pdfFiller’s GDPR Compliance
Our commitment to you and the protection of your data
pdfFiller’s Commitment to Data Protection:
On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect within the European
Union. This data privacy law regulates how businesses collect, process, and use personal data as well
as gives individuals greater control over their personal data. pdfFiller considers the privacy of its
user’s data a top priority. Learn what our team has done to comply with GDPR laws.

pdfFiller’s GDPR Compliance
To comply with GDPR principles, the company has to apply a set of legal, organizational, and technical
measures. pdfFiller applies the recognized industry standards to ensure GDPR compliance.
Legal Measures
EU-U.S Data Privacy Framework Program
pdfFiller participates in EU-U.S Data Privacy Framework program to ensure a secure and compliant
international transfers of personal data.
Transparency
pdfFiller maintains a customer-facing Privacy Notice that provides information about processing
customer’s personal data. It is available at https://www.pdffiller.com/en/privacy-notice and provides all details related to the purposes and details of personal data processing.
Data transfers
As part of our Privacy Notice, we’ve incorporated a data processing addendum for customers where
we serve as a processor of personal data. It is based on the recommendations from the European
Commission and applies to international data transfers covered by GDPR.
Accountability
The company has a designated Data Privacy team that handles all privacy-related matters. pdfFiller
systems and processes are subject to regular monitoring and audits. pdfFiller also maintains internal
policies and procedures that document the company’s efforts in achieving GDPR compliance.
Data Subject Rights
Every pdfFiller customer can exercise its rights under GDPR by using the Privacy Request Portal
provided in the Privacy Notice. airSlate Data Privacy team processes and fulfills all requests
according to GDPR requirements.
Technical Measures
Data encryption
Customer documents and information therein are encrypted in transit and at rest and accessible
only by the customer. We also encrypt critical system databases. All of pdfFiller’s systems limit
any personal information therein and ensure sensitive data is encrypted.
Vendor compliance
pdfFiller maintains a vendor assessment process to ensure the safety and credibility of the
engaged service providers. Our vendor agreement obliges vendors to apply the measures necessary
to maintain compliance with GDPR requirements.
Deletion of personal data
pdfFiller allows users to request deletion of personal data and means to notify customers
of requests from their users.
Security and privacy compliance
pdfFiller complies with major security standards and regulations such as PCI DSS, HIPAA, SOC 2,
and the U.S. ESIGN Act. These standards help us manage customer data, preserving security and
confidentiality as required under GDPR.
Data breaches
pdfFiller maintains a security incident plan to address potential security or data breaches. For
each potential breach incident, the company assigns a qualified response team and conducts a
comprehensive risk assessment to determine the severity and potential impact of the breach.
Organizational Measures
Employee training
pdfFiller staff are obligated to maintain the confidentiality and security of customer data.
We’ve updated our training policies to reinforce our security and privacy policies.
Device safety
pdfFIller applies best practices, including NIST SP 800-88 and OCR Guidance recommendations,
to ensure the safety and security of its devices and hardware. We maintain Safe Password procedures
to ensure password safety across the organization.
Monitoring
pdfFiller monitors the operation of applied safeguards on an ongoing basis. We are committed
to completing an annual risk assessment to ensure we diligently address any potential risks and
update ourselves to the applicable best practices.
Simply send, manage and track your documents with pdfFiller
