletion, access, rectification, portability, and transfer of customer data. The handling and safeguarding of personal information concerning EU-based and UK-based citizens is a matter of course for DFIN globally and an integral part of DFIN’s corporate governance.
  • Children’s Online Privacy Protection Act (COPPA). DFIN does not sell or offer its services and products to children. As such, our Site(s) are designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13. If you are a parent or legal guardian of a minor under the age of 13 and believe that the minor has disclosed personal information to us, please contact us by following the “How to Contact Us” below.

Recruitment

For job applicants seeking an employment opportunity at DFIN either through our Careers site or third-party platforms, DFIN may collect certain personal information from your job application or where applicable from your personal references (provided by you), your educational institute, or any other relevant professional body. This personal information may include but is not limited to name, postal address, email address, phone number, details of your qualifications, job history, curriculum vitae, contact details of your references, and any other personal information submitted along with your application.

DFIN processes personal information as necessary for the purposes of fulfilling certain legal obligations related to recruitment. For example, where employment law or other laws require the processing of your personal information. We may process personal information in reliance on our legitimate business interests in the selection, evaluation, and appointment of new employees, as well as the management and administration of recruitment and HR processes. On occasion, legal grounds such as the protection of your vital interests may also apply. For example, for health and safety reasons, if you attend an interview at one of our offices or in relation to agreements with employee representation groups, if applicable.

DFIN does not rely on automated decision-making tools during any component of the recruitment process.

We retain the personal information that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. The duration for which we keep your information is dependent on whether your application is successful and you become employed by us, the nature of the information concerned, and the purposes for which it is processed.

Some or all of the categories of personal information referenced within this Privacy Notice may be used alone or in combination if you become employed at DFIN or apply for an employment opportunity at DFIN. The transferring of HR Data is protected as detailed in Standard Contractual Clauses (SCCs) that we may have with a third-party service provider. HR Data is only processed and transferred as required for business purposes and to fulfill employee commitments to DFIN and their benefits provided by DFIN.

Cookies and Other Technologies

When visiting our Site(s), we may automatically collect information such as your IP address, browser type and language, operating system, location, date, and time using cookies. For more information, please refer to our Cookie Notice.

Third Party Websites

DFIN may post links to third party websites as a service to you. These third-party websites are operated by companies that are outside of our control and your activities at those third-party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.

Changes to this Privacy Notice

DFIN reserves the right at its absolute discretion to change this Privacy Notice from time to time. If this Privacy Notice changes, the revised version will be posted at the “Privacy Notice” link on our Site’s home page. In the event the change is significant we will revise the link on the home page to read “Newly Revised Privacy Notice.” Please check the Privacy Notice frequently. Your continued use of our sites constitutes acceptance of such changes in the Privacy Notice, except where further steps are required by applicable law. This Privacy Notice was last updated on May 1, 2025.

How to Contact Us

If you have any questions regarding DFIN’s privacy practices, the use of your personal information, or about this Privacy Notice, please contact us at:

Donnelley Financial Solutions (DFIN)
Global Data Privacy
391 Steel Way
Lancaster, PA 17601
United States of America
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454

For country specific inquiries, please contact:

Brazil
Fernando Ribeiro
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454

Canada
George Smola (Privacy Representative)
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454

EU
Paul Maloney (SVP Europe and APAC GIM Ops)
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454

People's Republic of China
Yeung Kuk
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454

Singapore
Robin Yeo (DPO)
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454

South Korea
JungYun Moon (DPO)
Email: dataprivacy@dfinsolutions.com
Phone: +1 855-683-9454