Last updated: 8 December 2022
We are Readdle Limited (“Readdle” or “we”), and we provide you with our application “Scanner Mini” (“App” or “Scanner Mini”) under the Terms of Service.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.
This Privacy Notice describes how your personal data is collected, stored, and used and what happens when you use Scanner Mini.
We do not collect, track or store any personal data over what we need to provide and improve our products and services or help you in case of problems with the App.
For us, you can be:
| Data subject | Description |
|---|---|
| User | any natural person or legal entity who uses the App. |
This Privacy Notice is our (data controller) statement to you (data subject) that describes how we collect, use, retain and disclose personal data.
This Privacy Notice applies to the App, available on the App Store.
You own and control the personal data we collect about you. You can choose not to provide certain information or disable it and prevent us from collecting, storing, and processing it.
Please be aware you will not be able to take advantage of some of the Scanner Mini’s features in this case.
We are Readdle Limited ("Readdle" or "we"), and we operate the Service.
| Service Provider | Readdle Limited |
| Registration number | 630281 |
| VAT | IE 3560869EH |
| Address |
Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland. |
|
dpo@readdle.com — for privacy questions rdsupport@readdle.com — for other questions |
Our support team is happy to assist you in any matter. We sincerely ask you to be polite and calm in your communication. Otherwise, we will not respond to emails containing offensive or abusive language.
We collect your personal data according to this Privacy Notice when you use the App.
| Please note: The scanned documents are mainly stored locally on your device. Scanner Mini accesses them only when you expressly share them with us, send them to our customer support team or send faxes via the App. |
Mainly, we process technical data and the data you give to us.
We can process personal data based on the following legal bases:
| IP address | Incident Identifier | CrashReporter Key | Hardware Model |
|---|---|---|---|
| Process |
Path |
timezone |
Version |
| Code Type |
Parent Process | Date / Time | iOS/Android Version |
| Report Version |
Exception Type |
Exception Codes |
Crashed Thread |
| AccountsCache |
OneTimeCodes |
deviceUUID |
deviceName |
| locale |
It is the same for all data subjects. It includes:
| Name | Description |
|---|---|
| receiptID | purchase_date_ms value from AppStore receipt data |
| transactionID | original_transaction_id value from first subscription inApp in AppStore receipt data |
| receiptCache | cached response per receipts for client application |
| serviceIdentifier | id provided by service or user email |
| userIdentifier | email of the user |
| eventData | all data from server-to-server notification |
| eventType | type of the event received from Apple server or external subscription provider service |
Not technical data: user ID, licence number, deviceUUID, subscription expiration date, availableDevices, token, country, usage data, diagnostic data.
Data provided by the User: email, scans of the documents, payment data, account data from Dropbox, Evernote, Google Drive, Box, iCloud Drive, OneDrive, OneNote or any other WebDAV-enabled online storage.
| Note: You can connect FaceID or TouchID to protect the app, but your biometric data is stored exclusively on your device. We do not receive this data. |
Once again, briefly about what personal data we collect:
| When | Type of data | Description of data | Legal basis | Reasons for processing |
|---|---|---|---|---|
| App usage | Provided | email, preference settings (aggregated) | Performance of a contract | Providing a service |
| Sending faxes | Provided | scans of the documents | Performance of a contract | Providing a service |
| Share by link | Provided | scans of the documents | Performance of a contract | Providing a service |
| Add cloud for other services | Provided |
email, scans of the documents |
Performance of a contract | Providing a service |
| Marketing | Provided | Legitimate interest | Marketing | |
| Help requests | Provided | Name, emails, additional information in support requests. | Performance of a contract | Customer support |
| App usage | Collected | History of requests, account data. | Legitimate interest | Customization of our services |
| App usage | Collected | Language Country (aggregated) | Legitimate interest |
Analytics, Statistics |
| App usage | Assigned | User ID, licence number, deviceUUID, subscription expiration date, availableDevices, token | Performance of the contract | Provision of services |
| Sending document feedback | Provided |
Scanned documents, text feedback |
Legitimate interest | Improvement of our services |
The services are not directed at individuals under 16. We do not knowingly collect personal data from children under 16.
If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information.
If you become aware that a child has provided us with personal data, please contact us.
| Storage limitation | |
|---|---|
| Data that are processed on the basis of a performance of the contract | Stored for 3 years after completion of services OR 1 year from the last communication |
| Data that are processed on the basis of a legitimate interest | Stored for 1 year after the completion of services/unsubscribe OR 1 year from the last communication |
| Data that are processed on the basis of a consent | Until you withdraw your consent |
| Scans of the documents shared by link | Stored for 1 week after the use of the function |
After the periods indicated in the Storage limitation table above, we aggregate and anonymise the data and store it for statistical and analytical purposes.You can exercise your right to request us to delete your personal data. In this case, we will delete your personal data from our servers within 30 days of your request.
However, you can exercise your right to delete your data. In this case, we will delete your data from our servers within 30 days of your request.
The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.
There is no adequate decision by the European Commission regarding either the US or Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here and in our Data Processing Agreement.
However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.
We use your personal data to perform a contract and communicate between our users and us. We share your personal data with our contractors to perform a contract. Also, we transfer your data on the following grounds:
Consent. We transfer your personal data based on your explicit consent.
Compliance with the law. We will disclose your personal data to third parties to the extent that it is necessary:
Transfer to third parties. We transfer your personal data to third parties on the basis of a public offer for processing on our behalf, subject to technical and organisational measures to protect your personal data. We may transfer your data to certain companies, consultants, and contractors hired to provide certain services on our behalf.
| Third parties | Description | Link to privacy documents |
|---|---|---|
| Apple | We use it to manage your payments. | link |
| Revenue Cat | We use it to track subscriptions. | link |
| CampaignMonitor | We send a list of all accounts there for statistics. | link |
| GoogleCloud | Here we store our databases and logs. | link |
| Amplitude | We use it for technical data management and process anonymous data. | link |
| MailChimp | We send a list of all accounts there for statistics. | link |
| DropBox | We start using Dropbox if you chose to connect your account to it in the App. | link |
| Evernote | We start using Evernote if you choose to connect your account to it in the App. | link |
| Box | We start using Box if you choose to connect your account to it in the App. | link |
| iCloudDrive | We start using iCloud Drive if you choose to connect your account to it in the App. | link |
| OneNote and OneDrive | We start using OneNote if you choose to connect your account to it in the App. | link |
| PamFax | We use PamFax when you send faxes via Scanner Mini. | link |
We regularly perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organisational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed. We follow ISO 27001 Standard to put all security controls in place as a basis.
To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).
Moreover, we systematically monitor our technologies’ state of the art. All our contractors are under contractual obligations compliant with the GDPR requirements.
Here you can find information about the steps we mentioned above:
| Physical measures | |
|---|---|
|
Limited access to premises We use logically separate databases to prevent unauthorised persons from accidentally reading data to separate data. Access to the data is also restricted because employees use services (applications) that control access. |
|
| Stress-tests | |
| Organisational measures | |
Policies and instructions
|
Transfer protection
|
Agreements
|
|
| Contractor and staff training |
Privacy protection
|
|
Regular access and policy review Code review |
|
| Technical measures | |
|
Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys |
Backup: We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. |
| Two-factor authentication | Critical services are operated redundantly in multiple data centres and controlled by a high-availability system. |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
| The right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
You, as data subjects, have some special privacy rights. To use them, please contact us.
| Note: Depending on the state and legislative requirements, we have 30 to 60 days to exercise your request with the right to postpone it for 30 days more. |
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you, but may include:
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
| The right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
If your request is not satisfied, you can file a complaint with the regulatory body — The Data Protection Commission (DPC).
California residents visiting our websites may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer's online activities over time and across third-party websites or online services.
We currently do not have the ability to honour these requests. We may modify this Notice as our abilities change.
This Privacy Notice and the relationships falling under its effect are regulated by the GDPR.
Existing laws and requirements for personal data processing are subject to change. In this case, we will publish a new version of the Privacy Notice in the App.
If significant material changes affect your privacy and confidentiality, we will notify you by displaying information in the App and ask for your consent.