• PDF Expert
  • Features
    • iPhone and iPad
      • All Features
      • Read PDF
      • Annotate PDF
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
    • Mac
      • All Features
      • Edit PDF
      • Read PDF
      • Annotate PDF
      • Fill out PDF Forms
      • Combine PDFs
      • Sign PDFs
  • Resources
    • Blog
    • Templates
    • Help Center
    • Experience iOS
    • Experience Mac
    • How-to Guides for iOS
      • All How-Tos
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Annotate PDF
      • View PDF
      • Transfer PDFs
      • Convert PDF
      • Create PDF
      • Compress PDF
    • How-to Guides for Mac
      • All How-Tos
      • Fill out Tax Forms
      • Edit PDF
      • Fill out PDF Forms
      • Sign PDF
      • Merge PDFs
      • Create PDF
      • Compress PDF
    • Responsible Disclosure
    • Legal
  • Business
  • Pricing
  • PDF Expert
Free download Buy now
Legal
Legal
Terms of Service
Privacy Notice Website
Privacy Notice for App
Cookie Policy
Data Processing Agreement (EEA)
Data Processing Agreement (US)
Responsible Disclosure
Privacy FAQ
Archives

Data Processing Agreement (EEA)

1. Information About the Parties

Name: App User Readdle Limited
Role in the processing: Controller Processor
Registered Address: Glandore Business Centres, 26-27 Fitzwilliam Place, Fitzwilliam Hall, Dublin 2, D02T292, Ireland
Company Number: 630281
Email: rdsupport@readdle.com – for general inquiries

dpo@readdle.com – for privacy inquiries

This Data Processing Agreement (“DPA”) is an integral part of the Terms of Service (“Terms”) and governs the personal data processing activities between Readdle Limited (“Readdle” or “we”) and App Users that are the residents of the United States of America, and constitutes a binding agreement between the Controller and the Processor. In this DPA, Readdle and the App User shall be jointly referred to as the “Parties” and each separately as a “Party”.

2. Applicability

The App User is the individual that has downloaded the Readdle application named PDF Expert (“App”) available via:

  • https://pdfexpert.com/;
  • https://apps.apple.com/ua/app/pdf-expert-edit-and-sign-pdf/id1055273043?l=uk&mt=12;
  • https://apps.apple.com/us/app/pdf-expert-pdf-editor-reader/id743974925;

to which the App User is being granted access under the Terms.

Unless defined in this DPA, all capitalised terms used herein shall have the meaning given to them in the Terms. In the event of any conflict between the Terms and this DPA, the terms of this DPA shall prevail in relation to the processing of personal data set out in this DPA.

This DPA shall apply to the processing by Readdle of the personal data (“Personal Data”) of the third parties (“Third Parties”) provided in the files uploaded to the App by the App User.

General Data Protection Regulation, applicable laws and regulations of the Republic of Ireland, and other applicable laws and regulations (“Applicable Law”) shall apply to the DPA.

3. Purpose of Data Processing

The App User uploads the files containing the Personal Data into the App and Readdle processes this Personal Data solely for the purpose of Readdle providing the functionality of the App to the App User.

4. Processing of Personal Data

Following the purposes of the processing of the Personal Data, it shall include, but is not limited to, the following:

  • transferring of the data between the Parties or by the Party with a third party under the “Details of processing” sections of the DPA;
  • storing of the Personal Data on servers;
  • subcontracting the processing of the Personal Data to the sub-processors;
  • granting third parties rights to access the Personal Data;
  • deletion or return of the Personal Data;
  • using the Personal Data for the purpose of fulfilling the Terms.

5. Personal Data

Readdle processes the Personal Data the App User provides in App. The amount of the Personal Data is determined by the App User solely, and it may contain any personal data of the Third Parties including, but not limited to, special categories of data.

The Parties will notify each other without undue delay if they become informed by the Third Party of inaccuracies in the Personal Data.

6. Personal Data Storage Term

Readdle shall store the Personal Data received from the Controller for the periods specified in the PDF Expert Privacy Notice for App, available following the link https://pdfexpert.com/legal/privacy-app, and in the backup for 1 week thereafter.

After that, Readdle shall delete or return all Personal Data to the App User.

Notwithstanding anything to the contrary in this section, Readdle may retain Personal Data, or any portion of it, if required by Applicable Law, provided such Personal Data remains protected in accordance with the Terms, this DPA, and applicable laws and regulations.

7. Details of Processing

Type of data Reasons for processing Legal basis
Personal Data contained in files uploaded by the App User. Providing the App User with the App’s functionality with regard to these files. Performance of the contract.

8. Sensitive Data

Sensitive data may be transferred for processing at the discretion of the Controller. The Processor shall implement safeguards to protect it (read more in Data Protection Measures).

9. Limitation of the Processing

Readdle shall not collect, retain, use, transfer, disclose, or otherwise process the Personal Information for any purpose other than providing the functionality of the App.

Readdle shall process the Personal Data only as necessary to provide the App functionality and to fulfill the obligations set out in the Terms.

Readdle does not use Personal Data outside of direct contractual relations.

10. The Frequency of the Transfer for Processing

Personal Data will be transferred for processing on a continuous basis.

11. Nature of the Processing

Readdle collects the Third Parties’ Personal Data to process it upon the App User’s request. 

12. Sub-processors

The App User agrees that Readdle may engage sub-processors to process the Personal Data on behalf of the App User, providing the necessary safeguards.

Readdle may engage the sub-processor at any time at its sole discretion.

Readdle shall make available to App User, upon its request, a current list of sub-processors engaged in connection with the provision of the App’s functionality.

Readdle transfers the Personal Data to its sub-processors solely for processing.

The App User consents to the engagement of affiliate service providers as sub-processors in the scope of performance of the contract by Readdle.

With respect to changes of the sub-processors providing the services of server hosting the code and databases resulting in the change of the state of such sub-processor (excluding such change within the European Economic Area), Readdle shall endeavor to give notice sixty (60) days prior to any change but in any event, shall give notice no less than thirty (30) days prior to any such change. 

13. Recipients

The Personal Data may only be disclosed to the following recipients or categories of recipients and only if appropriate safeguards are in place:

  • advisers, contractors, consultants, and other professional experts;
  • partners;
  • team members;
  • third parties.

14. Data Subject Rights

As part of the App’s functionality, Readdle provides the App User with a number of self-service features, including the ability to delete, obtain a copy of, or restrict the use of Personal Data.

The App User may use these self-service features to assist in complying with its obligations under Applicable Law with respect to responding to requests from data subjects via the App at no additional cost.

In addition, upon App User’s request, Readdle will provide reasonable additional and timely support (at App User’s expense only if complying with the App User’s request will require Readdle to assign significant resources to that effort) to assist the App User in complying with its data protection obligations with respect to data subject rights under Applicable Law.

The Party shall promptly inform the other Party in writing in the event that the Party receives:

  • any request from a data subject to exercise any of its rights under Applicable Law (including its rights of access, correction, objection, erasure, and data portability, as applicable); or
  • any request relating to the processing of App User’s account or usage data conducted by the other Party from any individual, organization, or governmental body, except for the Parties and the data subjects. 

The Parties agree to cooperate, in good faith, as necessary to respond to any such requests and fulfill their respective obligations under Applicable Law.

15. Data Protection Measures

The Processor shall implement appropriate technical and organizational measures to protect the Personal Data.

Implemented measures must be appropriate to the scope and risks of Personal Data processing. Relevant technical measures must be implemented on every device and data storage the Processor uses to access and process Personal Data.

The Processor must ensure that its employees, agents, and contractors:

  • can access the Personal Data only when access is strictly necessary for the purposes of the DPA;
  • are informed of the confidential nature of the Personal Data;
  • are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

The Processor must implement at least the following safeguards:

Physical measures
Limited access to premises
Organizational measures
Policies and instructions
  1. Password policy
  2. Monitoring and physical access policy
  3. Contractual obligations and corporate VPN
  4. Internal security policy
  5. Access control policy
Transfer protection
  1. Data protection agreements
  2. Data transfer agreements
  3. Standard contractual clauses

Agreements
  1. Non-disclosure agreements
  2. Data protection agreements
Contractor and staff training Privacy Protection:
  1. Implementation of privacy by design and privacy by default.
  2. Internal procedures for GDPR compliance
Regular access and policy review
Code review
Technical measures
Encryption technologies:
encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys
Backup
We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail.
Critical services are operated redundantly in multiple data centers and controlled by a high-availability system.
Two-factor authentication
Static Analysis Quality Assurance
Regular Patch Management Dependency and Supply Chain Vulnerability Check
Stress-tests

16. Data Breach Management and Notification

In a case of a data loss or breach incident affecting the security of Personal Data, Readdle shall notify the App User via the email address provided by the App User for the use of the App, without undue delay, but in no event later than 72 hours after identifying any potential or actual loss or breach.

Readdle shall make reasonable efforts to identify and take those necessary and reasonable steps to remediate or mitigate the cause of such data loss or breach incident.

Readdle shall provide reasonable assistance to App User in the event that the App User is required under Applicable Law to notify a regulatory authority or any data subjects impacted by such data loss or breach incident.

17. Impact Assessments and Consultations

Readdle shall provide reasonable cooperation to App User in connection with any data protection impact assessment (at App User’s expense only if such reasonable cooperation requires Readdle to assign significant resources to that effort) and consultations with regulatory authorities that may be required in accordance with Applicable Law.

18. Applicable Legislation

Both Parties shall meet the requirements of the EU privacy regulations and laws of the Republic of Ireland to the extent they may be applied, including the General Data Protection Regulation.

19. Change of Law

If there is a change of any relevant privacy laws, regulations, or rules, which affect the Terms of Service and this DPA in particular, the Processor shall amend it to comply with the law.

20. Competent Supervisory Authority

Сompetent supervisory authority is the Irish Data Protection Commission (DPC). For further information, please visit: https://www.dataprotection.ie/.

Features

  • iPhone and iPad
  • Mac

How-Tos

  • iPhone and iPad
  • Mac

Company

  • Blog
  • Press Kit
  • Help Center
  • Become an Affiliate

Legal

  • Privacy Notice - Web
  • Privacy Notice - App
  • Terms of Service
Copyright © 2007 - 2025 Readdle Limited.

Apple, the Apple logos, MacBook, iPad, iPhone, Apple Watch and Apple Vision Pro are trademarks of Apple Inc., registered in the U.S. and other countries. App Store and Mac App Store are a service mark of Apple Inc., registered in the U.S. and other countries.

Terms of Service
Privacy Notice