Privacy Notice

Privacy Notice – Effective April 2025

This Website (“Website”) is operated by Toppan Merrill LLC (“Toppan Merrill”). The terms “Toppan Merrill,” “we,” “us,” “our” or “ours” when used in this privacy notice (“Privacy Notice”) includes parents, subsidiaries, divisions, branches, affiliates, or companies of Toppan Merrill. The terms “you,” “your” and “yours” when used in this Privacy Notice mean any user of this Website including, current and future customers, employees, non-employee labor, vendors and information seekers.

IMPORTANT: BY SUBMITTING PERSONAL DATA TO US OR BY USING OUR WEBSITE, YOU GIVE YOUR CONSENT THAT YOUR PERSONAL DATA MAY BE PROCESSED IN THE MANNER AND FOR THE PURPOSES DESCRIBED BELOW.

Scope of Privacy Notice

You may visit our public Website without providing any personal data. This Privacy Notice describes our current policies and practices regarding personal data collected by us from you directly and/or through the Website or Service Tools (as defined below). The term “personal data” refers to personally identifiable information about you. This Privacy Notice applies only to the operation of websites that directly link to this notice when you click on the Privacy Notice link.

Service Tools

We provide tools including, Quinn by Toppan Merrill™, Toppan Merrill Bridge™ and Toppan Merrill Connect™ (“Service Tools”). These Service Tools are part of a business relationship. If you engage in a business relationship with Toppan Merrill, you agree to the use of your contact details in accordance with this Privacy Notice. We may contact you regarding updates, modifications and additional service offerings. Your access to these Service Tools will be retained and used for support, transition, and maintenance, or to comply with reporting, audit and data retention requirements.

Notification of changes to this Notice

Toppan Merrill is continually improving our methods of communication and adding new functionality and features to this Website and to our existing services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data practices may change. We encourage you to check this page frequently and anytime you submit personal data via the Website.

Collection, Use and Disclosure of your personal data

When you use our products and services or request information, we request personal data about you such as your name, location, employer’s address, e-mail address and telephone number. We may also ask for demographic information to enable us to provide you with a personalized service. The information you provide is either manually or electronically stored in our databases.

We may share your personal data under these limited circumstances:

  • In order to provide you with the requested information on products or services, your personal data may be shared with other companies within our group of companies and third parties who act for us for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have consented. For example, a third-party may have access to your personal data to support our information technology or to handle mailings on our behalf. Toppan Merrill requires that all third-party processors process your personal data with the same level of protection and in a manner consistent with the uses agreed upon in this Privacy Notice.
  • We may share your personal data with other companies within our group of companies who may contact you about their products or services that may interest you.
  • We will keep your contact details in our database and we may use your personal data for marketing purposes and market research. If you do not wish to receive e-mails or post from us for these purposes, please let us know by following the “unsubscribe” procedure described herein.
  • We may use your personal data to administer this Website and help us improve our services.
  • We may disclose the information in our databases and server logs to comply with a legal requirement, for the administration of justice, for the purposes of national security only to the extent that is strictly necessary and proportionate, to interact with anti-fraud databases, to protect your vital interests, to protect the security or integrity of our databases or this Website, to take precautions against legal liability, or in the event of our sale, merger, reorganization, dissolution or similar event.
  • In the event of a corporate sale, merger, reorganization, dissolution or similar event, your personal data may be part of an asset transfer or sale.
  • If you submit your resume or CV, we will use the information to process your inquiry and to monitor recruitment statistics. Personal data about unsuccessful candidates will be held for 36 months (or for 24 months if you are a federal contractor) before being destroyed or deleted.

Limitations of Use and Disclosure of your personal data

Toppan Merrill complies with California’s California Consumer Privacy Act (“CCPA”) as amended by the CPRA as well as the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. (see below). As such, individuals have certain rights regarding their personal data and may request information related to the:

  • Knowledge of information collected including categories and sources;
  • Deletion of information collected;
  • Opt-out of information collected;
  • Opt-in of information collected;
  • Correction of information collected; and
  • Limiting use of information collected and how it may be shared.

Data access and corrections

Upon receipt of your written request and by providing enough information to permit us to identify your contact data, we will disclose to you the personal data we acquired and hold about you, for which we may make a small charge. Upon request, we will correct, amend, or delete any personal data that is inaccurate and notify any third-party recipients of the necessary changes. You may update any information you have given to us by contacting us [email protected] or for employees, you may update your information in Workday. Requests to delete personal data are subject to any applicable contractual, legal and ethical reporting or document retention obligations imposed on us.

Sharing of Personal Data

We only share your personal data with third-party entities with whom we partner to administer employment-related activities.

Selling of Personal Data

Toppan Merrill does not sell your personal data.

Data Security

We will take every sensible precaution to protect the information we collect from you including physical, technical and organizational procedures to safeguard and secure the information from loss, misuse, unauthorized access, or disclosure. Access to this information is protected both online and offline.

Anonymous data collected through this Website

We also use technology to collect anonymous information about the use of our Website. For example, our Web server automatically logs which pages of our Website our visitors view, their IP addresses and which Web browsers our visitors use. This technology does not identify you personally; it enables us to compile statistics about our visitors and their use of our Website. Our Website contains hyperlinks to other pages on our Website. We may use technology to track how often these links are used and which pages on our Website our visitors choose to view.

Cookies

We may use temporary “cookies” that remain in the cookies file of your browser until the browser is closed to collect anonymous data. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie to enable you to decide if you want to accept it or not.

Links to other Web sites

This Website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their operation, data or privacy practices. We urge you to review any privacy notice posted on any site you visit before using the site or providing any personal data about yourself.

Server Location

Toppan Merrill’s data servers are located in the U.S. If you are visiting this Website from a country other than the country in which our servers are located, the various communications may result in the transfer of information across international boundaries. If you are accessing a Service Tool, the content data will be stored in accordance with the terms and conditions outlined in an agreement. However, your access information (e.g., user id and password), may be stored in the server located in the U.S. (see Toppan Merrill’s Adherence to the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework below). Any personal data will be protected in accordance with this Privacy Notice. By visiting this Website or communicating electronically with us, you consent to the processing and transfer of your data as set out in this Privacy Notice.

Toppan Merrill’s Adherence to the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework 

Toppan Merrill adheres to the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Toppan Merrill has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

By adopting the Data Privacy Frameworks, Toppan Merrill understands that it is subject to the investigatory and enforcement powers of the Federal Trade Commission and may be liable, under U.S. law, in cases of onward transfer of personal data to third parties outside the permitted uses agreed upon in this Notice.

Enforcement

We will regularly review how we meet privacy objectives. In compliance with the Data Privacy Frameworks, Toppan Merrill commits to resolving complaints about our collection or use of personal data. EU and UK individuals with inquiries or complaints regarding the Data Privacy Frameworks should first contact Toppan Merrill at [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Toppan Merrill commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to Judicial Arbitration and Mediation Services (JAMS), an alternative dispute resolution provider based in United States to arbitrate claims related to non-human resources data. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. In certain circumstances, you may invoke binding arbitration, upon, providing Toppan Merrill notice, following the procedures, and subject to the  terms as set forth in Annex I of the DPF Principles which in certain circumstances may include binding arbitration (for more information please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction).

Further, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Toppan Merrill commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

The General Data Protection Regulation (GDPR)

Toppan Merrill is compliant with GDPR. Direct related questions to [email protected].

Data Retention

Toppan Merrill retains the information it receives about you pursuant to applicable laws and regulations. There are certain exceptions under CCPA/CPRA wherein Toppan Merrill may be required to retain personal data including, but not limited to, completing a commercial contract, providing a service or complying with legal obligations.

For Inquiries and/or to Submit Requests for Information, Deletion or Correction

Please contact: [email protected] for inquiries about Toppan Merrill’s Privacy Notice or to submit your request for information, deletion or correction. Only you (or your validated, authorized agent) may make a request for information. You will never be discriminated against based on a request for information, deletion or correction.

Contact Us: Mail Opt-Out

To unsubscribe, please click the “unsubscribe” link located at the bottom of the e-mail, email us at [email protected], or, by writing to us at: Toppan Merrill LLC, 1501 Energy Park Drive, St. Paul, MN 55108, Attn: Opt-Out List Master, if you wish to Opt-Out.