Data Processing Agreement

1. Parties and Scope

This Data Processing Agreement ("Agreement") is entered into between PDF Peak ("Controller" or "we") and users of our services ("Data Subjects" or "you"). This Agreement governs the processing of personal data in connection with the use of PDF Peak's PDF processing tools and services.

• Data Controller: PDF Peak, operated by Mufungo Geeks
• Data Processor: PDF Peak's servers and third-party service providers as outlined in this Agreement
• Effective Date: This Agreement is effective as of September 30, 2025

2. Definitions

For the purposes of this Agreement:

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation or set of operations performed on Personal Data
• "Data Subject" means the individual to whom Personal Data relates
• "Data Controller" determines the purposes and means of processing Personal Data
• "Data Processor" processes Personal Data on behalf of the Data Controller

3. Categories of Personal Data

We may process the following categories of personal data when you use our services:

• Uploaded Content: PDF files and other documents you upload for processing, which may contain personal data
• Usage Data: Information about how you interact with our website and tools (IP address, browser type, access times)
• Communication Data: Information you provide when contacting us (email address, name, message content).Important: We do not collect, store, or sell your email address or any contact information when you use our contact form. Messages are processed only to respond to your inquiry and are not retained after resolution.
• Technical Data: Device information, operating system, and browser settings for service optimization

4. Purposes of Processing

Personal data is processed for the following purposes:

• To provide PDF processing services (merge, split, convert, compress, etc.)
• To ensure the security and proper functioning of our services
• To communicate with you about service updates or issues
• To comply with legal obligations and protect our rights
• To improve our services through aggregated, anonymized analytics

5. Legal Basis for Processing

Our processing of personal data is based on the following legal grounds under GDPR:

• Contractual Necessity: Processing is necessary for the performance of our service agreement with you
• Legitimate Interest: Processing is necessary for our legitimate interests in providing secure, reliable services
• Legal Obligation: Processing is required to comply with applicable laws and regulations
• Consent: Where applicable, processing is based on your explicit consent

6. Data Retention

We implement strict data retention policies:

• Uploaded Files: Automatically deleted immediately after processing completion
• Usage Logs: Retained for up to 30 days for security and troubleshooting purposes
• Communication Records: Retained for the duration necessary to resolve inquiries or issues
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for service improvement

7. Contact Form Privacy

We are committed to protecting your privacy when you contact us:

• No Email Collection: We do not collect, store, or maintain databases of email addresses from our contact forms
• No Information Sales: We never sell, trade, or share your contact information with third parties for marketing purposes
• Limited Processing: Contact form submissions are processed only to respond to your specific inquiry and are deleted immediately after resolution
• Optional Information: Providing contact information is completely voluntary - you can use our tools without ever contacting us
• Secure Transmission: All contact form data is transmitted over encrypted HTTPS connections

8. Data Security Measures

We implement comprehensive technical and organizational measures to protect personal data:

• Encryption: All data transmission uses HTTPS with TLS 1.3 encryption
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Minimization: Only necessary data is collected and processed
• Incident Response: Established procedures for responding to data breaches

9. Data Sharing and International Transfers

We may share personal data in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in delivering our services
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• International Transfers: Data may be transferred to countries with adequate data protection standards or appropriate safeguards

10. Data Subject Rights

Under GDPR and other data protection laws, you have the following rights:

• Right to Access: Request information about the personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restriction: Request limitation of processing in certain situations
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Object: Object to processing based on legitimate interests

11. Changes to This Agreement

We may update this Data Processing Agreement from time to time. Material changes will be communicated to you via email or through our website. Your continued use of our services after such changes constitutes acceptance of the updated Agreement.

12. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of Zimbabwe, without regard to its conflict of law provisions. Any disputes arising from this Agreement shall be resolved through binding arbitration in accordance with the rules of Zimbabwe.