Name: | App User | Readdle Limited |
---|---|---|
Role in the processing: | Controller | Processor |
Registered Address: | Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland | |
Company Number: | 630281 | |
Email: | rdsupport@readdle.com - for general enquiries dpo@readdle.com - for privacy enquiries |
This Data Processing Agreement (“DPA”) is an integral part of the Terms of Service (“Terms”) and governs the personal information processing activities between Readdle Limited (“Readdle” or “we”) and App Users that are the residents of the European Economic Area, and constitutes a binding agreement between the Controller and the Processor. In this DPA, Readdle and the App User shall be jointly referred to as the “Parties” and each separately as a “Party”.
The App User is the individual that has downloaded the Readdle application named Scanner Pro (“App”) available via https://apps.apple.com/app/apple-store/id333710667 to which the App User is being granted access under the Terms. Unless defined in this DPA, all capitalised terms used herein shall have the meaning given to them in the Terms. In the event of any conflict between the Terms and this DPA, the terms of this DPA shall prevail in relation to the processing of personal data set out in this DPA.
This DPA shall apply to the processing by Readdle of the personal data (“Personal Data”) of the third parties (“Third Parties”) provided in the scans of the documents made in the App by the App User.
General Data Protection Regulation, applicable laws and regulations of the Republic of Ireland, and other applicable laws and regulations (“Applicable Law”) shall apply to the DPA.
The App User scans the files containing Personal Data into the App, and Readdle processes this Personal Data solely for the purpose of Readdle providing the functionality of the App to the App User.
Following the purposes of the processing of the Personal Data, it shall include, but is not limited to, the following:
Readdle processes the Personal Data the App User provides in App. The amount of the Personal Data is determined by the App User solely, and it may contain any personal data of the Third Parties, including, but not limited to, special categories of data.
The Parties will notify each other without undue delay if they become informed by the Third Party of inaccuracies in the Personal Data.
Readde shall store the Personal Data received from the Controller for the periods specified in the Scanner Pro Privacy Notice, available following the link https://readdle.com/scannerpro/legal/privacy.
After that, Readdle shall delete or return all Personal Data to the App User.
Notwithstanding anything to the contrary in this section, Readdle may retain Personal Data, or any portion of it, if required by applicable law, provided such Personal Data remains protected in accordance with the Terms, this DPA, and applicable laws and regulations.
Type of data | Reasons for processing | Legal basis |
---|---|---|
Personal Data contained in scans of the documents made by the App User. | Providing the App User with the App’s functionality with regard to these scans of the documents. | Performance of the contract. |
Sensitive data may be transferred for processing at the discretion of the Controller. The Processor shall implement safeguards to protect it (More: Data Protection Measures).
Readdle shall not collect, retain, use, transfer, disclose, or otherwise process the Personal Data for any purpose other than providing the functionality of the App.
Readdle shall process the Personal Data only as necessary to provide the App functionality and to fulfil the obligations set out in the Terms.
Readdle does not use Personal Data outside of direct contractual relations.
Personal Data will be transferred for processing on a continuous basis.
Readdle collects the Third Parties’ Personal Data to process it upon the App User’s request.
The App User agrees that Readdle may engage sub-processors to process the Personal Data on behalf of the App User, providing the necessary safeguards.
Readdle may engage the sub-processor at any time at its sole discretion.
Readdle shall make available to the App User, upon its request, a current list of sub-processors engaged in connection with the provision of the App’s functionality.
Readdle transfers the Personal Data to its sub-processors solely for processing.
The App User consents to the engagement of affiliate service providers as sub-processors in the scope of performance of the contract by Readdle.
With respect to changes of the sub-processors providing the services of server hosting the code and databases resulting in the change of the state of such sub-processor (excluding such change within the European Economic Area), Readdle shall endeavour to give notice sixty (60) days prior to any change but in any event, shall give notice no less than thirty (30) days prior to any such change.
The Personal Data may only be disclosed to the following recipients or categories of recipients and only if appropriate safeguards are in place:
As part of the App’s functionality, Readdle provides the App User with a number of self-service features, including the ability to delete, obtain a copy of, or restrict the use of Personal Data.
The App User may use these self-service features to assist in complying with its obligations under Applicable Law with respect to responding to requests from data subjects via the App at no additional cost.
In addition, upon App User’s request, Readdle will provide reasonable additional and timely support (at App User’s expense only if complying with the App User’s request will require Readdle to assign significant resources to that effort) to assist the App User in complying with its data protection obligations with respect to data subject rights under Applicable Law.
The Party shall promptly inform the other Party in writing in the event that the Party receives:
The Parties agree to cooperate, in good faith, as necessary to respond to any such requests and fulfil their respective obligations under Applicable Law.
The Processor shall implement appropriate technical and organizational measures to protect the Personal Data.
Implemented measures must be appropriate to the scope and risks of Personal Data processing. Relevant technical measures must be implemented on every device and data storage the Processor uses to access and process Personal Data.
The Processor must ensure that its employees, agents, and contractors:
The Processor must implement at least the following safeguards:
Physical measures | |
---|---|
Limited access to premises | |
Organizational measures | |
Policies and instructions
|
Transfer protection
|
Agreements
|
|
Contractor and staff training | Privacy protection:
|
Regular access and policy review Code review |
|
Technical measures | |
Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys |
Backup We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. Critical services are operated redundantly in multiple data centers and controlled by a high-availability system. |
Two-factor authentication | |
Static Analysis | Quality Assurance |
Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
Stress-tests |
In a case of a data loss or breach incident affecting the security of Personal Data, Readdle shall notify the App User via the email address(es) provided by the App User for the use of the App without undue delay, but in no event later than 72 hours after identifying any potential or actual loss or breach.
Readdle shall make reasonable efforts to identify and take those necessary and reasonable steps to remediate or mitigate the cause of such data loss or breach incident.
Readdle shall provide reasonable assistance to App User in the event that the App User is required under Applicable Law to notify a regulatory authority or any data subjects impacted by such data loss or breach incident.
Readdle shall provide reasonable cooperation to the App User in connection with any data protection impact assessment (at App User’s expense only if such reasonable cooperation requires Readdle to assign significant resources to that effort) and consultations with regulatory authorities that may be required in accordance with Applicable Law.
Both Parties shall meet the requirements of the EU privacy regulations and laws of the Republic of Ireland to the extent they may be applied, including the General Data Protection Regulation.
If there is a change of any relevant privacy laws, regulations, or rules, which affect the Terms of Use and this DPA in particular, the Processor shall amend it to comply with the law.
Сompetent supervisory authority is the Irish Data Protection Commission (DPC). For further information, please visit: https://www.dataprotection.ie/.