• PDF Expert
  • Features
    • iPhone and iPad
      • All Features
      • Read PDF
      • Annotate PDF
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
    • Mac
      • All Features
      • Edit PDF
      • Read PDF
      • Annotate PDF
      • Fill out PDF Forms
      • Combine PDFs
      • Sign PDFs
  • Resources
    • Blog
    • Templates
    • Help Center
    • Experience iOS
    • Experience Mac
    • How-to Guides for iOS
      • All How-Tos
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Annotate PDF
      • View PDF
      • Transfer PDFs
      • Convert PDF
      • Create PDF
      • Compress PDF
    • How-to Guides for Mac
      • All How-Tos
      • Fill out Tax Forms
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Create PDF
      • Compress PDF
    • Responsible Disclosure
    • Legal
  • Business
  • Pricing
  • PDF Expert
Free download Buy now
Legal
Legal
Terms of Service
Privacy Notice Website
Privacy Notice for App
Cookie Policy
Data Processing Agreement (EEA)
Data Processing Agreement (US)
Responsible Disclosure
Privacy FAQ
Archives

Privacy Notice
PDF Expert Website

Last updated: November 06, 2023




Intro

Readdle Limited (“Readdle” or “we”) welcomes you. We provide you with our website, available following the link https://pdfexpert.com (“Website”).

This Privacy Notice describes which of your personal data the Website collects, how stores, processes, and uses it, and what happens when you use the Website.

We collect your personal data according to this Privacy Notice when you use the Website. When you use our iOS or MacOS application “PDF Expert” (“App”), your personal data is processed in accordance with the Privacy Notice for PDF Expert App.

We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.

Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.

Table of Contents

  • About Us
  • About You
  • Personal Data
    • Sources of Data
    • Legal Basis for Processing
    • Visitors’ Data
    • Potential Clients’ Data
    • Clients’ Data
    • Educational Clients’ Data
    • Support Requesters’ Data
    • ​​License Support Requesters’ Data
    • Partners’ Data
    • Newsletter Subscribers’ Data
    • Feedback Providers’ Data
    • Data Received from Third Parties
  • Data Sharing with Third Parties
    • Details
  • Data Transfer Outside the European Economic Area
  • Security Measures
  • Data Subjects Rights
    • European Economic Area Residents
    • United States Residents
    • Do Not Sell My Personal Information
    • Do-Not-Track Requests
  • Privacy Notice Updates

About Us

Name Readdle Limited
Registration number 630281
VAT IE 3560869EH
Address Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland.
Email rdsupport@readdle.com – for general inquiries
dpo@readdle.com – for privacy inquiries

About You

When you visit the Website, you become our user (“User”).

Data subject Description
Visitor User who visits the Website.
Potential Client User who fills out the “Contact sales” form.
Client User who buys a paid version of the App.
Educational Client User who fills out the “Special Offer” form for students and educators.
Support Requester User who fills out the “Contact us” form on the support topic.
License Support Requester User who fills out the “License Retrieval” form.
Partner User who applicate through the “Affiliate program” form.
Newsletter Subscriber User who subscribes to the newsletter via “Subscribe to News” form.
Feedback Provider User who provides feedback about the Website or the App to us directly or via a third-party platform.
Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us.

Personal Data

Sources of Data

We receive data about you when you visit our Website and interact with it, depending on your actions on the Website.

We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.

Legal Basis for Processing

To process your personal data, we rely on the following legal bases:

  • performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (for example, the Terms of Service) with you;
  • legal obligation — for the processing of data as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
  • legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
  • consent — for additional processing for specific purposes.

Visitors’ Data

When you visit the Website, we may collect some technical data automatically. We need technical data to operate, support, and improve the Website’s functionality.

Type of data Description Reasons for processing Legal basis
Necessary cookies. Information about your visits and use of the Website, including the source of the links, the time and duration of the visit, and navigation. The smooth operation of the Website and improvement of the Website and the Service. Legitimate interest.
Information that is necessary for the operation of the Website. Improving your experience using the Website. Performance of the contract.
Statistics cookies. Information that helps us to understand how you interact with the Website by collecting and reporting information anonymously. Improvement of the Website and analysis of the statistic for other purposes. Consent.
Preference cookies. Information that is necessary for the operation of some services on the Website. The operation of some services on the Website. Consent.
Marketing cookies. Marketing information used to match relevant advertising to you. Marketing. Consent.
Pixel technology Information that is needed to collect metrics on the marketing campaigns: opening rate, time, conversion, etc. Analytics Consent
Data storage
Cookies. Stored during the terms indicated in the Cookie Policy.
Pixel technology Stored during the terms indicated in the Cookie Policy.

Potential Clients’ Data

We may ask you for some information about your company to contact you and offer you a subscription for your team.

Type of data Reasons for processing Legal basis
Full name. To personalize our response to your request. Legitimate interest.
Email. To respond to your request. Performance of the contract.
Company name. To personalize our response to your request. Legitimate interest.
Number of subscriptions. To send you relevant offer. Performance of the contract.
Mobile Device Management System. To send you relevant offer. Performance of the contract.
Email hash. To analyze your actions on the Website in order to understand you better and improve the Website. Consent.
Data storage
We store the data during communication and 1 year after, if we have not concluded an agreement.
We store the data during your use of the App and 6 years after the termination of the agreement between Readdle and you, if we have concluded an agreement.
We store email hash for 2 years.

Clients’ Data

In order to buy a paid version of the App, you shall provide us with your payment information.

We also keep the history of payments, as this is a legal requirement, and we cannot delete this information until the filing of the annual accounts expires.

Type of data Reasons for processing Legal basis
Subscription data
  • email;
  • information about your credit card and name of the cardholder;
  • your country of location.
Creating a subscription and responding to your request. Performance of the contract.
Confirming your payment. Legal obligation.
Email hash. To analyze your actions on the Website in order to understand you better and improve the Website. Consent.
Data storage
We store the data during your use of the App and 6 years after the termination of the agreement between Readdle and you.
We store email hash for 2 years.

Educational Clients’ Data

We may ask you for an additional information regarding your educational institution to offer you a special type of subscription.

Type of data Reasons for processing Legal basis
Educational email and educational institution name. To confirm your student’s status. Performance of the contract.
Email hash. To analyze your actions on the Website in order to understand you better and improve the Website. Consent.
Data storage
We store the data during your use of the App and 6 years after the termination of the agreement between Readdle and you.
We store email hash for 2 years.

Support Requesters’ Data

When you address your request to support on the Website, we collect some information to help you.

Type of data Reasons for processing Legal basis
Email. To fulfill your support request. Performance of a contract.
Name. To personalize our response to your support request. Legitimate interest.
Text of the request. To fulfill your support request. Performance of a contract.
Attached files. To fulfill your support request. Performance of a contract.
Device type. To fulfill your support request. Performance of a contract.
Privacy requests
If you contact us through the DPO mailbox, we will process your request with the help of Spark Mail.
Data storage
We store the data until we resolve your issue and 1 year after that.

​​License Support Requesters’ Data

If you have a trouble with access to your license, we will ask you to provide us with your email related to your license.

Type of data Reasons for processing Legal basis
Email. To help you find your license. Performance of a contract.
Data storage
We store the data until we resolve your issue and 1 year after that.

Partners’ Data

If you want to take part in our PDF Expert affiliate program, we may ask you some information about you and your business.

Type of data Reasons for processing Legal basis
Your information:
  • full name;
  • user name;
  • email;
  • password.
Creation of the Affiliate Partner’s account. Performance of the contract.
Company information:
  • company name;
  • company website;
  • country of residence;
  • business address;
  • currency;
  • timezone.
Creation of the Affiliate Partner’s account. Performance of the contract.
Promotional information:
  • company website;
  • type of operational system;
  • links to social networks accounts.
Creation of the Affiliate Partner’s account. Performance of the contract.
Data storage
We store the data during the existence of the Partners’ account and 6 years after that.

Newsletter Subscribers’ Data

Type of data Reasons for processing Legal basis
Email. Marketing mailing. Consent.
Data storage
We store the data until you unsubscribe from the mailing.

Feedback Providers’ Data

When you submit your feedback about the Website or the App to us directly or via third-party platforms, we process personal data in your feedback, which may include your first and last name, username, the text of the feedback and/or any other information such as the feedback submission date, the rating which you assigned to the App, etc., contained in or related to the feedback.

When Data we process Reasons for processing Legal basis
You provided feedback to us directly. Email. To respond to your feedback and ask for your consent. Consent.
First and last name or username. To use your feedback in our marketing activities.
Type of device. To process your request.
Text of the feedback. To use your feedback in our marketing activities.
You provided feedback via a third-party platform. First and last name or username. To use your feedback in our marketing activities. Legitimate interest.
Text of the feedback. To use your feedback in our marketing activities.
Data storage
Direct feedback data. Stored for 5 years from feedback or the last communication on feedback.
Third-party source feedback data. Stored for 2 years from feedback or the last communication on feedback.

Data Received from Third Parties

We may receive some personal data from third parties. Mainly, the received data is the same as indicated in this Privacy Notice, provided not by the User, but by the representative of the purchaser of the Website.

The amount of data collected, the purposes, and the legal basis for processing is determined by the respective privacy documents of these parties.

Third parties Description
Analytics tools We use various analytics tools to understand and promote our business. To get a detailed list of analytics tools, contact us.
Social networks We use various social networks to spread information about our activities. To get a detailed list of social networks, contact us.
Messengers We use different messengers to communicate with you in ways that are convenient for you. To get a detailed list of messengers, contact us.
CRM systems We use various CRM systems to develop our public organization. To get a detailed list of CRM systems, contact us.

Data Sharing with Third Parties

We use your personal data on the basis of the performance of the contract to provide services and communicate with the Users.

We share your data with the service providers (please, request Annex A. List of the processors to look through the list of service providers) and contractors to the extent necessary to provide services, technical and customer support, who, for example, help us:

  • operate, develop, and improve the features and functionality of our Website;
  • provide you with their services;
  • complete your payment transactions;
  • fulfill your support requests;
  • communicate with you as described elsewhere in this Privacy Notice.

In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third-party.

We can share your data on the following grounds: consent, legal obligation, and legitimate interest.

Details

Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.

Services our team uses We use CRM systems, messengers, and other services in our organization to procide you with our services.
To manage and fulfill privacy request we use:
  • Spark for processing requests and communication with the user;
  • Jira for internal tracking and timely involvement of responsible ones in scope of request.

Consent. We may transfer your personal data based on your explicit consent.

Legal obligation. We may disclose your personal data to third parties to the extent that it is necessary:

  • to comply with a government request, court order, or applicable law;
  • to prevent unlawful use of our Website or policies;
  • to protect against claims of third parties;
  • to help prevent or investigate fraud.

Transfer of personal data to third parties. We may transfer your personal data to third parties based on a data processing agreement, subject to applying technical and organizational measures to protect your personal data. We may share data with certain companies, consultants, and contractors hired to provide certain services to us or on our behalf.

Please note! We will ask for your consent if data transfer is not part of the contract.

Data Transfer Outside the European Economic Area

The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.

There is no adequate decision by the European Commission regarding either the US or Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

You can read more detailed measures to protect your personal data here and in our Data Processing Agreement for the European Economic Area residents and Data Processing Agreement for the United States residents.

However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.

Security measures

We regularly perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed. We follow ISO 27001 Standard to put all security controls in place as a basis.

To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).

Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements.

Here you can find information about the steps we mentioned above:

Physical measures
Limited access to premises
We use logically separate databases to prevent unauthorized persons from accidentally reading data to separate data.
Access to the data is also restricted because employees use services (applications) that control access.
Stress-tests
Organizational measures
Policies and instructions
  1. Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length
  2. Monitoring and physical access policy
  3. Contractual obligations and corporate VPN
  4. Internal security policy
  5. Access control policy
Transfer protection
  1. Data protection agreements
  2. Data transfer agreements
  3. Standard contactual clauses
Agreements
  1. Non-disclosure agreements
  2. Data protection agreements
Contractor and staff training Privacy protection
  1. Implementation of privacy by design and privacy by default
  2. Internal procedures for GDPR compliance
Regular access and policy review

Code review
Technical measures
Encryption technologies:
encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys
Backup:
We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail.
Critical services are operated redundantly in multiple data centres and controlled by a high-availability system.
Two-factor authentication
Static Analysis Quality Assurance
Regular Patch Management Dependency and Supply Chain Vulnerability Check

Data Subjects Rights

European Economic Area Residents

You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:

The right Description
Right to access You can request an explanation of the processing of your personal data.
Right to rectification You can change the data if it is inaccurate or incomplete.
Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restrict the processing You may partially or completely prohibit us from processing your personal data.
Right to data portability You can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to object You may object to the processing of your personal data.
Right to withdraw consent You can withdraw your consent at any time.
Right to file a complaint If your request was not satisfied, you can file a complaint to the regulatory body.
To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.

United States Residents

You, as data subjects, have some special privacy rights. To use them, please contact us.

Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.


If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to you, but may include:

Right Description Area
Right to access You can request an explanation of the processing of your personal data. California, Virginia, Ohio, Colorado, Nevada, Massachusetts Minnesota, New York, North Carolina, Pennsylvania, Delaware, Utah
Right to rectification You can change the data if it is inaccurate or incomplete. California, Virginia, Colorado, Nevada, Delaware Massachusetts, Minnesota, New York, North Carolina
Right to deletion You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. California, Virginia, Ohio, Colorado, Massachusetts Minnesota, New York, North Carolina, Pennsylvania, Utah
Right to restriction You may partially or completely prohibit us from processing your personal data. California, Massachusetts New York
Right to portability You can request all the data that you provided to us, as well as request to transfer data to another controller. California, Virginia, Ohio, Colorado, Massachusetts Minnesota, New York, North Carolina, Utah
Right to Opt-Out You may prohibit the sharing or selling of your data. California, Virginia, Ohio, Nevada, Massachusetts, Minnesota New York, North Carolina, Pennsylvania, Delaware, Colorado, Utah
Right Against Automated Decision Making You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. California, Virginia, Colorado, Massachusetts Minnesota, New York, North Carolina
Right to lodge a complaint If your request was not satisfied, you can file a complaint to the regulatory body. by default
Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us.

Do Not Sell My Personal Information

California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.

Readdle does not sell your personal information to anyone nor use your data as a business model.

However, we support the CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.

Do-Not-Track Requests

California residents visiting our Website may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.

Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.

We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.

Privacy Notice Updates

The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Existing laws and requirements for processing personal data are subject to change. Should this be the case, we will publish a new version of the Privacy Notice addressing such changes on our Website.

If we make substantial changes to the Privacy Notice or the Website that affect your data privacy rights, we will notify you by email or display information on the Website and ask you to read it. We will notify you in advance, and, if you continue using the Website after the changes come into effect, it shall be deemed that you have agreed to and accepted the updated Privacy Notice.

Features

  • iPhone and iPad
  • Mac

How-Tos

  • iPhone and iPad
  • Mac

Company

  • Blog
  • Press Kit
  • Help Center
  • Become an Affiliate

Legal

  • Privacy Notice - Web
  • Privacy Notice - App
  • Terms of Service
Copyright © 2007 - 2025 Readdle Limited.

Apple, the Apple logos, MacBook, iPad, iPhone, Apple Watch and Apple Vision Pro are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are a service mark of Apple Inc., registered in the U.S. and other countries.

Terms of Service
Privacy Notice