Last Modified: January 18, 2023
PDFTron is committed to protecting and respecting your privacy. A reference to “PDFTron”, “we”, “us” or “our” is a reference to PDFTron Systems Inc. and its affiliates, and we are a ‘controller’ for the purposes of the data protection laws that apply to us. A list of our relevant affiliates, their websites and associated products we offer can be found by clicking here. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
- our websites, including, but not limited to, web-based services such as xodo.com (“websites”);
- our desktop applications and mobile applications (both referred to as “apps”); and
- our sales, marketing, and advertising practices.
This notice further describes how we may collect personal data, with whom we may share it, as well as the choices you have regarding our collection of information and our use and disclosure of that information to other parties.
This notice is provided in a layered format for ease of access. Click on the table of contents to jump to a specific section.
OVERVIEW AND SCOPE
We believe that you should always know what data we collect from you, how we use it, and that you should have meaningful control over both. This notice describes how we use personal data, with whom we share it, your rights and choices, and how you can contact us about our privacy practices.
INFORMATION WE COLLECT FROM YOU
We collect, use, store, transfer and process different types and categories of personal data about you as follows:
Identity Data includes first name, last name, company name, user pictures and profile pictures (if supplied), username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes postal address, email address and telephone numbers.
Financial Data includes bank account details, credit card information, tax payer identification numbers and billing addresses.
Transaction Data includes details about payments to and from you and other details of any services you have purchased from us.
Technical Data includes internet protocol (IP) address, media access control (MAC) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Product Data includes your information and content you may submit in a PDF, details about any licences you may have with us, preferences, feedback and survey responses.
Usage Data includes information about how you use our website and products.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any special categories of personal data about you (such as health data, political opinion, religious beliefs etc). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW IS YOUR PERSONAL DATA COLLECTED?
3.1. PERSONAL DATA WE COLLECT DIRECTLY FROM YOU
We collect personal data directly from you in the following situations:
3.1.1. Direct Interactions
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide:
- by registering to use our websites or apps or using our services, products and tools we make available for use;
- by registering for webinars, contacting sales or signing up for our newsletter;
- by using our support chat function on our websites to correspond with us in connection with your use of our products;
- by participating in blogs, discussion boards or other social media functions;
- by entering a competition, promotion or survey;
- when you report a problem;
- if you enter into contributor agreements with us and thereby make voluntary contributions to some of our products; and / or
- if you upload a file to our services, products, demos or tools.
3.2. INFORMATION WE AUTOMATICALLY COLLECT
3.2.1. IP ADDRESS AND CLICK-STREAM DATA
With regard to each of your visits to our websites or usage of our apps we may automatically collect the following information:
technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number;
information about how you interact with our apps and websites, through the use of third-party analytics tools which track data regarding crashes, errors, general user interactions with the user interface (UI) and software development kit APIs, and the type of functionality you may be using.
The information collected cannot typically be used to identify you personally. However, if you have specifically informed us of your identity (for example by registering for something or providing us with your contact information), it may be possible for us to link certain information to information that identifies you personally.
3.2.2. DIGITAL MARKERS (INCLUDING COOKIES), ONLINE TRACKING TECHNOLOGIES, ONLINE INTEREST BASED ADVERTISING
A digital marker is created by a website visitor’s Internet browser to maintain certain pieces of information for the website to reference during the same or subsequent visits. Examples of digital markers are cookies or HTML5 Web storage. Among other things, digital markers can allow a website to recognize a previous visit each time the visitor accesses the website, and track what information is viewed on a website.
We use sessional and persistent digital markers on some portions of our websites. Digital markers are created when you visit our websites. Sessional markers exist while you remain on our websites, and persistent markers continue to exist after you have left our websites.
For information on the digital markers (including cookies) we use and the purposes for which we use them see the applicable Cookie Notice for the PDFTron website(s) you may visit.
Similarly, we or our third-party service providers/advertisers may also use “web beacons”, “pixel tags” or other tracking technologies, which are typically small pieces of code placed on a web page to monitor behaviour and collect certain data regarding the actions of our visitors online.
These digital markers and other technologies may be used to track across time, sites, and devices. For example, these technologies can be used to analyze your online traffic patterns, to enhance your experience when using our products, to store information during your session, to personalize our websites for you based on your preferences and selections, to target advertising or content to you (as described further below), and to collect information about you and your usage of our websites or apps for other marketing and business purposes. You may adjust your privacy preferences regarding the use of digital markers, including cookies, and similar technologies through your browser. However, disabling cookies may impair your user experience and disable certain features of our websites.
Data about your activities online may be collected for use in providing advertising tailored to your individual interests, either by us, or third parties. We may work with third parties such as network advertisers and ad exchanges to serve advertisements across the internet and may use third party analytics service providers to evaluate and provide us and/or third parties with information about the use of these ads on third party websites and viewing of ads and of our content.
We and these third-party vendors, including Google and LinkedIn, may use third-party technologies (such as the LinkedIn Insight Tag) together with our own first party technologies in order to analyze ad impressions, your use of ad services, and interactions with these ad impressions and ad services. The information collected may also include information about your visits to our websites, include the pages you have viewed and what content you have seen. These third-party tracking technologies may be set to, among other things: (a) help deliver advertisements to you that you might be interested in; (b) prevent you from seeing the same advertisements too many times; and (c) understand the effectiveness of the advertisements that have been delivered to you.
3.3. INFORMATION WE RECEIVE FROM OTHER SOURCES
We may receive personal data about you if you use any of the other websites we operate or the other online projects or services we provide. We are also working closely with third parties (including, for example, business partners, technical and delivery services, advertising networks, analytics providers, search information providers) and may receive personal data about you from them. We may combine this personal data with personal data you give to us and personal data we collect about you to create combined personal data.
HOW WE USE YOUR PERSONAL DATA
We use your personal data to:
provide you with the information, products and services that you request from us;
carry out any agreements entered into between you and us including invoicing and processing your billing information when you purchase our products;
respond to enquiries or service requests and monitor such responses;
schedule meetings with you that you request;
manage our relationship with you;
subject to applicable laws, provide information about and market our products or services or products or services of third parties, and inform you of offers or new features that we believe may be of interest to you. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our services and we nonetheless reserve the right to contact you (including by e-mail or text) where we are legally required or permitted to do so;
send you important administrative messages that are required to provide you with our services;
give you access to free trials and to issue trial evaluations;
notify you about changes to our products;
resolve problems and fix bugs in our products and/or websites;
enable certain aspects of our products to function;
convert PDF images into translatable text;
manage our accounting process and to process monthly and/or annual payments from you for our products;
manage our websites and apps and assess usage including distributing a licence for you to use our products;
enhance or personalize your experience using our products (personal data you provide us through our websites may be linked to analytics data in order to better serve you and improve your in-product experience).
inform you of offers or new features that we believe may be of interest to you;
process or maintain your subscription to a newsletter or mailing list;
facilitate various programs, promotions or contests in which you participate;
target advertising or content, or for other advertising, promotional or marketing purposes;
study the use and popularity of various areas of our websites and apps and to improve our products;
analyze general locations where our content is viewed (by reviewing IP addresses);
administer our websites and apps and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
screen for potential risk and fraud when accessing our websites and/or purchasing our products;
improve our products and services and to ensure that content is presented in the most effective manner for you and for your computer or device;
allow you to participate in interactive features of our websites and apps, when you choose to do so;
supplement our efforts to keep our websites and apps safe and secure.
We may also use such information for other purposes related to our business or that of our related entities, as well as for any other purpose described in this notice or any other agreement you may enter with us or otherwise as we may disclose to you or to which you consent from time to time, or for other purposes as required or permitted by applicable law.
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?
We are allowed to process your personal data based on the following legal bases:
Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests as set out in the section above. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.
You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.
Contract – It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
Legal obligation – We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules and to make mandatory disclosures to government bodies and law enforcement agencies.
If you use our websites and products with our UK and European companies: sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device or when you subscribe to our newsletter. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
If you use our websites and products with our Canadian companies: by using our products and providing personal data to us, you voluntarily consent to the collection, use, and disclosure of personal data as specified in this notice. Without limiting the foregoing, we may on occasion ask you to consent when we collect, use, or disclose your personal data in specific circumstances, in which case we may ask for your consent in writing (including by electronic means) although in some circumstances we may accept your oral consent. Sometimes your consent will be implied through your conduct with us if the purpose of the collection, use or disclosure is obvious and you voluntarily provide the information.
- For any other jurisdictions where consent may be required, we will obtain your permission in accordance with applicable laws.
DISCLOSURE OF YOUR INFORMATION
We may share your personal data with any member of our corporate group, which means our subsidiaries, our parent company and its subsidiaries.
We do not sell or rent personal data to marketers or unaffiliated third parties. We may share your information with selected third parties including:
Our other group companies, business partners and suppliers when this is necessary to provide our services to our users or for the performance of any contract we enter into with you;
advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. Such disclosures are typically aggregate information about our users and analyses of our server logs, traffic, or information relating to customer leads, including details regarding usage of our websites or apps and general information about our audience, and are not generally considered to be personal data;
analytics and search engine providers that assist us in the improvement and optimisation of our products;
our service providers who provide certain services on our behalf such as data hosting or processing services. We will use contractual arrangements to protect personal data disclosed to these service providers;
in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or (subject to confidentiality restrictions) during the due diligence process, in accordance with applicable law;
if PDFTron or substantially all of its assets (or any group company or its assets) are acquired by a third party, in which case personal data held by it about its customers and users of its products will be one of the transferred assets, in accordance with applicable law;
as otherwise may be required or permitted by applicable law.
WHERE DO WE STORE YOUR PERSONAL DATA AND HOW DO WE KEEP IT SECURE?
7.1. WHERE DO WE STORE YOUR PERSONAL DATA?
PDFTron is based in Canada, other group companies are based in other jurisdictions, including in the US, New Zealand, Europe and the UK. The information (including any personal data) we collect is transferred, maintained, stored, and processed in Canada, the US, Europe and the UK and other countries outside Canada where our or our service providers’ facilities may be located. Regardless of where you are located, we carry out these transfers in compliance with applicable laws.
If you are based in Canada, you understand and agree that we may store and process the information you provide to us in Canada and other countries. The data protection and privacy laws in those countries may offer a lower level of protection than the data protection and privacy laws of your country. Also, this information may be subject to access requests from governments, courts, or law enforcement in Canada and foreign countries according to their laws.
If you are located in the UK, European Economic Area or Switzerland, your personal data is transferred outside of the UK, European Economic Area or Switzerland in order for our service providers to provide their services to us. The data protection and privacy laws in those other countries may offer a lower level of protection than the UK and European data protection laws. We ensure that we put mechanisms in place in order to transfer your personal data securely and in accordance with applicable data protection laws. If you want to know more about our international transfers, you can contact us.
7.2. IS MY PERSONAL DATA SECURE?
We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. Among the steps we take in order to protect your information are:
restricted file access to personal data;
deploying technological safeguards like security software and firewalls to prevent hacking or unauthorized computer access; and
internal password and security policies;
Unfortunately, no transmission of information via the internet or storage of information is completely secure. Although we take commercially reasonable steps to protect your personal data, we cannot guarantee the security of your data transmitted to our websites or apps that we store.
7.3. RETENTION OF PERSONAL DATA
Personal data will be retained in accordance with this notice for as long as may be necessary or relevant for the purpose of collection, or as may be required or permitted by applicable law, after which time it may be made anonymous or destroyed unless you further consent to its continued retention.
7.4. INTEGRATED SERVICES
Our websites and apps may, from time to time, contain links to and from third party websites including those of our partner networks and advertisers. If you follow a link to any of those websites, please note that they have their own privacy notices and that we do not accept any responsibility or liability for those notices. Please check these notices before you submit any personal data to those websites.
You may have the following legal rights under the applicable data protection laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see “Contact Us”). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please be aware that there are exceptions that apply to some of these rights, which we will apply in accordance with applicable data protection laws.Your data protection rights What does this mean?Right to be informedYou have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and what your rights are. This is why we are providing you this privacy notice.Right of accessYou have the right to obtain access to your personal data we process and certain other information (similar to that provided in this privacy notice).You may ask for:
A copy of your information,
- Details about why and how we process your personal data,
- Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling.
To help us find the information, please give us as much information as possible about the type of personal data you would like to see.Right to rectificationYou are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us.Rights to ask us to stop contacting you with direct marketingYou can ask us to stop contacting you for direct marketing purposes. If you would like to do so, please contact us. Alternatively, you can also click the ‘unsubscribe’ button at the bottom of the applicable emails you receive. It may take up to 7 days for this to take place.Rights in relation to automated decision makingThese rights are not applicable as we do not carry out any automated decision making.Right to erasureThis is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where:
Right to restrict processingYou have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if:
You do not believe that we need your data in order to process it for the purposes set out in this privacy notice;
If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
Your data has been processed unlawfully or have not been erased when it should have been.
Right to data portabilityYou have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.Right to object to processingYou have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.Right to withdraw consentIf you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful).
You do not think your data is accurate. We will start processing again once we have checked whether or not the data is accurate;
The processing is unlawful but you do not want to erase your data;
We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
You have objected to the processing because you believe that your interests should override our legitimate interests.
Please contact us if you wish to withdraw your consent to anything we do with your personal data.
In order to exercise these rights, you may contact us as described in the Contact Us section below. We will comply with your request to the extent required by applicable law. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country. In the UK, you have a right to complain to the Information Commissioner's Office (ICO). Information about how to do this is available on its website at www.ico.org.uk.
CHANGES TO OUR PRIVACY NOTICE
Any changes we may make to our notice in the future will be posted on this page. The date this notice was last revised is identified on the top of this page. Please check back frequently to see any updates or changes to our notice.
If you have any questions, comments and requests regarding this notice, how we handle your personal data, or if you would like to exercise any of your rights, please email our Privacy team at Privacy@pdftron.com or send a letter to: 500-838 West Hastings Street, Vancouver BC V6C 0A6 Canada. If you live in the UK or Europe you can contact our European representative by mail at Osano International Compliance Services Limited, ATTN: IKOL, 25/28 North Wall Quay, Dublin 1, D01 H104, Ireland.
ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
California residents may have additional rights under the California Consumer Privacy Act (“CCPA”) with respect to certain personal data that is not covered under a federal law. If you are a California resident, this section details your rights under the CCPA, how you may exercise those rights, and what we will do in response.
The CCPA requires us to disclose information regarding the categories of personal data we have collected about California consumers (as that term is defined in the CCPA) during the preceding twelve (12) months, the categories of sources from which the personal data was collected, the business or commercial purposes for collecting the personal data and the categories of personal data disclosed to third parties. The sources of identity, contact and financial data are from direct interactions with you, whereas the remainder of the data categories listed below are either automatically collected (including Hotjar) or come from digital markers and online tracking technologies. Please see section 2 and 3 above for further details. In the preceding 12 months, we collected and disclosed the following personal data about California consumers:Categories of personal data collected and disclosed to third parties Examples of Uses/business purposesIdentity dataCollected to provide you the information, products and services you request; respond to enquiries from you; schedule meetings with you; manage our relationship with you; carry out agreements entered into between you and us. Disclosed to our other group companies, business partners and suppliers when this is necessary to provide our services to our users or for the performance of any contract we enter into with you.Contact dataCollected to provide you the information, products and services you request; respond to enquiries from you; schedule meetings with you; manage our relationship with you; carry out agreements entered into between you and us. Disclosed to our other group companies, business partners and suppliers when this is necessary to provide our services to our users or for the performance of any contract we enter into with you.Financial dataCollected to carry out any agreements entered into between you and us. Disclosed to our service providers who provide certain services on our behalf such as data hosting or processing services. We will use contractual arrangements to protect personal data disclosed to these service providers.Transaction dataCollected to carry out any agreements entered into between you and us. Disclosed to service providers who provide certain services on our behalf such as data hosting or processing services. We will use contractual arrangements to protect personal data disclosed to these service providersTechnical dataAnalytics and search engine providers that assist us in the improvement and optimisation of our products; our service providers who provide certain services on our behalf such as data hosting or processing services. We will use contractual arrangements to protect personal data disclosed to these service providersProduct dataAnalytics and search engine providers that assist us in the improvement and optimisation of our products.Usage dataAdvertisers and advertising networks that require the data to select and serve relevant adverts to you and others. Such disclosures are typically aggregate information about our users and analyses of our server logs, traffic, or information relating to customer leads, including details regarding usage of our websites or apps and general information about our audience, and are not generally considered to be personal data; analytics and search engine providers that assist us in the improvement and optimisation of our productsMarketing & Communications dataAdvertisers and advertising networks that require the data to select and serve relevant adverts to you and others. Such disclosures are typically aggregate information about our users and analyses of our server logs, traffic, or information relating to customer leads, including details regarding usage of our websites or apps and general information about our audience, and are not generally considered to be personal data; analytics and search engine providers that assist us in the improvement and optimisation of our products.
PDFTron does not sell any personal data and does not have actual knowledge that it sells the personal data of users under 16 years of age.
In addition, we may share personal data of California consumers:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or (subject to confidentiality restrictions) during the due diligence process, in accordance with applicable law;
- if PDFTron or substantially all of its assets (or any group company or its assets) are acquired by a third party, in which case personal data held by it about its customers and users of its products will be one of the transferred assets, in accordance with applicable law;
- as otherwise may be required or permitted by applicable law.
California residents have the right to access and request:
- The categories of personal data that we collect.
- The categories of personal data we collected or sold in the previous 12 months.
- The categories of data disclosed for a business purpose in the previous twelve months.
- The specific pieces of personal data we collected about you.
California residents have the right to request the deletion of their personal data. However, this right does not apply to personal data that we need in order to:
- Complete the transaction for which the personal data was collected
- Detect or resolve security issues, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for the activity;
- Address any functionality-related issues
- Comply with any applicable federal or state law
- Conduct research in the public interest
- Ensure the right to free speech
- Carry out actions for internal purposes.
California residents have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights hereunder.
To exercise any of your rights as a consumer please submit a verifiable consumer request to us. You may submit a verifiable consumer request by emailing us at email@example.com or contact us via our website at https://www.pdftron.com/form/contact-us/. A California consumer may only make a verifiable request to exercise their rights twice within a 12-month period. The verifiable request must: (1) provide sufficient information for us to verify your identity, and (2) be in sufficient detail that we can reasonably understand the request, evaluate it, and respond. You may have an authorized agent submit a request to know, or a request to delete so long as you provide the authorized agent with written permission to submit the relevant request and you verify your own identify directly with us. Such restrictions do not apply where you provide your authorized agent with power of attorney pursuant to California Probate Code sections 4121 to 4130. If we are unable to verify your request then we will be unable to provide you with the information you seek or delete any personal data we retain.