| Name: | App User | Readdle Limited |
|---|---|---|
| Role in the processing: | Controller | Processor |
| Registered Address: | Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland | |
| Company Number: | 630281 | |
| Email: | rdsupport@readdle.com - for general enquiries dpo@readdle.com - for privacy enquiries |
This Data Processing Agreement (“DPA”) is an integral part of the Terms of Service (“Terms”) and governs the personal information processing activities between Readdle Limited (“Readdle” or “we”) and App Users that are the residents of the United States of America, and constitutes a binding agreement between the Controller and the Processor. In this DPA, Readdle and the App User shall be jointly referred to as the “Parties” and each separately as a “Party”.
The App User is the individual that has downloaded the Readdle application named Scanner Mini (“App”) available via https://apps.apple.com/us/app/scanner-mini-scan-pdf-fax/id581365763 to which the App User is being granted access under the Terms. Unless defined in this DPA, all capitalized terms used herein shall have the meaning given to them in the Terms. In the event of any conflict between the Terms and this DPA, the terms of this DPA shall prevail in relation to the processing of personal data set out in this DPA.
This DPA shall apply to the processing by Readdle of the personal information (“Personal Information”) of the third parties (“Third Parties”) provided in the scans of the documents made in the App by the App User.
The App User scans the files containing Personal Information into the App, and Readdle processes this Personal Information solely for the purpose of Readdle providing the App functionality to the App User.
Following the purposes of the processing of the Personal Information, it shall include, but is not limited to, the following:
Readdle processes the Personal Information the App User provides in App. The amount of the Personal Information is determined by the App User solely, and it may contain any personal information of the Third Parties, including, but not limited to, special categories of data.
The Parties will notify each other without undue delay if they become informed by the Third Party of inaccuracies in the Personal Information.
Readde shall store the Personal Information received from the Controller for the periods specified in the Scanner Mini Privacy Notice, available following the link https://readdle.com/scannermini/legal/privacy.
After that, Readdle shall delete or return all Personal Information to the App User.
Notwithstanding anything to the contrary in this section, Readdle may retain Personal Information, or any portion of it, if required by applicable law, provided such Personal Information remains protected in accordance with the Terms, this DPA, and applicable laws and regulations.
| Type of data | Reasons for processing | Legal basis |
|---|---|---|
| Personal Information contained in scans of the documents made by the App User. | Providing the App User with the App’s functionality with regard to these scans of the documents. | Performance of the contract. |
Sensitive information may be transferred for processing at the discretion of the Controller. The Processor shall implement safeguards to protect it (read more in Data Protection Measures).
Readdle shall not collect, retain, use, transfer, disclose, or otherwise process the Personal Information for any purpose other than providing the functionality of the App.
Readdle shall process the Personal Information only as necessary to provide the App functionality and to fulfill the obligations set out in the Terms.
Readdle does not use Personal Information outside of direct contractual relations.
Personal Information will be transferred for processing on a continuous basis.
Readdle collects the Third Parties’ Personal Information to process it upon the App User’s request.
The App User agrees that Readdle may engage sub-processors to process the Personal Information on behalf of the App User, providing the necessary safeguards.
Readdle may engage the sub-processor at any time at its sole discretion.
Readdle shall make available to the App User, upon its request, a current list of sub-processors engaged in connection with the provision of the App’s functionality.
Readdle transfers the Personal Information to its sub-processors solely for processing.
The Personal Information may only be disclosed to the following recipients or categories of recipients and only if appropriate safeguards are in place:
The Parties shall not have, derive, or exercise any rights or benefits regarding processing the Personal Information and may use and disclose the Personal Information solely for the purposes for which such the Personal Information was provided to it, as stipulated in this DPA.
The Parties certify that they understand the rules, requirements, and definitions of the California Consumer Privacy Act (“CCPA”) and agree to refrain from selling any Personal Information nor taking any action that would cause any transfer of the Personal Information to qualify as “selling” such Personal Information under the CCPA.
The Processor shall implement appropriate technical and organizational measures to protect the Personal Information.
Implemented measures must be appropriate to the scope and risks of Personal Information processing. Relevant technical measures must be implemented on every device and data storage the Processor uses to access and process Personal Information.
The Processor must ensure that its employees, agents, and contractors:
The Processor must implement at least the following safeguards:
| Physical measures | |
|---|---|
| Limited access to premises | |
| Organizational measures | |
Policies and instructions
|
Transfer protection
|
Agreements
|
|
| Contractor and staff training | Privacy protection:
|
| Regular access and policy review Code review |
|
| Technical measures | |
| Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys |
Backup We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. Critical services are operated redundantly in multiple data centers and controlled by a high-availability system. |
| Two-factor authentication | |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
| Stress-tests | |
In a case of a data loss or breach incident affecting the security of Personal Information, Readdle shall notify the App User via the email address(es) provided by the App User for the use of the App without undue delay, but in no event later than 72 hours after identifying any potential or actual loss or breach.
Readdle shall make reasonable efforts to identify and take those necessary and reasonable steps to remediate or mitigate the cause of such data loss or breach incident.
Readdle shall provide reasonable assistance to App User in the event that the App User is required under applicable law to notify a regulatory authority or any data subjects impacted by such data loss or breach incident.
Both Parties shall meet the requirements of the U.S. federal laws and privacy laws of states to the extent they may be applied as follows:
Regardless of the federal and state regulations and laws, the Processor is regulated by and meets the General Data Protection Regulation (GDPR) standards.
If there is a change of any relevant privacy laws, regulations, or rules, which affect the Terms of Service and this DPA in particular, the Processor shall amend it to comply with the law.
Сompetent supervisory authority is the Irish Data Protection Commission (DPC). For further information, please visit: https://www.dataprotection.ie/.