Privacy Notice
Last updated: May 10, 2024
1. Intro
This privacy notice will inform you how we look after, collect, process, and use your personal data when you use our Website pdfdone.com, and tell you about your legal rights.
2. About us
Onsoffour OÜ (Ltd). is the controller and responsible for your data ("we", "us", or "our").
Company Name | Onsoffour OÜ (Ltd) |
Registry code | 17016471 |
Legal Address | Harju maakond, Tallinn, Estonia, Kesklinna linnaosa, Rotermanni tn 6, 10111 |
[email protected] – for general questions [email protected] – for privacy questions |
Please note! We do not knowingly process the personal data of users under the age of 18. If you are such a user or the legal representative of such a user, please contact us.
By accessing or registering the Website, the user agrees to the privacy notice and consents to collecting, processing, transferring, and using your personal data.
Before using the Website, you must read and accept this privacy notice and cookie policy. If you don’t accept and agree to this privacy notice and cookie policy, you must immediately stop using our Website.
3. Sources of data
We receive your data when you visit the Website and interact with it, depending on your actions. Also, we receive your data through the registration form on the Website.
You can change your personal data by exercising your right to rectification and contact us about it. Please note that the same lawful basis and storage terms apply to the changed data.
We may also receive data from third parties. It depends on your settings and the features you use.
4. Lawful bases
For processing your personal data, we rely on the following lawful bases:
5. Types of data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect (automatically or with your consent), use, store, and transfer different kinds of personal data about you, which we have grouped as follows:
Reasons for Processing | Types of data | Lawful bases |
To use all Website functions. It is necessary to set up a profile and identify the user. The email address is additionally used to contact the user. | User data. The user’s email, name, surname. | Performance of the contract. Your consent. |
For marketing and analytical purposes. To provide, improve, and develop the Website. | Device data. Includes model, OS version, language, time zone, and unique device identifiers (IDFA or GAID). | Your consent. Performance of the contract. |
To use all Website functions. For marketing and analytical purposes. To provide, improve, and develop the Website. | Location and Demographic data. This includes the internet protocol (IP) address, country, state, city, postal code, and zip code. | Your consent. Performance of the contract. |
It is required to identify the subscription the user selects, its duration, and expiration. | Subscription data. The transaction data, ID subscriptions, and subscription terms. This is the information we get from the payment system when you buy our subscription. | Performance of the contract. Your consent. |
For marketing and analytical purposes. To provide, improve, and develop the Website. | Usage Data. This includes information about how you use our Website and user activity on the Website. | Performance of the contract. Your consent. |
We also undertake to collect only such amounts and types of personal data strictly required for the purposes mentioned in this privacy notice section (data minimization principle).
Automatically Collected Information. The Website automatically collects certain information, including using technologies such as Cookies, which help us analyze conversion information (read more here).
6. Third-party services and disclosures of your data
We share some of your personal data with our service providers, but it is strictly limited to the cases and purposes stipulated in this privacy notice.
We require all third parties to respect the security of your personal data and treat it under the law. We don't allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified reasons defined in this privacy notice.
We will not process personal data in a way incompatible with the purposes for which it has been collected or subsequently authorized by you by Section "Types of data we collect" of this privacy notice or collect any personal data that is not required for the mentioned purposes.
We disclose potentially personally-identifying information (i.e., personal data) among our employees, contractors, and affiliated or other third-party organizations that (i) need to know that information to process it on our behalf or to provide services available at the Company and (ii) that have agreed not to disclose it to others.
We share your data with the parties below for the purposes in Section "Types of data we collect" above.
Here's an overview of the specific third-party service providers we share data with and the purposes for sharing:
Google LLC | We leverage Google Analytics to analyze user behavior on our website, identify areas for improvement, and gain valuable insights. Additionally, we may utilize Google Ads to display relevant advertisements to our website users. Google anonymizes the data used for analytics and adheres to its strict data privacy regulations. Also, they help us to store your data. |
Amplitude, Inc. | We employ Amplitude to track user interactions within our Website, helping us make informed decisions about website design, functionality, and content. They utilize industry-standard security measures to protect your information. Also, they help us to store your data. |
Firebase, Inc. | We utilize Firebase for various backend services, including user authentication and database management. They adhere to Google's strict data privacy standards and protect your information with robust security measures. Also, they help us to store your data. |
IXOPAY GmbH | We engage IXOPAY to process user payments in order to provide a secure and convenient payment for our services. |
7. Cross-border transfer of personal data.
Some employees, contractors, and affiliated or third-party organizations may be located within or outside the USA, EU, or the European Economic Area (EEA). By using our Website, you consent to transfer such information to them.
8. Changes to the privacy notice
We reserve the right to and may change this privacy notice occasionally. If we make any material changes, we will notify you through our Website or email or by presenting you with a new version of this privacy notice for you to accept if we, for example, add new processing activities or collect additional personal data from you.
Your continued use of the Website after the effective date of an updated version of the privacy notice will indicate your acceptance of the privacy notice as modified.
9. Cookies
We have set aside a detailed description and procedure for using cookie on a separate page, which is an integral part of this notice.
10. Opt-out options.
You can withdraw your consent or opt-out, whatever applies in your case, from sharing your personal data under this subsection anytime by using one of the following options: By contacting us at pdfdone.com and stop using our Website;
11. Obtaining data from third parties
When a user buys a subscription, we receive transaction data, ID subscriptions, and subscription terms from the payment system.
The payment system data processing notice further regulates the collection, processing, and transmission of data on purchase via the payment system.
When registering through a Google account, you authenticate with Google and authorize the Website to access specific data from your Google account, like your user ID and name. Google securely transfers this data to the Website, which uses it to pre-populate registration fields and create your account. You may need to provide additional information beyond what Google shared.
12. Payments and billing
When you pay for a subscription to our Website, you share your banking information with the payment system. This relationship is also regulated between the user and the privacy notice of the payment system.
We don't process your payments or collect your debit or credit card details.
13. Data security
We have implemented appropriate security measures to prevent your data from being accidentally lost, used, or accessed unauthorizedly, altered, or disclosed. In addition, we limit access to your data to those employees, agents, contractors, and other third parties who have a business need to know.
They will only process your data based on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We also use technical data encryption tools to keep your data secure.
HTTPS: Encrypts communication between the client and server, preventing unauthorized access to sensitive data like login credentials and personal information during transmission.
Supabase Security - Row Level Security (RLS): Allows defining policies that control access to rows in a database table based on the authenticated user's identity or attributes, ensuring users can only access and modify their own data.
Secure Authentication: Implements strong password policies, multi-factor authentication (MFA), and industry-standard protocols like OAuth 2.0 or OpenID Connect to ensure only authorized users can access systems or applications containing personal data.
Data Backup: Involves creating encrypted backups of personal data, storing backup copies offsite or in the cloud, performing regular backups, and testing backup and recovery procedures to protect against data loss due to hardware failures, software issues, or security incidents.
14. Data retention
How long will you use my personal data?
We will only retain your data for as long as necessary to fulfill the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
We store your data while you use our Website.
You can ask us to delete your data. Send an email to our address: [email protected].
In some circumstances, we may anonymize your data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We require all third parties to respect the security of your personal data and treat it under the law. We do not allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified purposes and under our instructions.
We do not use user data for sale (or any other commercial activity) to other companies. User data is used solely to ensure the functionality of the Website.
15. Your legal rights
European Economic Area residents
As a data subject, you have the right to interact with its data directly or through a request to us. This section describes these rights and how you can exercise them:
Rights | Description |
Right to access | You can request an explanation of how your personal data is processed. |
Right to rectification | You can change the data if it is inaccurate or incomplete. |
Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
Right to object | You may object to the processing of your personal data. |
Right to withdraw consent | You can withdraw your consent at any time. |
Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
To exercise your rights, contact us. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. UK residents enjoy the same rights but may lodge a complaint at the other Authority in the UK – Information Commissioner’s Office. You can contact them at 0303 123 1113 or go online at www.ico.org.uk/concerns. |
United States residents
You, as data subjects, have some special privacy rights. To use them, please contact us at [email protected].
Please note! Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request, with the right to postpone it for 30 days more. |
If your complaint is not satisfied, you can file a complaint with the . Your rights vary depending on the laws that apply to you but may include:
Rights | Description | Area |
Right to access | You can request an explanation of how your personal data is processed. |
|
Right to correct | You can change the data if it needs to be more accurate or complete. |
|
Right to delete | You can request to delete your personal data from our systems. |
|
Right to portability | You can request all the data you provided to us and request to transfer data to another controller. |
|
Right to opt out of sales | The right to opt out of the sale of personal data to third parties. |
|
Right to opt out of certain purposes | The right to opt-out of processing for profiling/targeted advertising purposes. |
|
Right to opt out of the processing of sensitive data | The right to opt-out of processing of sensitive data. |
|
Right to opt in for sensitive data processing | The right to opt in before processing sensitive data. |
|
Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input |
|
Private right of action | The right to seek civil damages from a controller for statute violations. |
|
Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is missing from the list, please contact us. |
Do not sell my personal information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by the CCPA.
We do not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their personal information. Please contact us if you want to record your preference that we will not sell your data in the future.
Do-not-track requests
California residents visiting the Website may request that we do not automatically gather and track information about their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. We may modify this privacy notice as our abilities change.
Canada residents
As data subjects, you have privacy rights prescribed by Canada’s federal and provincial privacy laws.
If you want additional information, please contact us by filling a request.
If your complaint is not satisfied, you can file a complaint to the Office of the Privacy Commissioner of Canada.
16. Glossary
In this notice, the following terms shall have the following meanings:
Lawful basis. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You can obtain further information about how we assess our legitimate interests against any potential impact on you regarding specific activities by contacting us at [email protected].
Performance of Contract. This means processing your data where necessary for the performance of a contract to which you are a party or taking steps at your request before entering into such a contract.
Complying with a legal or regulatory obligation. This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.