Privacy Policy

1. Controller

The controller within the meaning of Art. 4 No. 7 GDPR is:

secPDF

Website: www.secpdf.com

2. Data Protection Officer

We have not appointed a Data Protection Officer as there is no legal obligation to do so.

3. General Information on Data Processing

3.1 Purposes and Legal Bases

We only process personal data to the extent necessary to provide this website, ensure its security, and statistically evaluate usage in aggregated form.

The legal bases are in particular:

• Art. 6(1)(f) GDPR (legitimate interest, e.g. secure and stable operation of the website, IT security, error analysis, optimization)
• Art. 6(1)(c) GDPR (legal obligation, where applicable)

3.2 Recipients / Categories of Recipients

We only share personal data where legally permitted or necessary. Recipients or categories of recipients may include:

• Hosting/infrastructure providers (see "Hosting" section)
• Analytics providers (see "Web Analytics" section)
• Public authorities, where we are legally obligated to do so (Art. 6(1)(c) GDPR)

3.3 Third-Country Transfers

Through the use of Cloudflare (based in the USA) and Umami Cloud, data may be transferred to the USA. Cloudflare is certified under the EU-US Data Privacy Framework. Umami Cloud does not process personal data (cookie-free, no IP storage).

3.4 Data Retention

We do not store any personal data ourselves. Data processed by our infrastructure providers (Cloudflare) is retained according to their respective policies as described in the "Hosting" section below.

3.5 Obligation to Provide Data

When using this website for informational purposes, you are neither legally nor contractually obligated to provide personal data. However, without certain technical data (e.g. IP address), the website cannot be delivered to your device.

4. PDF Files — No Processing by Us

5. Hosting / Server Infrastructure (Cloudflare)

This website is served via Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare acts as a Content Delivery Network (CDN) and DNS provider.

When you access our website, your requests are routed through Cloudflare servers. The following data may be technically processed:

• IP address
• Date and time of access
• Requested page/file (URL)
• Referrer URL, where transmitted by the browser
• Browser type and version (User-Agent)
• Operating system

Purpose: Website delivery, DDoS protection, ensuring stability and security.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and uninterrupted operation).

Retention period: Cloudflare retains access logs for a maximum of 72 hours by default. Aggregated analytics data in the Cloudflare dashboard is retained for up to 30 days.

Third-country transfer: Cloudflare is certified under the EU-US Data Privacy Framework and additionally uses Standard Contractual Clauses (SCCs).

More information: Cloudflare Privacy Policy

6. Web Analytics (Umami Cloud)

For statistical analysis of website usage, we use Umami Cloud, a privacy-friendly analytics service.

• Umami uses no cookies
• No personal data is collected
• No IP addresses are stored
• No user profiles are created
• Analysis is performed exclusively in aggregated form

The only data captured is:

• Pages visited and time spent
• Referrer URL and traffic source
• Browser type and operating system (non-identifying)
• Approximate geographic origin (country level)
• Screen resolution and device type

Purpose: Understanding usage and improving our website.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly, aggregated usage analysis).

Provider: Umami Software, Inc. (cloud service at cloud.umami.is)

More information: Umami Privacy Policy

7. Cookies and Local Storage

We do not use any cookies on this website.

We exclusively use localStorage (a browser-internal storage technology) for the following purposes:

• nuxt-color-mode: Storing your color scheme preference (light/dark mode)
• cookie_preferences: Storing your consent decision
• consent_date: Timestamp of your consent decision

This data remains exclusively in your browser and is never transmitted to us or third parties. You can delete localStorage data at any time through your browser settings.

8. Data Security

We take appropriate technical and organizational measures to protect your data. Our website is transmitted encrypted (TLS). All PDF operations take place exclusively locally in your browser — there is no technical possibility for us to access your files.

9. Your Rights

As a data subject under the GDPR, you have the following rights in particular:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR), where applicable
• Right to object (Art. 21 GDPR), where processing is based on Art. 6(1)(f) GDPR
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

10. No Automated Decision-Making / No Profiling

Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place.

11. Links to Third-Party Websites

If our website contains links to third-party websites, this privacy policy does not apply to their content. The respective provider is responsible for data processing on linked sites.

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services.