Data Processing Addendum (DPA)

Last updated: January 19, 2025

1. Definitions

For the purposes of this DPA, the terms "Controller", "Processor", "Data Subject", "Personal Data", "Processing", and "Supervisory Authority" shall have the meanings given in the GDPR.

2. Scope and Purpose

This DPA sets out the terms and conditions under which WebPDF.app (Processor) processes Personal Data on behalf of the Customer (Controller) in connection with the provision of the PDF conversion services.

3. Processing Details

The nature and purpose of the processing, the types of Personal Data, and the categories of Data Subjects are described in Annex 1 to this DPA.

4. Processor Obligations

The Processor shall:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure that persons authorized to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
  • Assist the Controller in responding to Data Subject requests
  • Notify the Controller without undue delay after becoming aware of a Personal Data breach

5. Sub‑processing

The Processor may engage sub‑processors to assist in providing the services. The Processor shall inform the Controller of any intended changes and give the Controller the opportunity to object.

6. Data Transfers

All Personal Data is processed within the European Economic Area (EEA). No international transfers occur unless explicitly agreed.

7. Duration and Termination

This DPA shall remain in effect as long as the Processor processes Personal Data on behalf of the Controller. Upon termination, the Processor shall delete or return all Personal Data.

8. Contact

For questions regarding this DPA, please contact our Data Protection Officer at dpo@webpdf.app.

Annex 1 – Processing Details

  • Nature of Processing: Conversion of HTML to PDF, storage of user account data
  • Purpose of Processing: Provision of PDF conversion services
  • Types of Personal Data: Email address, name, IP address, API usage logs
  • Categories of Data Subjects: Customers, users of the Customer's services
  • Retention Period: Personal Data is retained for the duration of the service agreement and as required by law
Utilizziamo i cookie per migliorare la tua esperienza sul nostro sito. Scopri di più