Privacy Notice
PDF Expert Website
Last updated: April 22, 2025
Key Changes to the Terms of Service and Privacy Notice for PDF Expert App
At Readdle, we prioritize our users, and, as PDF Expert evolves, we amend our Privacy Notice for Website accordingly.
In a nutshell, we:
- revised the structure of the Privacy Notice
We encourage you to carefully read the full text of the Privacy Notice for Website. The changes become effective as of the publication date above.
Intro
Readdle Limited (“Readdle” or “we”) welcomes you. We provide you with our website by following the link (“Website”) subject to the terms and conditions of our Terms of Service.
This Privacy Notice describes which of your personal data the Website collects, how stores, processes, and uses it, and what happens when you use the Website.
We collect your personal data when you use the Website according to this Privacy Notice. When you use our iOS, iPadOS, or MacOS application “PDF Expert” (“App” or “PDF Expert”), your personal data is processed in accordance with the Privacy Notice for PDF Expert App.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.
If you have any questions or comments about this Privacy Notice, visit our Support page for more information about the Website or contact us.
Table of Contents
- About Us
- About You
- Personal Data
- Data Sharing with Third Parties
- Data Sharing Outside the European Economic Area
- Security Measures
- Data Subjects Rights
- Cookies
- Privacy Notice Updates
About Us
We are the controller of your personal data processed through the Website. This means that we determine the purposes and means of personal data processing.
| Controller | Readdle Limited Company number: 630281 Glandore Business Centres, 26-27 Fitzwilliam Place, Fitzwilliam Hall, Dublin 2, D02T292, Ireland |
|---|---|
| Data Protection Officer | Privacity GmbH Neuer Wall 50, 20354 Hamburg, Germany |
| rdsupport@readdle.com – for general inquiries | |
| dpo@readdle.com – for privacy inquiries |
Our support team is happy to assist you in any matter. We kindly ask you to be polite and calm in your communication with us. Otherwise, we may not respond to offensive emails/messages.
About You
When you visit the Website, you become our user (“User”). We do not knowingly process the personal data of Users under the age of 16. If you are such a User or you are a legal representative of such a User, please contact us.
Personal Data
Sources of Data
We receive data about you when you visit our Website and interact with it, depending on your actions on the Website. Please read carefully the details below.
You can change your personal data in the Website by exercising your right to rectification or by the Website functionality. Please note that the same lawful bases and storage terms apply to the changed data.
We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
Lawful Basis for Processing
To process your personal data, we rely on the following lawful bases:
- performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, Terms of Service) with you;
- legal obligation — for the processing of data as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
- legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
- consent — for additional processing for specific purposes.
Technical Data
Similar to many other websites, we collect certain data about our Users when you visit our Website via cookies and similar technologies. Specifically, we may process such data as your IP address, device type, operating system version, unique device identifiers, browser type and language, domain, platform type, statistics about how you interact with the Website and other technical details.
For more details please refer to our Cookie Policy.
Potential Client Data
We may ask you for some information about your company to contact you and offer you a subscription for your team.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Full name | To personalize our response to your request | Legitimate interest | We store the data during your use of the App and 6 years after the termination of the contract between Readdle and you if we have concluded a contract If we have not concluded a contract, We store the data during communication and 1 year after |
| To respond to your request | Performance of the contract | ||
| Company name | To personalize our response to your request | Legitimate interest | |
| Number of subscriptions | To send you relevant offer | Performance of the contract | |
| Mobile Device Management System | To send you relevant offer | Performance of the contract |
Client Data
In order to buy a paid version of the App via our Website, you shall provide us with your payment information.
We also keep the history of payments, as this is a legal requirement, and we cannot delete this information until the filing of the annual accounts expires.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
Subscription information
|
Confirming the payment for compliance with the applicable law | Legal obligation | We store the data during your use of the App and 6 years after the termination of the contract between Readdle and you |
| Confirming the payment for providing you with the subscription to the App | Performance of the contract | ||
| Email hash | To analyze your actions on the Website in order to understand you better and improve the Website. | Consent | We store email hash for 2 years |
If you have a subscription activation code, you can redeem it on our Website. In some cases, when you purchase the subscription on our partners’ platforms, the partner may redeem such code and transfer to us your data necessary for the subscription activation.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
Subscription information
|
Confirming the transaction for compliance with the applicable law | Legal obligation | We store the data during your use of the App and 6 years after the termination of the contract between Readdle and you |
| Confirming the transaction for providing you with the subscription to the App | Performance of the contract |
We may ask you for an additional information regarding your educational institution to offer you a special type of subscription.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Educational email and educational institution name | To confirm your educator's status | Performance of the contract | We store the data during your use of the App and 6 years after the termination of the contract between Readdle and you |
Support Requests Data
When you address your request to support on the Website, we collect some information to help you.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Email Name Test of the request Attached FIles Device type |
To respond to your request | Performance of a contract | We store the data during communication and for 6 years after the last communication on the ticket |
| Privacy requests | |||
| If you contact us through the DPO mailbox, we will process your request with the help of Spark Mail. | |||
If you have a trouble with access to your license, we will ask you to provide us with your email related to your license:
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| To help you find your license | Performance of a contract | We store the data during communication and for 6 years after the last communication on the ticket |
Partner Data
If you want to take part in our affiliate program, you can fill out the form through Impact platform, acting as our processor.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
Your information:
|
Creation of the Affiliate Partner’s account | Performance of the contract | We store the data during the existence of the Partners’ account and 6 years after that |
Company information:
|
Creation of the Affiliate Partner’s account | Performance of the contract | |
Promotional information:
|
Creation of the Affiliate Partner’s account | Performance of the contract |
Newsletter Subscription Data
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| To send you recommendations, tips, news about the product and news about the company | Consent | We store the data until you unsubscribe from the mailing | |
| To inform you about major events and special offers for other products of the company and its partners | Legitimate interest | We store the data during the performance of the contract or until you object the processing |
Feedback Data
When you submit your feedback about the Website or the App to us directly or via third-party platforms, we process personal data in your feedback, which may include your first and last name, username, the text of the feedback, and/or any other information such as the feedback submission date, the rating which you assigned to the App, etc., contained in or related to the feedback.
| Feedback Provided to us Directly | |||
|---|---|---|---|
| Data | Reasons for Processing | Lawful Basis | Data Storage |
| To respond to your feedback and ask for your consent | Consent | We store the data for 6 years from feedback or the last communication on feedback | |
| First and last name or username | To use your feedback in our marketing activities | ||
| Text of the feedback | To use your feedback in our marketing activities | ||
| Feedback Provided via Third-party Platform | |||
|---|---|---|---|
| Data | Reasons for Processing | Lawful Basis | Data Storage |
| First and last name or username | To use your feedback in our marketing activities | Legitimate interest | We store the data for 2 years from feedback or the last communication on feedback |
| Text of the feedback. | To use your feedback in our marketing activities | ||
Data Received from Third Parties
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful basis for processing is determined by the respective privacy documents of these parties.
| Third Party | Privacy Documents |
|---|---|
| Stripe | Privacy Policy |
| Impact | Privacy Policy |
Data Sharing with Third Parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third parties.
To share your data, we rely on the following lawful bases, such as consent, compliance with the law, and performance of a contract, depending on specific circumstances.
| Third Party | Description |
|---|---|
| Analytics tools | We use analytics tools to understand and promote our business. |
| Contractors | We cooperate with contractors to operate, develop, and improve the features and functionality of the Website, fulfill your support requests, etc. We sign data processing agreements with them and impose various security measures to ensure your data is safe. |
| Services Website uses | We use third-party services to provide you with the functionality of the Website. |
| Services our team uses | We use CRM systems, messengers, and other services in our organization to provide you with our services. To manage and fulfill privacy requests we use: |
| State authorities, courts, law enforcement agencies, etc. | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:
|
| To get a detailed list of the third-party recipients of your personal data, contact us | |
Data Sharing Outside the European Economic Area
The personal data we collect is stored on the US servers, which participate in the Data Privacy Framework, and European Economic Area (“EEA”) servers, which fall under the General Data Protection Regulation.
We may share personal data with the recipients in the USA and other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation.
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.
If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
Security Measures
We routinely conduct Data Protection Impact Assessments to guarantee the implementation of adequate technical and organizational measures. These measures aim to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
To enhance the protection of your personal data, we employ HTTPS and encryption, establish segmented group and individual access (as necessary), utilize an alarm system, implement a corporate VPN, and adhere to formally approved internal policies, including those for password management and physical access.
Furthermore, we consistently monitor the state of the art of our technologies and diligently maintain backups. Additionally, all our contractors are bound by contractual obligations that comply with GDPR requirements.
You can contact us in case of any questions regarding security issues.
Here you can find information about the steps we mentioned above:
| Physical Measures | |
|---|---|
| Limited Access to Premises | |
| Organizational Measures | |
Policies and Instructions
|
Transfer Protection
|
| Contractor and Staff Training | Agreements
|
| Regular Access and Policy Review | Privacy Protection:
|
| Code Review | |
| Technical Measures | |
Encryption Technologies:
|
Backup
|
| Two-factor Authentication | Stress-tests |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
Data Subjects Rights
European Economic Area and United Kingdom Residents
As a data subject, you have the right to access, manage, and control your data directly or by submitting a request to us. This section outlines these rights and explains how you can exercise them based on your place of residence.
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
| For EEA residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
| For UK residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns. | |
United States Residents
Your rights vary depending on the state of your residency, as indicated below.
| Right | Description | Area | |
|---|---|---|---|
| Right to access | You can request an explanation of the processing of your personal data. | California Colorado Connecticut Indiana Iowa |
Montana Tennessee Texas Utah Virginia |
| Right to correct | You can change the data if it is inaccurate or incomplete. | California Colorado Connecticut Indiana |
Montana Tennessee Texas Virginia |
| Right to delete | You can send us a request to delete your personal data from our systems. | California Colorado Connecticut Indiana Iowa |
Montana Tennessee Texas Utah Virginia |
| Right to portability | You can request all the data you provided to us and request to transfer data to another controller. | California Colorado Connecticut Indiana Iowa |
Montana Tennessee Texas Utah Virginia |
| Right to opt out of sales | The right to opt out of the sale of personal data to third parties. | California Colorado Connecticut Indiana Iowa |
Montana Tennessee Texas Utah Virginia |
| Right to opt out of certain purposes | The right to opt out of processing for profiling/targeted advertising purposes. | Colorado Connecticut Indiana Montana |
Tennessee Texas Utah Virginia |
| Right to opt out of the processing of sensitive data | The right to opt out of the processing of sensitive data | California | |
| Right to opt in for sensitive data processing | The right to opt in before the processing of sensitive data. | Colorado Connecticut Indiana Montana |
Tennessee Texas Virginia |
| Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input. | California Colorado Connecticut Indiana Iowa |
Montana Tennessee Texas Virginia |
| Private right of action | The right to seek civil damages from a controller for violations of a statute. | California | |
| To exercise your rights, contact us | |||
| We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint with the Federal Trade Commission. | |||
| Please note! Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
Do Not Sell My Personal Information
California residents, under the California Consumer Privacy Act (“CCPA”), possess the right to opt out of the “sale” of their personal information by entities governed by CCPA.
We do not sell your personal information to anyone, nor do we use your data as a business model.
Ensuring your privacy is our utmost priority, and we are dedicated to safeguarding it.
We adhere to the CCPA by providing California residents the option to opt out of any potential future sale of their personal information. If you wish to register your preference that we do not sell your data in the future, please contact us at dpo@readdle.com.
Do-Not-Track Requests
California residents visiting our Website have the option to request that we do not automatically collect and track information related to their online browsing movements across the Internet.
These requests can usually be made via web browser settings that manage signals or other mechanisms, enabling consumers to express their preferences concerning the collection of personal data about their online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. However, we may update this Privacy Notice as our capabilities evolve.
Canada Residents
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to delete | You can send us a request to delete your personal data from our systems. We will remove all data except of what we are obliged to store in compliance with the law requirements. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right not to be subject to automated decision-making | You can object to being subject to automated-based processing to know if there are consequences concerning them due to such processing. |
| Right to lodge a complaint | If your request is not satisfied, you could file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
| We will answer your request within 30 days. If your complaint is not satisfied, you can submit a complaint to the Office of the Privacy Commissioner of Canada. | |
Cookies
We use cookies that are needed for the Website’s operation. By using cookies, we receive automatically collected data. You can read more in our Cookie Policy.
If you want to disable cookies, you can find instructions for managing your browser settings at these links:
Privacy Notice Updates
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Please note that the laws and requirements for processing personal data can evolve. In the event of changes, we will release an updated version of the Privacy Notice on our Website to reflect these modifications.
If we make substantial changes to the Privacy Notice or the Website that affect your data privacy rights, we will notify you by email or display information on the Website and ask you to read it. You will be notified in advance, and if you continue to use the Website after these changes take effect, it will be considered that you have consented to and accepted the revised Privacy Notice.