GDPR Compliance
Last updated: March 04, 2025
Introduction to GDPR
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside these areas.
At ConvertHub, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection.
How ConvertHub Complies with GDPR
We have detailed below how ConvertHub complies with the principles of GDPR:
1. Lawfulness, Fairness, and Transparency
- We process data lawfully, fairly and in a transparent manner in relation to individuals.
- Our Privacy Policy and Terms of Service clearly inform users about how we process personal data.
- We provide clear information about our data practices at the point of data collection.
2. Purpose Limitation
- We collect personal data only for specified, explicit, and legitimate purposes.
- We do not process personal data in a manner that is incompatible with those purposes.
- For file conversion services, we use data solely for providing the service requested.
3. Data Minimization
- We collect only data that is necessary and relevant for the purpose of our file conversion service.
- We do not require unnecessary personal information to use our services.
- Users can use our basic conversion services with minimal personal data.
4. Accuracy
- We maintain accurate personal data and take reasonable steps to ensure that inaccurate personal data is rectified or deleted.
- Registered users can update their account information at any time.
5. Storage Limitation
File Storage Periods:
- Free users: Converted files are automatically deleted after 24 hours.
- Paid users: Files are stored until manually deleted or account termination.
- Upon account deletion, all associated files are permanently removed within 7 days.
6. Integrity and Confidentiality (Security)
- We implement appropriate technical and organizational measures to ensure the security of personal data, including encryption, secure storage, and controlled access.
- We use CloudFlare R2 for secure file storage with encryption at rest and in transit.
- Access to personal data is limited to authorized personnel only.
- We conduct regular security assessments and updates.
Your Rights Under GDPR
As a data subject in the EU, you have the following rights under GDPR:
Right to Access
You have the right to request a copy of the personal information we hold about you.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data, under certain conditions.
How to Exercise Your Rights
To exercise any of your rights under GDPR, please submit a request to our Data Protection Officer:
Email: [email protected]
We will respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Legal Basis for Processing Personal Data
We process personal data under the following legal bases:
- Performance of a Contract: Processing necessary for the performance of a contract with you (e.g., to provide file conversion services you've requested).
- Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms (e.g., improving our services).
- Consent: Where you have given consent for specific processing activities.
- Legal Obligation: Processing necessary for compliance with a legal obligation.
International Data Transfers
We store your data on servers located within the European Economic Area (EEA). In cases where we need to transfer data outside the EEA (for example, if we use service providers with servers outside the EEA), we ensure appropriate safeguards are in place, such as:
- Using service providers certified under approved frameworks like EU-US Data Privacy Framework or Standard Contractual Clauses.
- Implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Data Protection Officer
We have appointed a Data Protection Officer (support) responsible for overseeing questions in relation to this GDPR Compliance notice and our privacy practices. For data protection matters or GDPR-related requests, please contact our support:
Email: [email protected]
Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority if you believe that we have not complied with applicable data protection laws. We would, however, appreciate the chance to address your concerns before you approach the authority, so please contact us in the first instance.
Changes to Our GDPR Compliance Notice
We may update this GDPR Compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this notice periodically to stay informed about our data protection practices.