Select below to view policy in your preferred language:
Last Update/Review: 20 January 2023
- Who is RRD?
- Who are you?
- What is a Privacy Notice?
- General interactions with us
- How we protect your data
- How we keep on top of privacy
- The laws we follow
- Accessing and updating your data
- Changes to this Privacy Notice
- How can we help you?
- Who we are (in detail)
Who is RRD?
This privacy notice is written by RR Donnelley and covers all the European companies that are part of the RR Donnelley group today. If you look at the section at the end of this notice, these companies are listed in detail. To keep the size of this document down we will call ourselves “RRD” from now on.
Who are you?
To make this privacy notice easier for you to read and understand we have broken down some of the contents into smaller documents that only relate to you and your relationship with us. If you click on the links below we will show you more specific information about how we hold and process your data.
You are located in the European Union and you are a:
If you are none of these categories above then the rest of our privacy notice may not be relevant to you, but as a visitor to our web site we need to make sure you understand what we might do with any information we collect about you when you visit our site.
What is a Privacy Notice?
We want you to know that we care about your privacy and we want to be clear with you about how we hold and process any of your personal data that we collect.
There are various ways that you might interact with RRD and the data you provide when doing so allows us to do many things. Here is a list of reasons we may hold and process your data.
- To perform a contract or service for you as a business client e.g. send out business communications
- To perform a service to you as an individual customer e.g. print a photobook for you
- We have a legitimate interest in doing so e.g. making the interaction between us better
- There is a legal obligation or the law says we have to e.g. we must hold employee tax records
Generally we do not use your permission or consent to hold or process data about you as you have usually come to us and asked us to do something for you – like employ you and pay your salary and benefits.
If we do need to ask you first before we collect or process your personal data we will make it clear to you and you can make a choice if you wish to accept or decline our request.
These terms may seem difficult to understand and we will make this clearer in the specific sections based upon your relationship with us – you can find these at the links in the Who are you? section above.
This privacy notice is here to explain
- What data we collect about you
- How we collect your data
- Why we collect your data
- How we use your data
- If we share your data and who we share it with
This information is set out in the Who are you? section links above
Below we will also explain
- How we protect your data
- How you can control your data, including accessing, updating and deleting what we store and the rights you have related to this data
General interactions with us
We may collect or record basic data - e.g. name, e-mail address, postal address, phone number - which you voluntarily provide through forms on our web sites, through use of an RRD app, through electronic mail which you send to us, or through other means of communication between you and us.
Sending us emails
If you email us, your email data will be held and processed in either Google Mail or Salesforce Marketing Cloud.
These are third-party services and are located either in the European Union or in the United States of America (USA). We make sure that your data is transferred legitimately to the email systems in the USA through the protection of the Privacy Shield regulatory framework.
The privacy information for Google Mail can be found at https://policies.google.com/privacy and for Salesforce can be found here https://www.salesforce.com/uk/company/privacy/.
When you email us we try to use Transport Layer Security (TLS) to encrypt and protect the email traffic between us. If your email systems cannot use TLS you should be aware that any email that we send or receive may not be protected as it travels across the Internet.
We also monitor any emails sent to us for viruses and malicious software.
Please also be aware that all the emails we send and receive through Google Mail are kept in a read-only archive for seven years for legal purposes in case lawyers need to access email data as part of an investigation or court case.
Using social media
We use social media to help you reach us and keep you informed. If you message us privately through any of the following platforms we will retain that message for no more than 12 months unless there is a legal requirement to hold the message longer.
The privacy notices of the social media site we use can be found below.
- Twitter https://twitter.com/en/privacy
- LinkedIn https://www.linkedin.com/legal/privacy-policy
- Hubspot https://legal.hubspot.com/privacy-policy
- YouTube https://policies.google.com/privacy
How we protect your data
We care about the security of your personal data so we follow the best industry standards as well as all applicable laws to protect the personal data submitted to us (either submitted by you or by a third-party for whom we provide services). We secure your data both during transmission and once we receive it.
Where appropriate we use encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of your data as we hold or process it. We also use industry-standard technology and processes for detecting and responding to situations where some unauthorised person is trying to access your data held on our systems.
How we keep on top of privacy
We regularly review our compliance with this Privacy Notice as well as our compliance with the privacy regulations that apply to us. RRD is a corporate member of the International Association of Privacy Professionals (IAPP) and our privacy and legal teams keep up to date with the latest changes to privacy and data protection laws that affect our companies across the globe.
The laws that we follow
RRD must comply with all applicable privacy laws – the primary one is Regulation (EU) 2016/679 of the European Parliament, which is also known as the General Data Protection Regulation (GDPR).
We also comply, where relevant, with any local privacy related laws in other European countries as well as the GDPR.
Accessing and Updating Your Personal Data
As an individual located within the European Union or the United Kingdom (UK), you gain various rights when you pass us your personal data, either as a business client, an individual customer, a supplier or as an employee (or ex-employee) of ours. Read more about these rights.
These rights sometimes depend on the way we process your data. Some circumstances may mean that the right doesn’t apply (or there may be an exception to the rule that means we may not be required to fulfill your request). An example may be that you have asked for all your data to be deleted but we have a legal need to keep some of it for tax purposes. If exceptions apply we will be clear with you why we are not able to fulfill your request.
We have policies and processes in place to help us to help you with these rights. These rights are:
- Transparency; we will use clear and plain language when communicating with you.
- Access; we will provide the type of data we hold on you, the purpose of holding it, who we share it with and how long we keep it for as well as giving you access to that data.
- Rectification; if any of the data we hold about you is incorrect we will correct it.
- Erasure; where applicable we will delete any data we hold about you.
- Portability; where applicable we will provide a copy of your personal data in a commonly used, machine readable format.
- Object to processing; you can opt-out of any marketing communications from RRD. Every communication we send you should include details on how to opt-out of future messages.
To safeguard your privacy, for confirming that any requests are genuine, we may need you to verify your identity before we act on your request to edit, access or remove your data.
It is possible that we hold and process your personal data on behalf of one of our clients. If this is the case, we can pass on any request for you and where required and applicable, we will help our client fulfill that request for you.
You may direct any request to the email accounts listed in the How can we help you? section below.
You also have the right to contact RR Donnelley in the How can we help you? section if you feel our collection or use of information is unfair, misleading or inappropriate.
You may also contact your data protection regulator, known as the Supervisory Authority.
To simplify how RRD works with the Supervisory Authorities across Europe, we will be using the Data Protection Commissioner in Ireland (https://www.dataprotection.ie) as our primary or lead authority for privacy at any company that is part of RRD Supply Chain Solutions.
You are always able to voice your concerns in your local language to your local European Supervisory Authority and we will work with them to resolve your issues.
We also welcome feedback on the clarity of this Privacy Notice and any experiences you may have had related to the privacy of your personal data at RRD.
We may use a third party service, like Google Analytics, to place cookies into your browser and record information about your visit to our web sites. The information does not uniquely identify you, and neither we nor our suppliers will try to identify you. If we need to ask for information that could identify you we will make it clear and explain how we intend to use that data.
Cookies are a technology that can be used to help personalize your use of a website. A cookie is an element of information that a website can send to your browser, which you then store on your system.
You can set your browser to alert you when you receive a cookie from a site like ours, giving you the chance to decide whether to accept or decline it at any time.
Changes to this Privacy Notice
We keep this privacy notice under regular review. The last update was 15 September 2020.
How can we help you?
We have Privacy staff and legal counsel that can provide advice to our European businesses on privacy and data protection and to work with our clients, employees and the regulators (the Supervisory Authorities who manage and enforce privacy rules across Europe).
Please direct any privacy or data protection questions to RRD by emailing RRD at DataPrivacyEurope@rrd.com.
If we receive formal written complaints, we follow up such complaints with the person making the complaint. We will also work with the relevant regulator (Supervisory Authority) across Europe to resolve any complaints that cannot be resolved directly.
Who we are (in detail)
The following business unit is the RR Donnelley group which is based in the European Union at the date of this privacy notice.
Business Unit – RRD Supply Chain Solutions
Lead Supervisory Authority – Data Protection Commissioner, Ireland
- Banta Global Turnkey Limited
Hollyhill Industrial Estate Unit 8, Hollyhill, Cork, T23 KN97, Ireland.
- R.R. Donnelley GTS Poland Sp z.o.o.
Ul. Zakladowa 90/92,92-402 Łódź, Poland.
- RR Donnelley Czech s.r.o.
Tuřanka 1328/102, Slatina, 627 00 Brno, Czech Republic.
- RR Donnelley Prague s.r.o.
Za Tratí 207, 252 19 Chrášťany, Praha-západ, Czech Republic.
- R.R. Donnelley Magyarorszag Kft
4031 Debrecen, Kígyóhagyma utca 7, Hungary.