Last updated: 15 June, 2023
Readdle Limited (“Readdle” or “we”) welcomes you. We provide you with our application “Scanner Pro” (“App” or “Scanner Pro”) under these Terms of Service.
This Privacy Notice describes which of your personal data the Scanner Pro collects, how stores, processes, and uses it, and what happens when you use the Scanner Pro.
We collect your personal data according to this Privacy Notice when you use the App.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.
Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.
| Name | Readdle Limited |
|---|---|
| Company Number | 630281 |
| Address | Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland |
| rdsupport@readdle.com – for general inquiries dpo@readdle.com – for privacy inquiries |
When you use our App, you become our user (“User”).
| Type of data subject | Description |
|---|---|
| Free User | User who uses the App for free. |
| Subscription User | User who subscribed to our Plus subscription. |
| Expense Report Subscriber | User who subscribed for Expense Report functionality. |
| Support Requestor | User who requested customer support. |
| Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us. | |
We receive data when you visit our App and interact with it, depending on your actions in the App.
We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
To process your personal data, we rely on the following legal bases:
We collect technical data to optimize performance, debug issues, and enhance features while ensuring security and privacy in order to improve the overall user experience.
| Type of data | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| IP address. | Process. | The smooth operation of the App and improvement of the App. | Performance of the contract. |
| Code Type. | |||
| Report Version. | |||
| AccountsCache. | |||
| Locale. | |||
| Incident Identifier. | Path. | ||
| Parent Process. | |||
| Exception Type. | |||
| OneTimeCodes. | |||
| CrashReporter Key. | Timezone. | ||
| Date / Time. | |||
| Exception Codes. | |||
| DeviceUUID. | |||
| Hardware Model. | Version. | ||
| iOS/Android Version. | |||
| Crashed Thread. | |||
| DeviceName. | |||
| Data storage | |||
| Technical Data. | |||
Account data refers to all Users. We collect this data to track and analyze transactions, provide personalized experiences, maintain transaction history, and improve user engagement.
| Type of data | Description | Reasons for processing | Legal basis |
|---|---|---|---|
| ReceiptID. | Purchase_date_ms value from AppStore receipt data. | To identify, create and maintain the profile of the User. | Performance of the contract. |
| TransactionID. | Original_transaction_id value from first subscription inApp in AppStore receipt data. | ||
| ReceiptCache. | Cached response per receipts for client application. | ||
| ServiceIdentifier. | Id provided by service or user email. | ||
| UserIdentifier. | Email of the user. | ||
| EventData. | All data from server-to-server notification. | ||
| EventType. | Type of the event received from Apple server or external subscription provider service. | ||
| Data storage | |||
| Technical Data. | Stored until the App is in use. | ||
We collect Free User personal data to register you within the App, add preferred cloud services, and provide our services.
| When | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| Registration process. | Email. | To register you and to set up the App for you. | Performance of the contract. |
| Preference settings. | |||
| Scanning of the documents. | Documents and their content. | Provision of services. | Performance of the contract. |
| Add cloud services. | Email. | To facilitate file sharing between services. | Performance of the contract. |
| The service you like to add. | |||
| Account data from the service. | |||
| Data storage | |||
| Email. | Stored until unsubscribed from the email newsletter. | ||
| Documents and their content. | Stored on your device only, and you solely decide for how long to store it. | ||
| Preference settings; account data from services; the service you like to add. |
Stored until the App is in use. | ||
We collect Subscription User personal data to register you within the App, add preferred cloud services and provide our services. We also collect payment data to facilitate secure transactions and manage subscription services.
| When | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| Registration process. | Email. | To register you and to set up the App for you. | Performance of the contract. |
| Preference settings. | |||
| Scanning of the documents. | Documents and their content. | Provision of services. | Performance of the contract. |
| Add cloud services. | Email. | To facilitate file sharing between services. | Performance of the contract. |
| The service you like to add. | |||
| Account data from the service. | |||
| Payment provision. | Email. | To provide payment for the subscription. | Performance of the contract. |
| Payment details. | |||
| Data storage | |||
| Email. | Stored until unsubscribed from the email newsletter. | ||
| Documents and their content. | Stored on your device only, and you solely decide for how long to store it. | ||
| Preference settings; account data from services; the service you like to add. |
Stored until the App is in use. | ||
| Payment details. | Stored for 6 years. | ||
We collect Expense Report Subscriber personal data to register you within the App, add preferred cloud services and provide our services. We also collect payment data to facilitate secure transactions and manage Expense Report subscription services.
| When | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| Registration process. | Email. | To register you and to set up the App for you. | Performance of the contract. |
| Preference settings. | |||
| Scanning of the documents. | Documents and their content. | Provision of services. | Performance of the contract. |
| Scanning of receipts. | Receipts and their content. | Provision of services. | Performance of the contract. |
| Add cloud services. | Email. | To facilitate file sharing between services. | Performance of the contract. |
| The service you like to add. | |||
| Account data from the service. | |||
| Payment provision. | Email. | To provide payment for the subscription. | Performance of the contract. |
| Payment details. | |||
| Data storage | |||
| Email. | Stored until unsubscribed from the email newsletter. | ||
| Documents and their content; receipts and their content. |
Stored on your device only, and you solely decide for how long to store it. | ||
| Preference settings; account data from services; the service you like to add. |
Stored until the App is in use. | ||
| Payment details. | Stored for 6 years. | ||
When you address your request to support in the App, we collect some information to help you resolve the issue.
| When | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| You leave a support request | Email. | To respond to your request. | Performance of the contract. |
| Text of the request. | To fulfill your support request. | ||
| Data storage | |||
| Support request data. | Stored for 3 years after the end of the communication on the issue. | ||
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the legal basis for processing is determined by the respective privacy documents of these parties.
| Third parties | Privacy document of the respective party |
|---|---|
| Dropbox | Privacy Policy |
| Google Drive | Privacy Policy |
| OneDrive | Privacy |
| Box | Privacy Notice |
| OneNote | Privacy Statement |
| Evernote | Privacy Policy |
| WebDAV | Privacy Policy |
| Veryfi | Privacy Policy |
We use your personal data on the basis of the performance of the contract to provide services and communicate with the Users.
We share your data with the service providers (please, request Annex A. List of the processors to look through the list of service providers) and contractors to the extent necessary to provide services, technical and customer support, who, for example, help us:
In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third-party.
We can share your data on the following grounds: consent, compliance with the law, and performance of a contract.
Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.
Consent. We may transfer your personal data based on your explicit consent.
Compliance with the law. We may disclose your personal data to third parties to the extent that it is necessary:
Transfer of personal data to third parties. We may transfer your personal data to third parties based on a data processing agreement, subject to the application of technical and organizational measures to protect your personal data. We may share data with certain companies, consultants, and contractors hired to provide certain services to us or on our behalf.
Please note! We will ask for your consent if the transfer of data is not part of the contract.
The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.
There is no adequate decision by the European Commission regarding either the US or Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.
We systematically perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed.
To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).
Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements. You can contact customer support in case of any questions regarding the security issues.
Here you can find information about the specific steps we mentioned above:
| Physical measures | |
|---|---|
| Limited access to premises | |
| Organizational measures | |
Policies and instructions
|
Transfer protection
|
Agreements
|
|
| Contractor and staff training | Privacy protection:
|
| Regular access and policy review Code review |
|
| Technical measures | |
| Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys |
Backup We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. Critical services are operated redundantly in multiple data centers and controlled by a high-availability system. |
| Two-factor authentication | |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
| Stress-tests | |
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
| Right | Description |
|---|---|
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
| To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
You, as data subjects, have some special privacy rights. To use them, please contact us.
Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request, with the right to postpone it for 30 days more.
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you, but may include:
| Right | Description | Area | |
|---|---|---|---|
| Right to access | You can request an explanation of the processing of your personal data. | California Virginia Ohio Colorado Nevada Massachusetts |
Minnesota New York North Carolina Pennsylvania Delaware Utah |
| Right to rectification | You can change the information if it is inaccurate or incomplete. | California Virginia Colorado Nevada Delaware |
Massachusetts Minnesota New York North Carolina |
| Right to deletion | You can send us a request to delete your personal data from our systems. | California Virginia Ohio Colorado Massachusetts |
Minnesota New York North Carolina Pennsylvania Utah |
| Right to restriction | You may partially or completely prohibit us from processing your personal data. | California Massachusetts |
New York |
| Right to portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. | California Virginia Ohio Colorado Massachusetts |
Minnesota New York North Carolina Utah |
| Right to Opt-Out | The right to prohibit the sharing or selling of your data. | California Virginia Ohio Nevada Massachusetts Minnesota |
New York North Carolina Pennsylvania Delaware Colorado Utah |
| Right Against Automated Decision Making | You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. | California Virginia Colorado Massachusetts |
Minnesota North Carolina New York |
| Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. | by default | |
| Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by the CCPA.
Readdle does not sell your personal information to anyone nor use your data as a business model.
However, we support the CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us at dpo@readdle.com.
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Existing laws and requirements for processing personal data are subject to change. Should this be the case, we will publish a new version of the Privacy Notice addressing such changes in our App.
If we make substantial changes to the Privacy Notice or the App that affect your data privacy rights, we will notify you by email or display information in the App and ask you to read it. We will notify you in advance, and if you continue using the App after the changes come into effect, it shall be deemed that you have agreed to and accepted the updated Privacy Notice.