HighRoad Press (“Company” or “We” or “Us” or “Our”) respect your privacy and are committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On our website located at https://www.highroadpress.com/ (“Website”).
- In email, text, and other electronic messages between you and us.
- Through telephone, mail, or other methods of collection.
It does not apply to information collected on any other website operated by any third party or collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at:
220 Anderson Avenue
Moonachie, NJ 07074
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your California Privacy Rights for more information.
Information We Collect About You and How We Collect It
We may collect several types of personal information from and about you, including:
- Personal identifiers, including name, postal address, online identifier, email address, IP address, telephone number, or other similar identifiers.
- Protected classification characteristics, including race, citizenship, religion, marital status, gender, veteran, or military status, or other similar identifiers.
- Commercial information, including products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies.
- Internet or other network activity, including browsing history, search history, information on a consumer’s interaction with a website, application, or advertising.
- Geolocation data, including physical location or movements.
- Professional- or employment-related information, including current or past job history or performance evaluations.
- Inferences drawn from other personal information, including profiling a person’s preferences, characteristics, behavior, abilities, and attitudes.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
We collect this information:
- Directly from you when you provide it to us.
- Automatically as you navigate through our Website. Information collected automatically may include usage details, IP addresses, and information collected through cookies.
The information we collect on or through our Website may include:
- Information that you provide by filling in forms on our Website. This includes information provided at the time of requesting further services. We may also ask you for information when you report a problem with our Website.
- Records and copies of your correspondence (including email addresses), if you contact us.
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data-Collection Technologies.
As you navigate through and interact with our Website, we may use automatic data-collection technologies to collect certain information about your equipment, browsing actions, and patterns. The information we collect automatically may include personal information. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Website and its contents to you.
- To provide you with information, products, or services that you request from us.
- To fulfill any other purpose for which you provide it.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Website or any products or services we offer or provide though it.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose personal information that we collect or you provide as described in this policy:
- To our subsidiaries and affiliates.
- To contractors, service-providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our Company, our customers, or others.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
The security and confidentiality of your Information is important to us. We work hard to protect your information from loss, misuse, or unauthorized access or disclosure, and follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once it is received. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The information about each user is stored on servers that are behind a firewall and physically housed within secure data centers. Furthermore, our internal practices help protect your privacy by limiting employee access to and use of your information on a permissions-based and role-specific basis. Given the nature of communications and information processing technology, we cannot guarantee that your information, during transmission or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others. It is important that you protect against unauthorized access to your account information and to your computer. If you have any questions about the security of your personal data, you can contact us at email@example.com
Commitment to Information Security
HighRoad Press is committed to maintaining the security, confidentiality, integrity, and availability of the data our customers entrust to us.
Our secure printing environment features a robust set of security controls and processes to protect the transmission, processing, and storage of sensitive data throughout its lifecycle. Most of those same protocols already exist throughout the HighRoad Press environment ensuring the safety of customer data across the company; these protections include, but are not limited to:
- Strong information security program as evidenced through:
- Comprehensive set of information security policies that are thoroughly reviewed and tested by a third-party security partner
- Routine training on email phishing, phishing campaigns to test users’ response to threats, and reporting of these threats
- Ongoing risk management cycle which involves identifying, reviewing, mitigating and/or accepting risk within the environment
- IT Asset Management: agents are deployed on employee workstations and production servers that provide the HighRoad Press IT team and its partners with up-to-the-moment information about their secure environment. These agents alert over devices that are not in compliance with their hardened security policies.
- System Maintenance (Patch Management): We deploy the latest security patches and upgrades to critical systems within their environment within 30 days of release. These patches are applied to both the operating system and third-party applications and services.
- Secure FTP (SFTP) servers: all data ingestion occurs through hardened SFTP endpoints to ensure secure and encrypted transmission of data. These servers are regularly monitored for access control and secure transmission to the production printing environment. To ensure secure transmission of sensitive information, customers are encouraged to provide data through this secure portal.
- Access control methodology: HighRoad Press employs both strict role-based access control and least privilege principles to limit information access to only authorized individuals.
- Mobile security: HighRoad Press employs Multi-Factor Authentication (MFA) for devices not physically present on the network. Additionally, we use Mobile Application Management (MAM) to secure mobile endpoints.
- Firewall protection: next-generation firewall systems are in place at each facility to protect internal systems from untrusted networks and intrusions. These firewalls are centrally managed, reviewed frequently, and feature advanced threat protection solutions.
- Physical security: all facilities are physically protected by a badge access system. Access to printed product and IT systems are restricted to authorized personnel. A Visitor Management System ensures authorized access for any non-employee entering our headquarters and partner locations.
- Anti-malware: All assets have a next-generation anti-virus solution deployed and centrally monitored. Systems that detect malicious software automatically quarantine themselves and alert our SOC team.
- Hardened configuration policies: employee workstations and servers are protected using advanced threat protection policies; these configurations have been reviewed and approved by our third-party information security partner.
The above controls have been configured and implemented across all printing facilities within the HighRoad Press network to ensure the protection of customer data against cyber security and physical presence threats. Securing our customer’s data is of paramount importance to our organization. Please direct any further questions you may have to firstname.lastname@example.org.
European Union Data Processing, Retention, and Transfers
This section applies only to our processing of personal data of EU country residents. Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, you are the controller of your information, and we are the processor of your information. There may be circumstances where we receive your information from our customer, for whom we process your information per instructions received from our customer.
We are committed to complying with the General Data Protection Regulation (“GDPR”) when dealing with personal data from theEuropean Union, the European Economic Area, and their member states, Switzerland and the United Kingdom. Effective May 25, 2018, you may have certain statutory rights in relation to your personal data. Subject to any exemptions provided by law, you may have the right to request access to your personal data, as well as to seek to update, delete, or correct your personal data. You can do this as outlined in this policy. To the extent that we process of your personal data that is subject to the GDPR, we rely on our legitimate interests in operating the Website or providing services to you to process your data. We may also process information that constitutes your personal data for direct marketing purposes, and you have a right to object to our use of your personal data for this purpose at any time.
As a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or is required by law or other legal obligations.
We use several safeguards if we transfer personal data originating from the European Union, the European Economic Area, and their member states, Switzerland and the United Kingdom, to other countries not deemed adequate under applicable data protection law, in compliance with GDPR, including using contractual protections that EU regulators have preapproved to ensure your data is protected.
Any questions with respect to data originating from the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, to other countries may be sent to: email@example.com.
EU residents may access the personal data we hold about you, request that inaccurate, outdated or no longer necessary information be corrected, erased or restricted, and ask us to provide data in a format that allows you to transfer it to another person. EU residents may also withdraw consent at any time where we are relying on your consent to process your personal data or object to our processing of your personal data where that processing is based on our legitimate interest. To exercise your rights under this policy contact us at: firstname.lastname@example.org.
If you have any concerns about our processing of your personal data, you have the right to complain to your local data protection regulator.
California Resident Privacy Rights
This section applies only to our processing of personal information of California residents. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information; subject to certain exclusions from the protections granted under California law. California residents have the following rights regarding their personal information:
- Access to Specific Information and Data Portability Rights. The right to request that we disclose certain information to you about our collection and use of your personal information over the prior 12-month period. Once we receive and confirm your verifiable request, we will disclose to you: the categories of personal information collected, the sources collected from, the purpose for collection, the categories of third parties shared with, and the specific pieces of personal information collected about you.
- Deletion Request Rights. The right to request we delete any of your personal information we’ve collected from you and retained (subject to exceptions granted under law). Once we receive and confirm your verifiable request, we will delete your personal information records, unless an exception applies.
To exercise a request described above, submit a verifiable consumer request to: email@example.com or via our toll-free number: 844-584-3311.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
In the preceding twelve (12) months, we have not sold your personal information.
We will not discriminate against you for exercising any of your foregoing rights. Unless permitted by the applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Do-Not-Track signals are certain consumer browser settings that request that a web application disable its tracking of an individual user. While our Website does not currently recognize Do-Not-Track signals, we do not track activities that occur on websites other than our own and declining to accept cookies will ensure that online activities on our websites are not tracked.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact:
220 Anderson Avenue
Moonachie, NJ 07074
It is our policy to post any changes we make to our policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this policy to check for any changes.
To ask questions or comment about this policy and our privacy practices, contact us at:
220 Anderson Avenue
Moonachie, NJ 07074