Privacy Policy of privatepdfjoiner.com

Effective date: 10 May 2025

1. Who We Are

Private PDF Joiner (“Site”, “Service”, “we”, “us”) is an online tool that lets you add password protection to your PDF files directly in your browser.

• Data Controller: Private PDF Joiner
• Contact e-mail: [email protected]
• Place of business: Helsinki, Finland

2. What Data We Collect and Why

We do not collect names, e-mail addresses, payment details, or marketing profiles.

3. How We Process Your Files

1. Your PDFs are transmitted to our server over an HTTPS connection.
2. The server applies standard PDF encryption with the password you provide.
3. The protected file becomes available for you to download.
4. Both the original and protected files are permanently deleted from temporary storage within one hour (usually seconds).

No human reviews your file, and we do not keep a copy.

4. Sharing and Disclosure

We never sell or rent any personal data. We disclose information only:

• To our infrastructure providers (secure European data-centre hosting and CDN) strictly to run the Service.
• When required by law (e.g., lawful court order).

All subprocessors are bound by written data-processing agreements that meet GDPR Art 28 requirements and keep any data inside the European Economic Area (EEA) unless adequate safeguards (e.g., SCCs) are in place.

5. International Transfers

Our primary servers are located in the EU. If we must transfer data outside the EEA, we rely on:

• Adequacy decisions of the European Commission, or
• Standard Contractual Clauses (SCCs) pursuant to Art 46 GDPR, plus supplementary measures where needed.

6. Security Measures

• TLS 1.2+ (HTTPS) for all connections
• Firewalls, access-control lists, and continuous monitoring
• Automated deletion of files and minimal log retention

Despite best efforts, no transmission or storage can be guaranteed 100 % secure.

7. Your Rights Under GDPR

You may exercise the following rights (subject to verification):

• Access – obtain confirmation and a copy of any personal data we hold about you.
• Rectification – correct inaccurate or incomplete data (limited, as we hold very little).
• Erasure (“right to be forgotten”) – request deletion of your personal data.
• Restriction – ask us to limit processing in certain cases.
• Portability – receive data you provided to us in a structured, machine-readable format.
• Objection – object to processing based on legitimate interest.
• Withdraw consent – where processing is based on consent (we currently rely on contract or legitimate interest, not consent).

To make a request, e-mail [email protected]. We respond within one month (Art 12 GDPR).

8. Children’s Privacy

The Service is not directed to children under 16. If you are under 16 (or the digital-consent age in your country), you may only use the Service with parental or guardian permission.

9. Changes to This Policy

We may update this Privacy Policy to reflect service, legal, or regulatory changes. Material changes will be posted on this page and (where feasible) announced 14 days before taking effect. The “Effective date” above shows the latest revision.

10. Complaints

If you believe we have infringed your data-protection rights, please contact us first. You also have the right to lodge a complaint with the Finnish supervisory authority:

Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki, Finland
Tel: +358 29 56 66700
E-mail: [email protected]
Website: https://tietosuoja.fi

11. Contact

Questions about privacy?

E-mail: [email protected]

Last updated: 17 May 2025