September 28, 2023
Our service can exist only if our customers can be sure that their data is safe. Thus, privacy is of the highest priority for us. We will explain in more detail how CloudConvert handles your data. If you do not agree to our Privacy Policy and the other terms stated below, please do not use our services and let us know about your concerns.
Table of contents |
|
Change to our privacy policy |
We reserve the right to change our Privacy Policy and other terms stated below at any time. If we make changes, we’ll clearly indicate them at the top of this page with the date of modification. September 28, 2023: Added information about our upcoming US-East region. April 4, 2023: We have reworked our privacy policy with our new data protection officer. December 4, 2020: Minor language changes. June 28, 2018: Added information about sharing data with our support ticket system Freshdesk. May 9, 2018: General clarifications and adjustments regarding the GDPR. In particular we added detailed information about your rights and about sharing your data. January 25, 2016: We have completely reworked our privacy policy with more details about third party plugins, our security mechanisms, and handling your personal data in general. |
As a data controller, CloudConvert is bound by the requirements of the General Data Protection Regulation (GDPR).
We collect only the minimum amount of necessary data. We use your data only to provide our service. We do not create profiles or stuff like that.
Scope of the processing |
CloudConvert is a universal app for file conversions. Amongst others, we do offer tools to convert files to other formats, to create website screenshots, to merge files, to create thumbnails and to add watermarks to files. The service is both available as website and REST API for integration in other services. The service can be used both without and with optional registration. By visiting our website and/or using our API, your IP address will be logged, along with the HTTP referrer, the user agent, and the dates of access (log data). In the course of providing the service, your selected files are transferred to and temporarily stored on CloudConvert’s servers. If you decide to create a CloudConvert account, we collect your email address, your chosen username, and your profile photo. If you use our contact form, we collect your email address and your name. If you decide to buy a package or subscribe, we need to additionally collect your full name, physical address, company name, and VAT ID. The data is always transmitted via an SSL secured channel. |
Purpose of the processing |
The purpose of processing of your uploaded files is solely to provide our services such as converting the files to other formats. We do not read, look into, or mine any data from your files, and we do not make any copies of them. All file processing is done by machine; there is no human interaction with your files. To improve our service and for statistical purposes we collect only the number of converted files, the number of errors, and the total file size of all your conversions. We log your IP address to prevent abuse of our service and for broad demographic analysis. We do not link this information to any personally identifiable information. If you provide an email address, we use it to send you information about your account and marketing information. You can control how we use your email address in your notification settings. If you buy a package or subscribe to our services, your name, company, and address will be used to create your invoice and to prevent fraud. Your VAT ID may be used to see if you are exempt from paying VAT. |
Legal basis for the processing |
Processing of personal data is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures according to Art. 6 (1) (b) GDPR. |
Data deletion and storage period |
Your files are deleted immediately and irreversible from our servers when using the delete button. This will happen automatically at the latest after 24 hours. If you delete your account, all your personal data will be permanently deleted within 72 hours. All log data (IP address, user agent, referrer) is deleted after 180 days. The personal data collected for the paid service will be deleted in accordance with Art. 6 (1) (c) GDPR after expiry of the tax and commercial law retention and documentation obligations (based on German litigation, namely Commercial, Criminal and/or Tax Code). |
Possibility of objection and removal |
You can modify the data on your dashboard and you can delete your account at any time. When you delete your account, all associated data is permanently deleted within 72 hours. Deleting your account also deletes all data stored at payment provider Stripe and ticket system Freshdesk (if there is any). Alternatively, you can contact us and we will modify or delete your data and/or delete your account for you. Please note that your uploaded files are automatically deleted after 24 hours at the latest. You can manually delete files from our servers when you click the "×" button (on the right beside the download button). |
You can modify or delete your data at any time.
When you access our service, we do keep basic log files for 180 days.
We need them to provide our services. We do use technically necessary cookies only.
When you contact us via email, we use your personal data exclusively for processing the conversation.
Description and scope of data processing |
Within our platform, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored. The following data is transmitted to us:
By contacting us via e-mail, the data processed is transferred to the service provider: Freshworks Inc., 2950 S. Delaware Street, Suite 201. San Mateo, California, USA (hereinafter referred to as: Freshdesk). The data is transferred to Freshworks servers in the USA. Part of the order processing contract with Freshworks are so-called EU standard contractual clauses ((Art. 46 (2) (c) GDPR)). These are to be classified as a safeguard for the protection of the transfer and processing of personal data outside the EU. For more information, please visit: https://www.freshworks.com/data-processing-addendum/ Freshdesk is a web-based customer relationship management (CRM) platform and ticket management solution that enables us to plan and monitor our customer support activities. Further information on the collection and storage of data by Freshworks can be found here: https://www.freshworks.com/privacy/ and https://www.freshworks.com/gdpr/company/ The data is used exclusively for processing the conversation. |
Purpose of the processing |
In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. |
Legal basis for the processing |
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. |
Duration of storage |
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted at the latest after the end of the contractual relationship or the end of the general use of the platform. |
Possibility of objection and removal |
You can modify the data on your dashboard and you can delete your account at any time, as well as revoke your consent to the processing of your personal data at any time. Deleting your account will also delete all data stored in our ticket system (if any). Alternatively, you can contact us and we will amend or delete your data and/or delete your account for you. If you contact us by email or contact our company admin, you can object to the storage of your personal data at info@cloudconvert.com. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case. |
When you use the contact form, we use your personal data exclusively for processing the conversation.
Description and scope of data processing |
A contact form is available on our platform, which can be used for electronic contact. If a user uses this option, the data entered in the input mask is transmitted to us and stored.
In connection with the data processing through the contact forms, the data is transferred to the following service provider: Freshworks Inc., 2950 S. Delaware Street, Suite 201. San Mateo, California, USA (hereinafter referred to as: Freshdesk). The data is transferred to Freshworks servers in the USA. Part of the order processing contract with Freshworks are so-called EU standard contractual clauses ((Art. 46 (2) (c) GDPR)). These are to be classified as a safeguard for the protection of the transfer and processing of personal data outside the EU. For more information, please visit: https://www.freshworks.com/data-processing-addendum/ Freshdesk is a web-based customer relationship management (CRM) platform and ticket management solution that enables us to plan and monitor our customer support activities. Further information on the collection and storage of data by Freshworks can be found here: https://www.freshworks.com/privacy/ and https://www.freshworks.com/gdpr/company/ The data is used exclusively for processing the conversation. |
Purpose of the processing |
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. |
Legal basis for the processing |
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. Our legitimate interest results from the purpose of the data processing. If the e-mail contact is aimed at the conclusion or implementation of a contractual relationship, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. |
Duration of storage |
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the submission process will be deleted at the latest after the end of the contractual relationship or the end of the general use of the platform. |
Possibility of objection and removal |
You can modify the data on your dashboard and you can delete your account at any time, as well as revoke your consent to the processing of your personal data at any time. Deleting your account will also delete all data stored in our ticket system (if any). Alternatively, you can contact us and we will amend or delete your data and/or delete your account for you. In such a case, the conversation cannot be continued. |
We use social networks which are based outside the EU.
Use of social networks |
We use different networks for our company websites. When using some networks, personal data may be transferred to servers in the USA. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by the networks listed below is carried out on the basis of appropriate guarantees pursuant to Art. 46 et. seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR. |
|
|
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland On our company website, we provide information and offer Twitter users the opportunity to communicate. If you carry out an action on our Twitter company website (e.g. comments, posts, likes, etc.), it may be that you make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by Twitter, the company jointly responsible for the Lunaweb GmbH company website, we cannot make any binding statements about the purpose and scope of the processing of your data. Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence to present the company and its services. In this context, publications about the company's appearance may contain the following contents:
Every user is free to publish personal data through activities. The legal basis for data processing is Art. 6 (1) (a) GDPR. The data generated by the company website is not stored in our own systems. You can object at any time to the processing of your personal data that we collect in the context of your use of our Twitter corporate presence and assert your data subject rights as stated under IV. of this privacy policy. To do so, send us an informal email to info@cloudconvert.com. You can find more information about the processing of your personal data by Twitter and the corresponding objection options here: For more information, please visit: https://twitter.com/de/privacy |
We use various cloud providers which are geographically hosted in Germany. If you are using our service from the US, we are using cloud providers geographically hosted in the US.
We use geotargeting to provide services for your location.
If you register, we collect some data about you. This data will not be passed on to third parties.
Description and scope of data processing |
On our platform, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. Registration allows the user to use the extended service functionality and access the previously converted files. The data will not be passed on to third parties. The following data is collected as part of the registration process:
You can also register/create a customer account via your Facebook, Google or Twitter account. In this case, you do not have to enter your data manually and we receive your data (Pseudonym, e-mail address, profile picture ) from Facebook, Google or Twitter, which we need to create a customer account for you. The personal data transmitted to us in this way will be used to the extent and for the purposes specified in your account settings on Facebook or in your Google or Twitter account. As part of the registration process, the user's consent to the processing of this data is obtained. |
Purpose of the processing |
Registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. To use the extended services of CloudConvert, it is necessary to register to clearly distinguish the user and allocate the desired resources. |
Legal basis for the processing |
The legal basis for the processing serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures. Therefore, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR. |
Duration of storage |
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. If you delete your account all data associated with your account will be deleted automatically after 72 hours. |
Possibility of objection and removal |
You can modify the data on your dashboard and you can delete your account at any time. Alternatively, you can contact us and we will amend or delete your data and/or delete your account for you. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. |
If you buy or subscribe, we collect some data more about you. We use it to process payments with our payment provider Stripe.
Description and scope of data processing |
We offer our customers various payment options for processing costs incurred through the provision of our service. For this purpose, we forward customers to the platform of the corresponding payment service provider, depending on the payment option. After completion of the payment process, we receive the payment data of the customers from the payment service providers or our house bank and process them in our systems for the purpose of invoicing and accounting. |
Payment by credit card |
It is possible to complete the payment process by credit card. If you have selected payment by credit card, payment data will be passed on to payment service providers for payment processing. All payment service providers comply with the specifications of the "Payment Card Industry (PCI) Data Security Standards" and have been certified by an independent PCI Qualified Security Assessor. Within the framework of payment by credit card, the following data are regularly transmitted:
Payment data is passed on to the following payment service providers:
Further information on the data protection guidelines as well as revocation and removal options vis-à-vis the payment service providers can be found here: https://stripe.com/en-gb-de/privacy |
Payment by SEPA direct debit mandate |
Your data will be processed for the purpose of carrying out the SEPA direct debit procedure for the settlement of costs incurred through the use of our services. The personal data that Lunaweb GmbH collects from you for the above-mentioned purpose results from the "SEPA direct debit mandate". As soon as we have received the SEPA direct debit mandate signed by you, the data provided by you therein will be stored for the debiting of costs incurred. The data will be transferred to the participating banking institutions ( Stripe Inc., house bank of Lunaweb GmbH and the banking institution specified by you) within the framework of the direct debit procedure. |
Purpose of the data processing |
The transmission of payment data to payment service providers serves to process the payment, e.g. when you purchase a product and/or use a service, as well as to carry out direct debit procedures. |
Legal basis for the data processing |
The legal basis for the data processing is Art. 6 (1) (b) GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract. |
Duration of the storage |
All payment data as well as data on possible chargebacks will only be stored for as long as they are needed for payment processing and possible processing of chargebacks and debt collection as well as for combating misuse. Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse. Your personal data will be deleted upon expiry of the statutory retention obligations, i.e., after 10 years at the latest. |
Possibility of objection and removal |
You can revoke your consent to the processing of your payment data at any time by deleting your account, notifying the responsible party or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and as long as this is necessary for the contractual processing of payments. |
We use a CDN to offer faster service response times.
Description and scope of data processing |
We use functions of the content delivery network Amazon CloudFront CDN of Amazon Web Services EMEA SARL, Marcel-Breuer-Str. 12, 80807 München, Germany (hereinafter: Amazon Cloud CDN) on our platform. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet that is used to deliver content - especially large media files such as videos. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by Amazon is carried out on the basis of appropriate guarantees pursuant to Art. 46 ff GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR. Amazon Cloud CDN provides web optimisation and security services that we use to improve the loading times of our website and to protect it from misuse. When you visit our website, a connection to Amazon Cloud CDN's servers is established, e.g. to retrieve content. Personal data may be stored and analysed in server log files, especially the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system). Further information on the collection and storage of data by Amazon Cloud CDN can be found here: https://aws.amazon.com/privacy |
Purpose of the processing |
The use of Amazon Cloud CDN features is for the delivery and acceleration of online applications and content. |
Legal basis for the processing |
The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected. |
Duration of storage |
Your personal information will be retained for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law. All log data (IP address, user agent, referrer) is deleted after 180 days. |
Possibility of objection and removal |
Information on objection and removal options vis-à-vis Amazon Cloud CDN can be found at: https://aws.amazon.com/privacy |
We collect telemetry data in our platform for monitoring and troubleshooting.
Description and scope of data processing |
We collect telemetry data in our platform. We do this with the following service providers: Amazon Web Services EMEA SARL, Marcel-Breuer-Str. 12, 80807 München, Germany The following personal data are processed in the course of telemetry data processing:
|
Purpose of the processing |
The data will be processed for the following purposes:
|
Legal basis for the processing |
The collection of this data is based on Art. 6 (1) (f) GDPR. The platform operator has a legitimate interest in the technically error-free presentation and optimisation of its platform - for this purpose, the server log files must be collected. |
Duration of storage |
Your personal information will be retained for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law. In the case of storage of telemetry data in log files, this is the case after 180 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible. |
Possibility of objection and removal |
If you delete your account all telemetry data associated with your account will be deleted automatically after 72 hours. Alternatively, you can contact us and we will delete your data and/or delete your account for you. |