Back to Home

GDPR Compliance

Your data protection rights under the General Data Protection Regulation (GDPR)

Last Updated: January 9, 2026

Quick Navigation

GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union (EU). At WoowPDF, we are fully committed to GDPR compliance and protecting the privacy rights of all our users, regardless of their location.

Key GDPR Principles We Follow

  • Lawfulness, fairness, and transparency: We process data legally, fairly, and transparently
  • Purpose limitation: We collect data only for specified, explicit purposes
  • Data minimization: We collect only what is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We protect data with appropriate security
  • Accountability: We demonstrate compliance with all principles

This page explains your rights under GDPR and how WoowPDF ensures compliance with all data protection requirements.

Data Controller Information

WoowPDF acts as the data controller for the personal data we collect through our services. This means we determine the purposes and means of processing your personal data.

Controller Details:

Organization:

WoowPDF LLC

Data Protection Officer:

support@woowpdf.com

Data We Collect

👤

Account Information

Email addressName (optional)Password (encrypted)Account preferences
Retention: Until account deletion
Purpose: Account management and authentication
📊

Usage Data

IP addressBrowser typeDevice informationPages visitedTime and date of visit
Retention: 2 years
Purpose: Service improvement and analytics
📄

File Metadata

File namesFile sizesUpload timestampsConversion types
Retention: 30 days
Purpose: Service delivery and support
💬

Communication Data

Support ticketsEmail correspondenceFeedback submissions
Retention: 3 years
Purpose: Customer support and service improvement
💳

Payment Information

Billing namePayment method (tokenized)Transaction history
Retention: 7 years (legal requirement)
Purpose: Payment processing and fraud prevention

How We Process Your Data

We process your personal data for the following purposes:

Service Delivery

To provide, maintain, and improve our PDF conversion and editing services.

Account Management

To create and manage your account, authenticate users, and provide customer support.

Payment Processing

To process payments for premium subscriptions and maintain transaction records.

Communication

To send service-related notifications, updates, and respond to your inquiries.

Analytics & Improvement

To analyze usage patterns, improve our services, and develop new features.

Security & Fraud Prevention

To detect, prevent, and address security issues and fraudulent activities.

Legal Compliance

To comply with legal obligations, enforce our terms, and protect our rights.

Marketing (with consent)

To send promotional materials and newsletters if you have opted in.

Data Retention Policy

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.

Retention Periods:

Uploaded Files

Automatically deleted within 1 hour after processing

Account Data

Retained until you delete your account or request deletion

Usage Analytics

Retained for 2 years for service improvement

Support Communications

Retained for 3 years for quality assurance

Payment Records

Retained for 7 years for tax and legal compliance

After the retention period expires, personal data is securely deleted or anonymized so that it can no longer identify you.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data. These rights are fundamental to data protection and we are committed to facilitating their exercise.

Right to Access

Request copies of your personal data we hold.

We will provide you with a copy of your personal data in a commonly used electronic format within 30 days.

Right to Rectification

Correct inaccurate or incomplete data.

You can request corrections to any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data.

Also known as the "right to be forgotten", you can request deletion of your data under certain circumstances.

Right to Restriction

Limit how we use your data.

You can request that we restrict the processing of your personal data in certain situations.

Data Portability

Receive your data in a portable format.

You have the right to receive your data in a structured, machine-readable format and transfer it to another service.

Right to Object

Object to certain types of processing.

You can object to processing based on legitimate interests, direct marketing, or for research purposes.

Right to Access

You have the right to obtain confirmation that we process your personal data and request access to that data. This is also known as a Subject Access Request (SAR).

What You Can Request:

  • A copy of all personal data we hold about you
  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipients
  • The retention period
  • Information about the source of the data

Response Time: We will respond to your request within 30 days. The first copy of your data is provided free of charge. For additional copies, we may charge a reasonable fee based on administrative costs.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

How to Update Your Data:

  • • Log into your account settings
  • • Update your profile information directly
  • • Contact us for data you cannot change yourself

Our Commitment:

  • • We correct inaccuracies without undue delay
  • • We notify third parties if necessary
  • • We confirm corrections to you

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances.

You Can Request Deletion When:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Exceptions:

We may refuse deletion if the data is necessary for compliance with legal obligations, establishment of legal claims, or for archiving purposes in the public interest.

Right to Restriction of Processing

You have the right to request that we limit the way we use your personal data in certain circumstances.

You Can Request Restriction When:

1️⃣

Data Accuracy is Contested

While we verify the accuracy of the data you've challenged

2️⃣

Unlawful Processing

Processing is unlawful but you prefer restriction over deletion

3️⃣

Data No Longer Needed

We don't need the data but you need it for legal claims

4️⃣

Pending Objection

While we verify whether our legitimate grounds override yours

When processing is restricted, we can only store the data and will only process it with your consent, for legal claims, or to protect another person's rights.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

What You Receive:

  • • Data in JSON or CSV format
  • • All data you provided to us
  • • Data processed by automated means
  • • Data based on consent or contract

How It Works:

  • • Request via your account settings
  • • Receive download link via email
  • • Transfer to another service
  • • No charge for this service

Note: This right only applies to data you provided to us and that we process based on consent or for contract performance.

Right to Object

You have the right to object to certain types of processing, including processing based on legitimate interests and direct marketing.

Object to Direct Marketing

You have an absolute right to object to direct marketing at any time. We will stop processing your data for this purpose immediately.

How to opt out: Click the "unsubscribe" link in any marketing email or update your preferences in your account settings.

Object to Legitimate Interest Processing

You can object to processing based on legitimate interests. We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Examples: Analytics, fraud prevention, service improvement

Object to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption

Implemented

256-bit SSL/TLS encryption for all data in transit and AES-256 encryption for data at rest.

Access Controls

Implemented

Role-based access control (RBAC) with multi-factor authentication for all staff.

Regular Audits

Ongoing

Annual security audits and penetration testing by independent third parties.

Data Minimization

Implemented

We collect only the minimum data necessary to provide our services.

Automatic Deletion

Implemented

Uploaded files are automatically deleted within 1 hour of processing.

Staff Training

Ongoing

Mandatory GDPR and data protection training for all employees.

Continuous Improvement: We regularly review and update our security measures to protect against new threats and vulnerabilities.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) that may have different data protection standards.

Safeguards We Use:

Standard Contractual Clauses (SCCs)

We use EU-approved Standard Contractual Clauses for transfers to third countries

Adequacy Decisions

We transfer data to countries with EU adequacy decisions when possible

Privacy Shield Certified Partners

We work with service providers that comply with data protection frameworks

For more information about the safeguards we use for international transfers, please contact our Data Protection Officer.

Data Breach Notification

In the unlikely event of a personal data breach, we have procedures in place to respond quickly and appropriately.

Our Commitment:

Within 72 Hours

We will notify the relevant supervisory authority of any breach that poses a risk to individuals' rights and freedoms

Direct Notification

We will inform you directly if the breach is likely to result in a high risk to your rights and freedoms

Mitigation Actions

We will take immediate steps to contain and remediate the breach and prevent future incidents

Information We Will Provide:

  • • Nature of the personal data breach
  • • Categories and approximate number of individuals affected
  • • Likely consequences of the breach
  • • Measures taken or proposed to address the breach
  • • Contact details for our Data Protection Officer

Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring GDPR compliance.

Contact Our DPO:

Postal Address

Data Protection Officer, WoowPDF LLC
Privacy Department
[Company Address]

You can contact our DPO with any questions about how we process your personal data, to exercise your GDPR rights, or to raise concerns about our data protection practices.

Complaints & Supervisory Authority

If you believe we have not handled your personal data properly or have violated your GDPR rights, you have the right to lodge a complaint.

First Step: Contact Us

We encourage you to contact us first so we can address your concerns directly.

support@woowpdf.com

Supervisory Authority

You have the right to lodge a complaint with the data protection authority in your country of residence, workplace, or where the alleged infringement occurred.

EU Supervisory Authorities:

For a list of EU data protection authorities, visit: https://edpb.europa.eu/about-edpb/board/members_en

How to Exercise Your GDPR Rights

You can exercise your GDPR rights through the following methods:

Account Settings

Log in and manage your data directly from your account dashboard

Email Request

Send us an email with your request

support@woowpdf.com

Contact Form

Submit a formal request through our contact page

Contact Form →

What to Include in Your Request:

  • Your full name and email address associated with your account
  • A clear description of the right you wish to exercise
  • Any specific details about the data you're referring to (if applicable)
  • Proof of identity (for security purposes)

Response Timeline:

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days and will inform you of the extension and reasons.

Identity Verification: To protect your data, we may need to verify your identity before processing your request. This helps ensure we don't disclose your personal data to unauthorized parties.

Contact Information

If you have any questions about this GDPR compliance statement, your data protection rights, or our privacy practices, please contact us:

Data Protection Officer

support@woowpdf.com

Contact Form

Submit Request

Last Updated: January 9, 2026
This GDPR compliance statement is reviewed and updated regularly to ensure ongoing compliance with data protection regulations.

Additional Privacy Resources

Privacy Policy

Learn how we collect and use your data

Cookies Policy

Understand our cookie usage

Terms & Conditions

Read our terms of service