SASU PDFShift, a company organized under the laws of France (hereafter, “pdfshift”, “pdfshift.io”, “we”, “our” and/or “us”) is a technology company that provides an online software-as-a-service (SaaS) platform (the “Service”) on its website at https://pdfshift.io containing instruction, tools, applications and other materials designed to assist individuals and companies throughout the world in converting HTML documents into PDF documents. SASU PDFShift markets and promotes the Service under the trademarks and trade names “pdfshift” and “pdfshift.io”.
SASU PDFShift has always recognized data protection as an important topic for its stakeholders in the digital age and understands the responsibility that comes with the handling of personal data. This Privacy Policy describes the privacy practices of SASU PDFShift related to personal data collected, used, stored and otherwise processed in connection with the PDFShit.io Service.
Please be aware that some supplemental country terms may be applicable as detailed at the end of this Privacy Policy.
What this privacy policy covers
This privacy policy applies to the personal data PDFShift processes as a data controller, i.e. as the party that determines what personal data to collect online (including in connection with mobile apps) or offline and to what end.
The PDFShift Service is not intended for use by persons under the age of 18. If PDFShift has reason to believe that a user is under the age of 18, PDFShift will promptly block and/or terminate that user’s account and delete all personal information previously submitted by that user, with or without notice to the user or his or her parents or guardians.
If PDFShift learns that it has collected personal data from a person under the age of 18, it will delete that information as quickly as possible.
For your convenience, hyperlinks may be posted on the PDFShift websites or apps that link to other websites or apps that PDFShift does not own or control. This privacy policy is not applicable to them and PDFShift has no liability for the content of third-party websites nor the personal data they collect.
What personal data is collected and processed by PDFShift
Personal data means any information relating to an identified or identifiable person. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the natural person.
Depending on the purposes detailed below, personal data processed by PDFShift includes:
- Personal and Business contact information such as first and last name, postal address, email address, telephone number(s) and job title;
- Profile information such as user ID, login and password, profile picture, organization name, organization address, country, and, if applicable, VAT number;
- Transaction information details related to purchases you make, including through PDFShift websites and apps, event registrations and billing data (such as credit card details, bank account information), via our third-praty service, Stripe);
- Operation and usage data (IP Addresses, logs, etc.) on how you use PDFShift websites, apps and services, including data from cookies as described below.
In any event, the personal data processed by PDFShift is limited to data necessary for the purposes described in this Privacy Policy. PDFShift will only process personal data from a parent or guardian of a minor child for purposes of obtaining their consent to collect the child’s personal data. If they do not provide that consent within a reasonable period of time, PDFShift will delete this personal data.
Payment information
When you make a purchase on the Service, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Stripe through their Stripe Checkout service. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy here: https://stripe.com/us/checkout/legal.
Why your personal data is processed by PDFShift
PDFShift will process your personal data for one or several of the following purposes;
With your Consent
- To communicate with you, including when you request information related to PDFShift products and services, and more generally to manage PDFShift marketing activities;
- To ascertain your requirements and interests and provide you with the most suitable products and/or services;
- To provide you with a personalized, interactive use of PDFShift websites and apps and allow you to access all their features;
- To enable you to display certain of your personal information related to your profile while exchanging ideas and other information about PDFShift products and services with other users of PDFShift websites and apps.
To provide you with PDFShift products or services
- To enable you to
- register for an event, seminar or webinar;
- enter a contest; or
- create a user profile.
- To enable PDFShift to manage its business relationships with you (including sales opportunities, commercial offers, purchasing, contracts, orders, invoices, which may include conversational data triggered via chat functionalities on PDFShift websites and apps, contact forms, emails, and voice messaging data, delivery of PDFShift products, support or professional services);
- To manage your training and/or certification on PDFShift products and services, which may include tracking your learning progress in order to make this information available to you.
To comply with the following legitimate interests:
PDFShift takes into consideration and balances any potential impact on you (both positive and negative) and your rights before processing your personal data for legitimate interest purposes. Unless PDFShift has your consent or is otherwise required or permitted to do so by law, PDFShift will not use your personal data in situations where the impact on you outweighs its legitimate interest in processing your personal data:
- To improve your experience;
- To remember your settings;
- To provide you with information related to marketing activities for similar goods and products if you are already using PDFShift products and services;
- To enable PDFShift to manage its business relationships when you are acting on behalf of a PDFShift prospect or customer (including sales opportunities, commercial offers, purchasing, contracts, orders, invoices, which may include conversational data triggered via chat functionalities on PDFShift websites or apps, contact forms, emails, and voice messaging data, deliver of PDFShift products, support or professional services);
- To create anonymous data for analytics and for compliance, fraud prevention and safety.
To comply with law
- To manage PDFShift legal obligations related to applicable export laws, trade sanctions, and embargoes issued, by the European Union and its member states, and of the United States of America and other countries, if any. This may include (i) conducting automated checks of any user registration data identified in this Privacy Policy and other information you provide about your identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when you update your information; (iii) blocking of access to PDFShift services and systems in case of a potential match; and (iv) contacting you to confirm your identity in case of a potential match;
- To keep your financial data with a third party payment provider.
How long your personal data is retained
PDFShift does not store your personal data for more time than necessary and only as long as required to fulfill the purposes set out above. Retention periods may vary depending on the data categories and the processing activities. To determine the appropriate retention period for personal data, PDFShift considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which PDFShift processes your personal data and whether PDFShift can achieve those purposes through other means, and the applicable legal requirements:
- where PDFShift is required to comply with a legal obligation, the retention period will be determined according to the applicable law;
- where you gave your consent, until you withdraw it;
- where PDFShift has entered into an agreement with you or your employer, as long as the agreement is into force plus the applicable local statutes of limitations;
- where PDFShift has a legitimate interest in using your personal data, for a limited period of time appropriate to ensure a fair processing of your personal data or until you object to PDFShift’s use of your personal data.
Where your personal data is required to assert or defend against legal claims, PDFShift will retain your personal data until the end of the relevant retention period or until the claims in question have been settled.
With whom PDFShift shares your personal data
PDFShift does not rent or sell information but may share your necessary personal data for certain business purposes with the following categories of organizations:
- Within the PDFShift group: PDFShift may need to share your personal data with its affiliated companies and websites, for example to provide you with support services.
- Event or marketing sponsors: PDFShift may share your personal data with trusted sponsors such as PDFShift resellers with which PDFShift organizes events or marketing promotions. When you register for an event, PDFShift may share your name, company, and email address with other participants and sponsors of the same event for the purpose of communication about the event and the exchange of ideas.
- PDFShift business partners: PDFShift may share your personal data with PDFShift business partners such as resellers assigned to you to provide you or your employer with appropriate offers or services.
- Third parties acting on PDFShift behalf: PDFShift may share your personal data with third party vendors, consultants and other service providers that PDFShift employs to perform tasks on its behalf (such as hosting services by a third-party or payment services to enable you to purchase from PDFShift products or services) or to protect PDFShift’s legal interests (such as in the event of a sale of assets to a third company, or a change of control or a total or partial liquidation of PDFShift).
- Law enforcement: Under certain circumstances, PDFShift may also disclose your personal data if required by law or if PDFShift believes in good faith that such disclosure is reasonably necessary to comply with legal process (for example, a warrant, a subpoena, or other court order) or protect the rights, property, or personal safety of PDFShift, PDFShift’s customers, or the public.
International data transfers
When accessing a PDFShift website or app, please note that through your continued use of it, if you are located in a different country than the PDFShift website or app, you consent to the transfer of your personal data to a country outside of your own.
PDFShift may transfer your personal data from Europe (or a country that is considered as offering an adequate level of protection as adopted by the European Commission on the basis of Article 45 of the General Data Protection Regulation 2016/679 (GDPR)) to another country. This can for example happen when PDFShift provides you with training, support services or cloud offerings. PDFShift continually monitors the circumstances surrounding any transfer in order to ensure that these transfers maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR and relies on the Standard Contractual Clauses issued by the European Commission in the absence of an adequacy designation.
What are your rights
Depending on the applicable data protection laws, you may have some or all of the following rights with regard to your personal data:
- access your personal data;
- request the rectification, completion, update or erasure of your personal data;
- restrict processing;
- obtain a copy of your personal data stored by PDFShift;
- object to specific processing of your personal data if that processing is based on legitimate interests; and
- data portability.
If the processing of your personal data is based on your consent, you have a right to withdraw that consent at any time.
If you have an account, you can exercise your rights by logging on to your account. Otherwise, you may exercise your rights by submitting your request here: [email protected]. Parents can exercise these rights if allowed by applicable law on behalf of their minor children by this same method.
Depending on the scope of the request, and if permitted under applicable law, PDFShift may charge a reasonable fee to cover costs incurred in connection with such request. PDFShift may deny access to your personal data in limited circumstances in accordance with applicable laws and regulations or if PDFShift’s legal grounds override your legitimate interest to privacy.
Data security
PDFShift maintains appropriate technical and organizational measures to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction during transmission and once in its possession. However, while PDFShift strives to protect your personal data, in light of the inevitable risks linked to the Internet, PDFShift cannot guarantee full protection against any leak.
It is important for you to exercise caution to prevent unauthorized access to your personal data. You are responsible for the confidentiality of your password and information appearing on your account. Consequently, you must ensure that you log out of your session in the event of shared use of a computer.
Limitations on Use by Minors
Our Service is generally intended for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable laws in the jurisdiction in which an individual utilizes the Service.
If PDFShift has reason to believe that a user is under the age of 18, PDFShift will promptly block and/or terminate that user’s account and delete all personal information previously submitted by that user, with or without notice to the user or his or her parents or guardians. If PDFShift learns that it has collected personal data from a person under the age of 18, it will delete that information as quickly as possible.
Furthermore, if you are under eighteen (18) years of age, then you (or your parent or legal guardian) may at any time request that we remove content or information about you that is posted on the Service. Please submit any such request ("Request for Removal of Minor Information") to either of the following:
- By mail: SASU PDFShift, 128 rue la Boetie, 75008 Paris, France, with a subject line of "Removal of Minor Information”. If you send by mail, please send by registered mail or overnight courier service to allow for confirmation of mailing, delivery and tracking.
- By email: [email protected], with a subject line of "Removal of Minor Information"
For each Request for Removal of Minor Information, please state "Removal of Minor Information" in the email or letter subject line, and clearly state the following in the body of the request:
- The nature of your request
- The identity of the content or information to be removed
- The location of the content or information on the Service (e.g. by providing the URL)
- That the request is related to the "Removal of Minor Information"
- Your name, street address, city, state, postal code and email address, and whether you prefer to receive a response to your request by mail or email.
We will not accept any Request for Removal of Minor Information via telephone, facsimile, or text message. PDFShift™ is not responsible for failing to comply with any Request for Removal of Minor Information that is incomplete, incorrectly labeled or incorrectly sent.
Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires PDFShift™ to maintain the content or information; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when PDFShift™ anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.
The foregoing is a description of PDFShift™'s voluntary practices concerning the collection of personal information through the Service from certain minors and is not intended to be an admission that PDFShift™ is subject to the U.S. Children's Online Privacy Protection Act, the U.S. Federal Trade Commission's Children's Online Privacy Protection Rule(s), or any similar international, European Union, federal, state, or local laws, rules, or regulations.
Cookies
In order to improve your browsing experience on PDFShift.io websites and apps, PDFShift.io uses cookies or other similar technologies that may process your personal data.
Depending on the website or app, PDFShift uses different types of cookies:
- Strictly necessary cookies are always used, are essential for you to properly browse the PDFShift website or app and cannot be switched off. For example, they allow you to save your personalization settings (choice of language, presentation of a service, saving your shopping cart).
- Functional cookies are used in order to improve the performance of the PDFShift websites and apps, to provide you with optimized features and a more personal experience by collecting information when you visit a PDFShift website or app. Some of them, that are solely performance cookies, collect aggregated information that are therefore anonymous.
- Advertising cookies are implemented by PDFShift or third parties, in order to build a profile of your interests, to provide you with personalized and targeted content. They do not store personal information directly, but are based on uniquely identifying your browser and internet device.
The following third parties serve cookies through PDFShift for analytics and other purposes
| NAME | PURPOSE |
|---|---|
| Stripe | Our payment gateway. This allows us to accept credit card payments securely. |
| Plausible | Our visitor’s statistics. We track visits from our server so the Google javascript is not installed and you are never tracked. (Your IP is anonymized, no cookies or tracking device are installed on your computer). |
| Mailgun | Mailgun is used on PDFShift’s application to send Email. |
| Customer.io | We use Customer.io to send you emails related to your account and general messages like newsletters. |
| Amplitude | We track a few key metrics on our service and Amplitude help us visualize them. All the data are anonymized. |
| Sentry | We use sentry to retrieve, review and handle issues that might occurs within PDFShift. |
Here is a list of the cookies we use in PDFShift:
| VENDOR | COOKIE NAME | PURPOSE |
|---|---|---|
| PDFShift | _t | Session tracking cookie. |
| Stripe | __lc.visitor_id.XXXXXXX, __stripe_mid, __stripe_orig_props, stripe.csrf, cid, lang, machine_identifier, merchant, mp_{token}_mixpanel, private_machine_identifier, lc_window_state | We rely on Stripe to handle payments made on PDFShift. |
You can remove or reject functional and advertising cookies. However, if you do not accept certain cookies, some functionalities and features of the sites and apps may not function properly and you may experience some inconvenience in their use.
Do Not Track signals
Your Web browser may have a “do not track” setting which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Service does not respond to this type of signal.
Contact - Dispute resolution
PDFShift is committed to ensuring the privacy of personal data: You can contact the PDFShift Data Protection Officer at [email protected] if:
- you have any questions about this Privacy Policy;
- you encounter any issue when having access to your personal data or related to your rights as described above;
- you believe that PDFShift is not complying with the GDPR or the applicable local data protection laws;
- you have a reason to believe that the security of your personal data has been compromised or misused.
When you want to report a claim by lodging a complaint to the PDFShift Global Data Protection Officer, you will need to send a letter to the address mentioned at the end of this Policy or submit your claim using the form referenced above containing (in addition to the information required by the form and depending on the type of rights) the name or reference of the concerned processing and any additional information as reasonably requested by the PDFShift Global Data Protection Officer.
If your usual place of residence is in European Union, Lichtenstein, Norway or Iceland, you have a right to file a complaint with your local data protection authority.
Date of entry into force of the Privacy statement and changes to it
This Privacy Policy may be updated from time to time in accordance with PDFShift requirements and circumstances, or where required by applicable laws and regulations so please check back periodically for updates. If major changes occur to this Privacy Policy, PDFShift may inform you via email or by posting a notice on PDFShift websites or apps.
Last modification: February 28, 2022
Additional privacy notices for certain geographies
Depending on where you are living, some additional terms as detailed below may be applicable to you. Where the Privacy Policy refers to “personal data”, it shall be interpreted, as applicable, to mean “personal information” as defined by the applicable data protection law.
USA - Privacy notice for California residents
California “Shine the Light” Act
The California “Shine the Light” Act, section 1798.83 of the California Civil Code, requires a business with whom a California resident has an established business relationship to disclose to such residents, upon their request: (1) the types of personal data the business shares with third parties for the third party’s marketing purposes, and (2) the identities of the third parties with whom the business has shared this information during the immediately preceding calendar year. If you are a California resident, and would like to make such a request, please submit your request via e-mail to [email protected].
California Consumer Privacy Act of 2018
Under the California Consumer Privacy Act of 2018 (“CCPA”) applicable to California residents, you are entitled to benefit from the following additional provisions regarding your personal information.
What are the Categories of Personal Information Collected
The categories of personal information PDFShift collects about California residents are identifiers (e.g. name, address, email,, and transactional information), and internet or other electronic network activity information (e.g. usage information, IP address, cookie information, and customer feedback).
What Are Your Rights And Choices
You have the right to request that PDFShift discloses to you certain information about PDFShift’s collection and use of your personal information over the past 12 months. That information includes:
- The categories of personal information PDFShift collected about you;
- The categories of sources from which PDFShift collected your personal information;
- PDFShift’ business or commercial purpose for collecting, or sharing your personal information;
- The categories of third parties with whom PDFShift shares your personal information, if any;
- A copy of your personal information and a list of recipients, as applicable.
To exercise the rights described in the Privacy Policy you may either contact PDFShift at [email protected] or contacting:
Only you, or a person, or a business entity registered with the California Secretary of State to conduct business in California that you authorize to act on your behalf, may make a request related to your Personal Information. The request must provide enough information to allow PDFShift to 1) reasonably verify you are the person about whom PDFShift collected Personal Information or an authorized representative and 2) enable PDFShift to properly understand, evaluate, and respond to it. Making such a request does not require you to create an account with us. PDFShift will only use personal information provided in a request to verify the requestor's identity or authority to make the request.
Non-Discrimination
PDFShift will not discriminate against you (for example by denying you products or services, charging you a higher price or giving you a different level or quality of service) for exercising any of your CCPA rights.
Contact Information
If you have any questions or comments about this Privacy Policy, the ways in which PDFShift collects and processes your personal information, your privacy choices and rights under California law or wish to exercise your privacy rights, please do not hesitate to contact PDFShift at:
Or by contacting the PDFShift Data Protection Officer at [email protected].