GDPR Compliance — PDFMagik

PDFMagik is committed to protecting the privacy and rights of EU/EEA users under the General Data Protection Regulation (GDPR).

1. Overview

The General Data Protection Regulation (GDPR) is a European Union law that gives EU/EEA residents control over their personal data. PDFMagik processes minimal personal data and takes GDPR obligations seriously as a solo‑operated service.

This page supplements our Privacy Policy with GDPR‑specific information.

2. Data Controller

Controller	PDFMagik (sole proprietor)
Email	pdfmagik@gmail.com
Service	pdfmagik.com — online PDF tools
Infrastructure	EU‑hosted VPS (Hostinger)

3. Lawful Basis for Processing

Processing Activity	Lawful Basis
Processing uploaded PDF files	Contract necessity (Art. 6(1)(b))
Security logs & abuse prevention	Legitimate interests (Art. 6(1)(f))
Google Analytics (optional)	Consent (Art. 6(1)(a))
Legal compliance	Legal obligation (Art. 6(1)(c))

4. Your GDPR Rights

As an EU/EEA resident, you have the following rights:

Right of Access (Art. 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

Right to Restriction (Art. 18)

Request that we limit how we process your data in certain circumstances.

Right to Portability (Art. 20)

Receive your data in a structured, machine‑readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests.

Right to Withdraw Consent (Art. 7)

Withdraw analytics consent at any time via our Privacy page.

To exercise any of these rights, email us at pdfmagik@gmail.com. We will respond within 30 days.

5. Data We Process

Data Type	Purpose	Retention
Uploaded PDF/document files	PDF processing service	Auto‑deleted within 5 hours
IP address	Security, rate limiting	Up to 90 days in logs
Browser/device info	Security, compatibility	Up to 90 days in logs
Analytics data (optional)	Service improvement	2 months in Google Analytics
Consent preference	Remember your choice	Until you clear site data

6. Data Retention

Uploaded files & outputs: Auto‑deleted within 5 hours
Server logs: Maximum 90 days
Analytics data: 2 months in Google Analytics
Consent preference: Until you clear browser data

We apply data minimization principles — we only keep data as long as necessary.

7. International Data Transfers

Our primary server is EU‑hosted (Hostinger VPS). Some data may be transferred to Google (Analytics) which operates under Standard Contractual Clauses (SCCs) for EU data transfers.

Primary server: EU‑based (Hostinger)
Google Analytics: Data processed under SCCs with IP anonymization enabled
We do not transfer personal data to any other third parties outside the EEA

8. Data Processors

Processor	Purpose	Safeguard
Hostinger	VPS hosting & infrastructure	EU‑based servers, DPA in place
Google Analytics (GA4)	Aggregate usage analytics (optional)	Consent-gated, SCCs, IP anonymization

9. Complaints & Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority (DPA).

EU residents: Contact your national DPA (list available at edpb.europa.eu)
UK residents: Contact the ICO at ico.org.uk

We encourage you to contact us first at pdfmagik@gmail.com so we can resolve any concerns directly.

10. Contact

For any GDPR‑related requests or questions, contact us at pdfmagik@gmail.com. We aim to respond within 30 days as required by GDPR.