• PDF Expert
  • Features
    • iPhone and iPad
      • All Features
      • Read PDF
      • Annotate PDF
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
    • Mac
      • All Features
      • Edit PDF
      • Read PDF
      • Annotate PDF
      • Fill out PDF Forms
      • Combine PDFs
      • Sign PDFs
  • Resources
    • Blog
    • Templates
    • Help Center
    • Experience iOS
    • Experience Mac
    • How-to Guides for iOS
      • All How-Tos
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Annotate PDF
      • View PDF
      • Transfer PDFs
      • Convert PDF
      • Create PDF
      • Compress PDF
    • How-to Guides for Mac
      • All How-Tos
      • Fill out Tax Forms
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Create PDF
      • Compress PDF
    • Responsible Disclosure
    • Legal
  • Business
  • Pricing
  • PDF Expert
Free download Buy now
Legal
Legal
Terms of Service
Privacy Notice Website
Privacy Notice for App
Cookie Policy
Data Processing Agreement (EEA)
Data Processing Agreement (US)
Responsible Disclosure
Privacy FAQ
Archives

Data Processing Agreement (US)

1. Information About the Parties

Name: App User Readdle Limited
Role in the processing: Controller Processor
Registered Address: Glandore Business Centre, Grand Canal House,
1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland
Company Number: 630281
Email: rdsupport@readdle.com – for general inquiries

dpo@readdle.com – for privacy inquiries

This Data Processing Agreement (“DPA”) is an integral part of the Terms of Service (“Terms”) and governs the personal information processing activities between Readdle Limited (“Readdle” or “we”) and App Users that are the residents of the United States of America, and constitutes a binding agreement between the Controller and the Processor. In this DPA, Readdle and the App User shall be jointly referred to as the “Parties” and each separately as a “Party”.

2. Applicability

The App User is the individual that has downloaded the Readdle application named PDF Expert (“App”) available via:

  • https://pdfexpert.com/;
  • https://apps.apple.com/ua/app/pdf-expert-edit-and-sign-pdf/id1055273043?l=uk&mt=12;
  • https://apps.apple.com/us/app/pdf-expert-pdf-editor-reader/id743974925;

to which the App User is being granted access under the Terms.

Unless defined in this DPA, all capitalised terms used herein shall have the meaning given to them in the Terms. In the event of any conflict between the Terms and this DPA, the terms of this DPA shall prevail in relation to the processing of personal data set out in this DPA.

This DPA shall apply to the processing by Readdle of the personal information (“Personal Information”) of the third parties (“Third Parties”) provided in the files uploaded to the App by the App User.

3. Purpose of Information Processing

The App User uploads the files containing the Personal Information into the App and Readdle processes this Personal Information solely for the purpose of Readdle providing the functionality of the App to the App User.

4. Processing of Personal Information

Following the purposes of the processing of the Personal Information, it shall include, but is not limited to, the following:

  • transferring of the information between the Parties or by the Party with a third party under the “Details of processing” sections of the DPA;
  • storing of the Personal Information on servers;
  • subcontracting the processing of the Personal Information to the sub-processors;
  • granting third parties rights to access the Personal Information;
  • deletion or return of the Personal Information;
  • using the Personal Information for the purpose of fulfilling the Terms.

5. Personal Information

Readdle processes the Personal Information the App User provides in App. The amount of the Personal Information is determined by the App User solely, and it may contain any personal information of the Third Parties including, but not limited to, special categories of data.

The Parties will notify each other without undue delay if they become informed by the Third Party of inaccuracies in the Personal Information.

6. Personal Information Storage Term

Readdle Limited shall store the Personal Information received from the Controller for the periods specified in the PDF Expert Privacy Notice for App, available following the link https://pdfexpert.com/legal/privacy-app, and in the backup for 1 week thereafter.

After that, Readdle shall delete or return all Personal Information to the App User.

Notwithstanding anything to the contrary in this section, Readdle may retain Personal Information, or any portion of it, if required by applicable law, provided such Personal Information remains protected in accordance with the Terms, this DPA, and applicable laws and regulations.

7. Details of Processing

Type of data Reasons for processing Legal basis
Personal Information contained in files uploaded by the App User. Providing the App User with the App’s functionality with regard to these files. Performance of the contract.

8. Sensitive Information

Sensitive information may be transferred for processing at the discretion of the Controller. The Processor shall implement safeguards to protect it (read more in Data Protection Measures).

9. Limitation of the Processing

Readdle shall not collect, retain, use, transfer, disclose, or otherwise process the Personal Information for any purpose other than providing the functionality of the App.

Readdle shall process the Personal Information only as necessary to provide the App functionality and to fulfill the obligations set out in the Terms.

Readdle does not use Personal Information outside of direct contractual relations.

10. The Frequency of the Transfer for Processing

Personal Information will be transferred for processing on a continuous basis.

11. Nature of the Processing

Readdle collects the Third Parties’ Personal Information to process it upon the App User’s request. 

12. Sub-processors

The App User agrees that Readdle may engage sub-processors to process the Personal Information on behalf of the App User, providing the necessary safeguards.

Readdle may engage the sub-processor at any time at its sole discretion.

Readdle shall make available to App User, upon its request, a current list of sub-processors engaged in connection with the provision of the App’s functionality.

Readdle transfers the Personal Information to its sub-processors solely for processing. 

13. Recipients

The Personal Information may only be disclosed to the following recipients or categories of recipients and only if appropriate safeguards are in place:

  • advisers, contractors, consultants, and other professional experts;
  • partners;
  • team members;
  • third parties.

14. No Sale of Personal Information under the California Consumer Privacy Act

The Parties shall not have, derive, or exercise any rights or benefits regarding processing the Personal Information and may use and disclose the Personal Information solely for the purposes for which such the Personal Information was provided to it, as stipulated in this DPA.

The Parties certify that they understand the rules, requirements, and definitions of the California Consumer Privacy Act (“CCPA”) and agree to refrain from selling any Personal Information nor taking any action that would cause any transfer of the Personal Information to qualify as “selling” such Personal Information under the CCPA.

15. Data Protection Measures

The Processor shall implement appropriate technical and organizational measures to protect the Personal Information.

Implemented measures must be appropriate to the scope and risks of Personal Information processing. Relevant technical measures must be implemented on every device and data storage the Processor uses to access and process Personal Information.

The Processor must ensure that its employees, agents, and contractors:

  • can access the Personal Information only when access is strictly necessary for the purposes of the DPA;
  • are informed of the confidential nature of the Personal Information;
  • are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

The Processor must implement at least the following safeguards:

Physical measures
Limited access to premises
Organizational measures
Policies and instructions
  1. Password policy
  2. Monitoring and physical access policy
  3. Contractual obligations and corporate VPN
  4. Internal security policy
  5. Access control policy
Transfer protection
  1. Data protection agreements
  2. Data transfer agreements
  3. Standard contractual clauses

Agreements
  1. Non-disclosure agreements
  2. Data protection agreements
Contractor and staff training Privacy Protection:
  1. Implementation of privacy by design and privacy by default.
  2. Internal procedures for GDPR compliance
Regular access and policy review
Code review
Technical measures
Encryption technologies:
encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys
Backup
We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail.
Critical services are operated redundantly in multiple data centers and controlled by a high-availability system.
Two-factor authentication
Static Analysis Quality Assurance
Regular Patch Management Dependency and Supply Chain Vulnerability Check
Stress-tests

16. Data Breach Management and Notification

In a case of a data loss or breach incident affecting the security of Personal Information, Readdle shall notify the App User via the email address provided by the App User for the use of the App, without undue delay, but in no event later than 72 hours after identifying any potential or actual loss or breach.

Readdle shall make reasonable efforts to identify and take those necessary and reasonable steps to remediate or mitigate the cause of such data loss or breach incident.

Readdle shall provide reasonable assistance to App User in the event that the App User is required under applicable law to notify a regulatory authority or any data subjects impacted by such data loss or breach incident.

17. Applicable Legislation

Both Parties shall meet the requirements of the U.S. federal laws and privacy laws of states to the extent they may be applied as follows:

  • Federal Trade Commission Act;
  • California Consumer Privacy Act of 2018 (CCPA);
  • California Privacy Rights Act;
  • Colorado Privacy Act;
  • Connecticut Data Privacy Act;
  • Delaware Online and Personal Privacy Protection;
  • Maine Privacy Law;
  • Nevada Privacy Law;
  • New York State Personal Privacy Protection Law (PPPL);
  • Ohio Data Protection Act;
  • Utah Consumer Privacy Act;
  • Virginia Consumer Data Protection Act.

Regardless of the federal and state regulations and laws, the Processor is regulated by and meets the General Data Protection Regulation (GDPR) standards.

18. Change of Law

If there is a change of any relevant privacy laws, regulations, or rules, which affect the Terms of Service and this DPA in particular, the Processor shall amend it to comply with the law.

20. Competent Supervisory Authority

Сompetent supervisory authority is the Irish Data Protection Commission (DPC). For further information, please visit: https://www.dataprotection.ie/.

Features

  • iPhone and iPad
  • Mac

How-Tos

  • iPhone and iPad
  • Mac

Company

  • Blog
  • Press Kit
  • Help Center
  • Become an Affiliate

Legal

  • Privacy Notice - Web
  • Privacy Notice - App
  • Terms of Service
Copyright © 2007 - 2025 Readdle Limited.

Apple, the Apple logos, MacBook, iPad, iPhone, Apple Watch and Apple Vision Pro are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are a service mark of Apple Inc., registered in the U.S. and other countries.

Terms of Service
Privacy Notice