GDPR Compliance

As a user of our service, you have the following rights under GDPR: • Right to Access - You can request a copy of your personal data • Right to Rectification - You can correct inaccurate or incomplete data • Right to Erasure - You can request deletion of your personal data • Right to Restrict Processing - You can limit how we use your data • Right to Data Portability - You can request transfer of your data • Right to Object - You can opt out of certain data processing • Rights Related to Automated Decision Making - You can request human intervention To exercise any of these rights, please contact our Data Protection Officer.

We collect and process the following types of personal data: Essential Data: • Email address • Account credentials • Payment information • Usage statistics PDF Processing Data: • Uploaded PDF files • Generated CSV files • Conversion metadata • Processing timestamps Technical Data: • IP addresses • Browser information • Device details • Access logs All data collection is limited to what is necessary for service provision.

We implement robust security measures to protect your data: Technical Measures: • End-to-end encryption for file transfer • Secure data storage with encryption at rest • Regular security audits and penetration testing • Multi-factor authentication options • Automated threat detection Organizational Measures: • Staff security training • Access control policies • Data handling procedures • Incident response plans • Regular compliance reviews

Our data processing principles: • Data is processed lawfully, fairly, and transparently • Data is collected for specified, explicit, and legitimate purposes • Data processing is limited to what is necessary • We ensure data accuracy and keep records up to date • Data is kept only for as long as necessary • We maintain integrity and confidentiality • We are accountable and can demonstrate compliance All processing activities are documented and regularly reviewed.

Our data retention policies: File Retention: • PDF files: Deleted immediately after processing • CSV files: Stored for 30 days maximum • Conversion logs: 90 days Account Data: • Active accounts: Maintained while account is active • Inactive accounts: Archived after 12 months of inactivity • Deleted accounts: Removed within 30 days of deletion request Payment Data: • Retained as required by financial regulations • Stored securely through our payment processor

For users in the European Economic Area (EEA): • Data is primarily processed within the EEA • When data is transferred outside the EEA, we ensure: - Adequate level of protection - Appropriate safeguards - Standard contractual clauses - Privacy Shield compliance where applicable We maintain transparency about data locations and transfers.

For GDPR-related inquiries: Data Protection Officer Email: dpo@convertpdfcsv.com Phone: +1 (555) 123-4567 Address: San Francisco, CA Response Time: • General inquiries: Within 48 hours • Data access requests: Within 30 days • Urgent matters: Within 24 hours We are committed to addressing your privacy concerns promptly.