United GMG Data Protection Policy

At United GMG, we recognize the importance of protecting the privacy and personal data of our customers. This Data Protection Policy outlines how we collect, use, store, and protect the information provided by our customers. Our goal is to ensure that all data is handled securely, transparently, and in compliance with relevant data protection laws.

This policy applies to all employees, contractors, and partners of United GMG who handle customer data in any form, including electronic and paper-based formats. It covers all customer data collected, processed, and stored during the provision of our printing services.

We collect the following types of data from our customers:

• Personal Information: Name, contact details (e.g., phone number, email address), and payment information.
• Business Information: Company name, address, and other relevant details required for processing mailings.
• Project Information: Files, graphics, and other materials provided by the customer for printing, mailing, or signage services.

The data we collect is used for the following purposes:

• To process and fulfill customer orders including personalized printing, mailing and shipping.
• To communicate with customers regarding their orders, including updates, changes, and completion.
• To manage customer accounts and billing information.
• To comply with legal obligations, such as record-keeping and reporting.

We take the following measures to ensure the security of customer data:

• Digital Security: Customer data stored electronically on ShareFile by Citrix and OneDrive by Microsoft. It is protected by encryption, firewalls, and regular security updates. Access to digital data is restricted to authorized personnel only.
• Data Retention: Customer data is retained only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. After this period, data is securely deleted or destroyed.

We make every effort to comply with all applicable data protection and privacy legislation.

United GMG will only process personal data according to the explicit instructions provided by our customers. We will not process personal data for any other purposes.

• Third-Party Processors: We will not authorize any third-party processors (subcontractors) to process personal data without the customer’s prior written consent. If subcontractors are used, they will be bound by similar data protection obligations as our company.
• Data Transfers: Personal data will not be transferred to third parties or outside the relevant state or the USA without the customer’s prior written consent. If data must be transferred, an appropriate risk assessment and necessary controls will be implemented.

In the event of a data breach, United Graphics & Mailing Group will:

• Notify affected customers promptly and without undue delay.
• Take immediate steps to contain the breach and mitigate any potential damage.
• Cooperate fully with the customer in investigating the breach, providing access to relevant records, logs, and facilities as needed.
• Report the breach to relevant authorities if required by law after receiving customer's communication.
• Cover all reasonable expenses associated with the breach response, unless the breach was caused by the customer’s specific instructions, negligence, or breach of this policy.

We have implemented the following technical and organizational measures to protect personal data:

• System Access Controls:
  • All computers require username and password to log in. Systems lock out after too many failed login attempts.
  • Only personnel who require access to the Secure Workflow are granted access.
  • Personnel with Secure Workflow access are removed during the exit process if they leave the company.
  • Our systems are maintained and managed by our outsourced IT company.
• Data Access Controls:
  • Personnel have usernames and passwords. Granular sharing permissions and security alerts are enabled on ShareFile.
  • Access is managed through ShareFile, whose data centers are SOC 2 and ISO 27001 certified. Customer information is protected using TLS and up to 256-bit encryption.
• Transmission Controls:
  • All files submitted to United are sent through a secure FTP site.
• Pseudonymization and Encryption:
  • All client data is stored on encrypted drives.
• Confidentiality and Integrity:
  • We ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

Customers' Rights Regarding Their Data

• Access: Customers can request a copy of the data we hold about them.
• Correction: Customers can request corrections to any inaccurate or incomplete data.
• Deletion: Customers can request the deletion of their data when it is no longer necessary for the purposes for which it was collected.
• Objection: Customers can object to the processing of their data for specific purposes.

We allow for audits by customers to ensure compliance with our data protection obligations. Customers and their representatives may gain access to, inspect, and take copies of documents, electronic data, and other relevant information held by our company as needed.

We warrant that our processing of personal data is performed with reasonable care and skill. We will indemnify and defend our customers against any claims or damages arising from our failure to comply with this policy or data protection laws.

Upon termination of the agreement with a customer, we will either return or securely destroy all personal data in our possession, as instructed by the customer. We will certify in writing that the data has been destroyed within 7 days of completion.

We may update this Data Protection Policy from time to time to reflect changes in our practices or legal requirements. Customers will be notified of any significant changes, and the updated policy will be available on our website.

Contact Information

If you have any questions or concerns about this Data Protection Policy or your data, please contact us at:

United GMG
1864 S Elmhurst Rd, Mount Prospect, IL 60056
Phone: 847-588-7600