Data protection PDFTool
Safety and Data
Introduction
With the following data protection declaration we would like to explain to you which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender specific.
As of November 3, 2021
Responsible person
SmileMotion Limited
Level 35 | The Gateway West
150 Beach Road
189720
Singapore
E-mail address: hello@smilemotion.org
Safety measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we already consider the protection of personal data in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consent permitted for processing is revoked or other permissions are no longer applicable (e.g. if the purpose of processing this data is no longer applicable or is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons, or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. Our data protection information may also contain further information on the storage and deletion of data, which have priority for the respective processing.
Use of cookies
Cookies are text files that contain data from visited websites or domains and are stored on the user's computer by a browser. A cookie is primarily used to store information about a user during or after their visit to an online offer. The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the place where a video was viewed. The term cookies also includes other technologies that fulfill the same functions as cookies (e.g. if user information is stored using pseudonymous online identifiers, also known as "user IDs")
Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and its improvement) or, if the use of cookies is necessary, to fulfill our contractual obligations.
Storage duration: If we do not provide you with any explicit information on the storage duration of permanent cookies (e.g. in the context of a so-called cookie opt-ins), please assume that the storage duration can be up to two years.
General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option to revoke your consent or to object to the processing of your data using cookie technologies ( collectively referred to as "opt-out") at any time. You can first explain your objection using the settings of your browser, e.g. by deactivating the use of cookies (which can also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ . In addition, you can receive further objection notices in the context of the information on the service providers and cookies used.
- Processed data types: usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Legal basis: consent, legitimate interests.
Payment method
In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the persons concerned efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively "payment service providers").
The data processed by the payment service provider includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. The data may be transmitted to the credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this we refer to the terms and conditions and the data protection information of the payment service providers.
For payment transactions, the terms and conditions and the data protection information of the respective payment service provider apply, which can be called up within the respective websites or transaction applications. We also refer to these for the purpose of further information and the assertion of rights of revocation, information and other data subjects.
- Processed data types: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta / communication data ( e.g. device information, IP addresses).
- Affected persons: customers, interested parties.
- Purposes of processing: provision of contractual services and customer service.
- Legal bases: fulfillment of contracts and pre-contractual inquiries, legitimate interests.
Used services and service providers:
- Stripe: payment services; Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com; Data protection declaration: https://stripe.com/de/privacy.
Provision of the online offer and web hosting
In order to be able to provide our online offer safely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed as part of the provision of the hosting offer can include all information relating to the users of our online offer that is generated in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.
Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files can include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.
On the one hand, the server log files can be used for security purposes, e.g. to avoid overloading the server (especially in the case of improper attacks, so-called DDoS attacks) and on the other hand to ensure the load on the servers and their stability.
- Processed data types: content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Purpose of processing: Provision of our online offer and user-friendliness.
- Legal basis: Legitimate interests.
Cloud services
We use software services (so-called "cloud services", also known as "software as a service") that are accessible via the Internet and run on the servers of their providers for the following purposes: document storage and management, calendar management, sending e-mails, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information as well as chats and participation in audio and video conferences.
In this context, personal data can be processed and stored on the servers of the provider, as far as they are part of communication processes with us or otherwise processed by us, as set out in this data protection declaration. This data can include, in particular, master data and contact details of the users, data on transactions, contracts, other processes and their content.
- Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. devices Information, IP addresses).
- Affected persons: customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.
- Purposes of processing: office and organizational procedures.
- Legal basis: Consent, contract fulfillment and pre-contractual inquiries, legitimate interests .
Online marketing
We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed.
The IP addresses of the users are also saved. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored in the context of the online marketing process, but pseudonyms. This means that we, as well as the providers of online marketing processes, do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar processes. Generally, these cookies can also later be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.
As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. through consent during registration.
In principle, we only have access to summarized information about the success of our advertisements. However, within the scope of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.
- Processed data types: usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Purposes of processing: Marketing, profiles with user-related information (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures).
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consen, legitimate interests.
- Opposition option (opt-out): We refer to the data protection information of the respective provider and the options for objection given to the provider (so-called "opt-out"). Unless an explicit opt-out option has been specified, you have the option to switch off cookies in your browser settings. However, this can restrict the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a - Europe: https://www.youronlinechoices.eu . b - Canada: https://www.youradchoices.ca/choices. c - USA: https://www.aboutads.info/choices. d - Cross-regional: https://optout.aboutads.info.
Used services and service providers:
- Google Analytics: online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection declaration: https://policies.google.com/privacy; Opposition option (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://adssettings.google.com/authenticated; Types of processing and processed data: https://privacy.google.com/businesses/adsservices; Data processing conditions for Google advertising products and standard contractual clauses for third country transfers of data: https://business.safety.google/adsprocessorterms.
- Google Ads and conversion measurement: We use the online marketing process "Google Ads" to place advertisements in the Google advertising network (e.g. in search results, in on websites, etc.) so that they can be displayed to users who have a suspected interested in the advertisements. We also measure the conversion of the ads. However, we only find out the anonymous total number of users who clicked on our ad and were forwarded to a page with a so-called "conversion tracking tag". However, we ourselves do not receive any information that can be used to identify users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Types of processing and processed data: https://privacy.google.com/businesses/adsservices; Data processing conditions for Google advertising products: Information on the data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
Presence in social networks (social media)
We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because, for example, the enforcement of the users' rights could be made more difficult.
Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests of the user. The usage profiles can be used again, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Facebook pages: We are jointly with Facebook Ireland Ltd. responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook data policy: https://www.facebook.com/policy). As explained in the Facebook data policy under "How do we use this information?", Facebook also collects and uses information to provide analysis services, so-called "Page Insights", for website operators so that they can obtain information about how people are using their pages and interact with the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and which Facebook itself has agreed to fulfill the rights of the data subject (ie users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).
- Processed data types: contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Purposes of processing: contact requests and communication, feedback (e.g. collecting feedback via online form), marketing.
- Legal bases: Legitimate interests.
Used services and service providers:
- Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Data protection declaration: https://instagram.com/about/legal/privacy.
- Facebook pages: profiles within the social network Facebook; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland; Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy> Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing.
- Pinterest: social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ,; Website: https://www.pinterest.com; Data protection declaration: https://about.pinterest.com/de/privacy-policy; https://business.pinterest.com/de/pinterest-advertising-services-agreement/ (APPENDIX A: Pinterest appendix on data exchange).
- Twitter: social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Data protection declaration: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization.
Additional data protection provisions for PDF-Tool.com
With the tool we provide, a user is able to perform various actions with files. The tool processes files that the user must provide. This includes, for example, converting files into PDF format. All files uploaded for processing in this area, which may contain personal data, are stored on a special server infrastructure for processing and subsequent download. The purpose of this storage is the processing of the files and the provision of the results. The upload of the files and the subsequent download of the results are protected by SSL.
If you use our PDF service and upload or otherwise make user files available for this purpose, we process the user files and metadata (such as file size, file name and file type) and can save the user files. Such files and information may contain personally identifiable information relating to you or others, and you remain fully responsible for all personal information contained in the user files. We process this information in order to provide you with our PDF service.
We will only store your personal data and user files that you upload for as long as is necessary to achieve the purpose for which they were collected or to fulfill legal obligations. To do this, we apply criteria to determine the appropriate periods for the storage of your personal data depending on the processing purpose.
Back Home