Privacy Policy

Updated: May, 2023

Crystal PDF values your privacy. This document, referred to as the “Privacy Policy,” is a crucial component of our Terms and Conditions, available at http://crystalpdf.com/conditions/. It pertains to all activities involving the gathering, processing, and transferring of information conducted by Crystal PDF (“Company,” “us,” or “our”) in relation to users (“user” or “you”) of our software and extensions, as defined in the Terms and Conditions.

This Privacy Policy also outlines information required by the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), where applicable.

We encourage users to thoroughly examine this policy prior to downloading, accessing, or utilizing our products. Moreover, if you are a resident of California, please take a moment to review the specific CCPA Privacy Notice available at https://crystalpdf.com/ccpa/ .

Terms that are capitalized and not defined within this document will carry the meanings attributed to them in the Terms and Conditions.

The Privacy Policy in a nutshell:

You are not mandated by law to share any Personal Information (as defined below) with us. However, keep in mind that certain services we offer require the handling of specific Personal Information, as detailed in this Privacy Policy. If this information is not provided, we may not be able to offer you all or portions of our services.
Our Software, products, and related services are intended for users aged 16 or older, or the minimum age required for consent regarding the processing of Personal Information in the respective jurisdiction. Individuals below this age are not allowed to access our services or share any Personal Information with us.
Under applicable legislation, you may have the right to examine, modify, delete, or limit the processing of your Personal Information. For more details on your rights, please refer to the “Data Subject Rights” section below.
We do not sell, trade, or rent Users' Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Product and/or Software/ extension to our Users, or other limited circumstances set forth herein.
We do not sell, barter, or lease Users' Personal Information to third parties. We only disclose Personal Information to third parties when necessary for providing the Product and/or Software to our Users, or in other specific situations described herein.

If you have inquiries or wish to obtain more information about your Personal Information that we process in connection with this Privacy Policy, please contact us at: [email protected].

Collection and Use of Data

The Company gathers and handles various information about Users when they utilize, install, or engage with the Product and Software/extension.

“Personal Data” or “Personal Information,” as defined by relevant legal standards, refers to any information that can identify an individual or could reasonably be used to identify someone. This category may encompass online identifiers such as IP addresses, names, email addresses, and more.

“Non-Personal Data” refers to technical and aggregated information that does not identify you and cannot be linked back to you.

Should we choose to merge Personal Data with Non-Personal Data, we will regard the combined information as Personal Data.

Legal Grounds for Data Processing under the EU General Data Protection Regulation (GDPR)
The following outlines the types of data we process, our methods of processing, and how we utilize your information. In this context, we aim to clarify the legal grounds for such processing as mandated by the GDPR: (i) We handle certain Personal Data when you engage with the Product, as we have a legitimate interest in processing this information; (ii) If you reach out to us, we will process your details and any other information you choose to share to fulfill our contract with you (e.g., your contact information); and (iii) We will process specific Personal Data based on your consent, as applicable.

In line with GDPR requirements, we function as the Data Controller for the Personal Data we collect and describe in this document.

When you engage with the Product and/or Software/extension, we will gather your Internet Protocol address (“IP”) and/or MAC address. We will also collect technical details transmitted from your device. This information includes the type of device you use, the operating system (e.g., iOS), statistical data, browser version, language settings, timestamps of your access and usage, approximate geographical location, the URL that directed you to the Product, and the applications installed on your device.

We implement common practices to anonymize IP addresses immediately after collection, ensuring they are stored in a manner that does not qualify as Personal Data.

The acquisition of the IP address is vital for providing the services associated with the Product and Software/extension. Consequently, we may utilize this information to manage and secure our Product and Software/extension. Additionally, we will use this data for legitimate reasons, such as auditing and monitoring installations, identifying security issues and fraudulent activities, and managing our business operations (e.g., evaluating considerations for our business partners).

Should you voluntarily reach out to us through any available communication methods (such as sending an email), you will need to furnish your contact details, including your name and email address.

We will utilize the provided contact information and maintain a record of your correspondence with us to respond to your inquiries, provide assistance, or fulfill any other requested service. We will keep this communication history for potential future references, such as for claims, support, and improving our services.

The California Consumer Privacy Act 2018 (“CCPA”)

The Categories of Personal Information Collected and Shared by Us

Be aware that under the CCPA, the term Personal Information does not encompass: (i) information that is publicly accessible from governmental records; and (ii) consumer information that has been de-identified or aggregated.

In accordance with the CCPA stipulations, the following table outlines the types of Personal Information we gather from you:

Category	Examples	Collected
A. Identifiers.	A person's actual name, alternative name, mailing address, distinct personal identifier, online username, Internet Protocol address, email address, account designation, Social Security number, driver's license number, passport number, or comparable unique identifiers.	Yes
B. Categories of personal data specified in the California Customer Records law (Cal. Civ. Code § 1798.80(e)).	A person's name, signature, Social Security number, physical traits or description, home address, phone number, passport number, driver's license or state ID number, insurance policy number, educational background, work history, bank account number, credit card details, debit card information, or any other financial data, health-related information, or health insurance details. Some of the personal data in this category may intersect with other categories.	No
C. Characteristics of protected classifications as defined by California state or federal legislation.	Age (40 years and above), ethnicity, skin color, lineage, country of origin, nationality, faith or belief, marital status, health status, physical or psychological disabilities, gender (which encompasses gender identity, gender expression, pregnancy, childbirth, and associated medical conditions), sexual preference, military affiliation, and genetic data (including family genetic data).	No
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
E. Biometric information.	Genetic, physiological, behavioral, and biological traits, as well as activity patterns utilized to obtain a template or any other form of identifying information, including fingerprints, facial recognition, voice recognition, iris or retinal scans, keystroke dynamics, gait analysis, or other physical characteristics, along with data related to sleep, health, or physical activity.	No
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	No
G. Geolocation data.	Physical location or movements.	No
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No
I. Professional or employment-related information.	Current or past job history or performance evaluations.	No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No

In compliance with CCPA regulations, we provide the following details regarding the disclosure of Personal Information for business purposes:

Over the past twelve (12) months, the Company has shared the following types of Personal Information for business reasons: (A) Identifiers; and (D) Commercial information.

We have shared your Personal Information for business purposes with these categories of third parties: (i) Data aggregators; (ii) Service providers; and (iii) Business partners.

Please be aware that any Personal Information we disclose for business purposes is bound by contractual obligations with the third parties receiving the information, restricting them from using it for any purposes other than fulfilling their obligations under the agreements we have with them.

According to the CCPA requirements, below is information concerning the sale of Personal Information:

In the last twelve (12) months, the Company did not sell Personal Information.

With Whom We Share Data

We do not sell, exchange, or lease our users' Personal Data to third parties. However, we may share your information for specific, limited reasons as detailed below:

We may disclose your Personal Data when necessary to comply with relevant laws or regulations, including our internal policies and agreements.
Your Personal Data may be shared to establish or protect our legal rights, respond to legal claims, or ensure the safety and rights of ourselves, our users, you, or any third parties. This includes cooperating with law enforcement or enforcing our intellectual property and legal rights.
If a corporate transaction occurs, such as a significant sale of our business, a merger, or an asset acquisition, your data may be shared with the involved parties. The rights and responsibilities described in this Privacy Policy will be assumed by our affiliates or the acquiring company.
We may share your Personal Data with trusted partners and service providers, but only as necessary to provide the required services.
Additionally, we may share online identifiers that we collect to support our business operations, process payments, and detect fraud, security risks, or technical issues related to our Product and Software/extension.

Privacy Rights

Privacy regulations vary by jurisdiction and grant different rights concerning your Personal Data. These rights may include access to your Personal Data, the ability to request its deletion, the option to opt-out of data processing, among others.

If you are a resident of the European Economic Area (EEA) or California, the GDPR and CCPA, respectively, afford you the following rights:

The right to be informed: to ensure that your Personal Data is processed fairly and transparently, you have the right to receive details on how we collect and use your data, as outlined in this document.

The right to access data: you have the right to ask us for confirmation of whether we are processing your Personal Data, and under certain conditions, request a copy of the data we are processing.

The right to request deletion of you Personal Data: you have the right to ask us to delete certain Personal Data if specific criteria are met. For example, if the data is no longer necessary for its original purpose and there is no legal reason to continue processing it; if you withdraw your consent (where applicable) or object to the processing and no overriding reasons justify its continuation; if the data was processed unlawfully; or if deletion is required by law. However, this right is not absolute. We may deny your request in certain cases, such as when we must retain the data to fulfill legal obligations or defend against legal claims.

The right to object: you have the right to object to the processing of your Personal Data when it is based on our legitimate interests. However, we may continue processing if our legitimate interests outweigh your rights or if the processing is required to establish, exercise, or defend legal claims or rights.

The right to restrict processing: you may request that we limit the processing of your Personal Data if: the accuracy of the data is in dispute; the processing is unlawful but you prefer restriction over deletion; the data is no longer needed for its original purpose, but is still required to establish, exercise, or defend legal claims; or if there are overriding reasons in the context of a deletion request.

Rectification (in the event you are an EEA resident): you have the right to ask for incorrect or incomplete Personal Data to be corrected or updated.

Portability: you have the right to request the transfer of your Personal Data to a third party, provided that the data was supplied by you, is processed automatically, and is based on a contract or consent.

The Right to Non-Discrimination (in the event you are a California resident): you have the right not to be discriminated against for exercising your rights under applicable laws. Specifically, we cannot deny you goods or services, charge you different prices, or offer you a different level or quality of goods or services for exercising your legal rights.

We offer you the ability to exercise certain options and controls regarding how we handle your Personal Data, based on your relationship with us. If you wish to exercise any of the aforementioned rights, please download the relevant form from http://crystalpdf.com/policy rights and submit it to our privacy team at: [email protected].

If we are unable to fulfill your request for information or to exercise your rights, we will make an effort to explain why and notify you of your options, including the right to file a complaint with a supervisory authority (if you are an EEA resident). We may request reasonable proof of identity before providing such information, in line with applicable laws.

Third Party Services

This Privacy Policy does not apply to third-party services, third-party providers, or the content of third-party websites. The data protection practices and policies of third parties may differ from ours, and we have no control over them. Therefore, we are not responsible or liable for any privacy practices followed by third parties, and we recommend that you carefully review the privacy policy of any third party you engage with.

Children’s Data

Our Product and Software/extension are not intended for or directed toward children, as defined by applicable law, particularly those under the age of 16 (or the equivalent age under relevant legislation). We do not knowingly collect or solicit information from children. If we become aware that we are processing a child’s Personal Data, we will take immediate steps to delete that data.

Security and Retention Policy

Your privacy is a priority for us, and we are dedicated to safeguarding your Personal Data against unauthorized access, use, or disclosure. We have put in place physical, technical, and administrative security measures that align with applicable laws and industry standards.

We will also take appropriate steps to limit the amount of Personal Data stored on our servers. If a data breach occurs and we determine that your Personal Data might be compromised, we will make reasonable efforts to inform you and any relevant authorities, if required by law.

We retain the data we collect for as long as necessary to deliver the Product and Software/extension, fulfill our business purposes, and meet our legal obligations. This includes resolving disputes and enforcing our agreements, in accordance with applicable laws, or until you request the deletion of your Personal Data, as outlined above.

Transfer of Data

We may process or store Personal Data within the European Economic Area (“EEA”), the United States, and other international locations. We will implement suitable measures to ensure that your Personal Data is protected in accordance with applicable data protection laws.

Changes to This Privacy Policy

This Privacy Policy may be revised periodically, as necessary and in compliance with applicable laws. We recommend checking this Privacy Policy occasionally to stay informed about any updates. The latest version will be indicated in the "Updated" section at the beginning. If any significant changes occur, we will make reasonable efforts to notify you, following the requirements set by applicable laws.

Do Not Track Signals

Please be aware that we do not respond to Do Not Track signals. For further information, please visit: http://www.allaboutdnt.com/.

Contact Information.

If you have any inquiries regarding this Privacy Policy, please reach out to us at: [email protected]