English

GDPR Notice

Last Updated: 6th February 2025

1. Introduction

The General Data Protection Regulation (GDPR), effective since 25th May 2018, governs how businesses collect, process, and protect personal data from individuals in the European Union (EU). As an Australian business with no European entity, Aspose nonetheless prioritizes the protection of user and customer data globally. We are committed to GDPR compliance and safeguarding personal data regardless of our customers’ or users’ locations.

This document outlines Aspose’s roles and responsibilities under the GDPR, the measures we have implemented to ensure compliance, and the steps we take to protect personal data.

2. Aspose as a Data Processor

While using Aspose’s services, customers may upload files for processing via our Cloud API platforms or share files with our Support Team for debugging or troubleshooting purposes. These files may contain personal data, making Aspose a data processor under GDPR.

2.1 Responsibilities

  • Aspose’s customers, the uploaders of this data, are the data controllers for this personal data (“Client Data”).
  • Aspose processes “Client Data” strictly in accordance with the customer’s instructions as the data controller.
  • Our Terms of Use, Privacy Policy and Data Processing Addendum, serve as the data processing contract, as required by Article 28 of the GDPR, outlining our roles, responsibilities, and commitments as a processor. They set out the instructions you are giving to Aspose in regards to processing personal data you control and establishing the rights and responsibilities of both parties. Aspose will only process your Client Data based on your instructions as the data controller.
  • We ensure confidentiality and process personal data solely for the purposes specified by our customers

2.2 Data Transfers

Data uploaded to Aspose may be transferred outside the European Economic Area (EEA), including to our Australian headquarters or technical infrastructure based in the United States. Aspose:

  • Relies on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure lawful data transfers outside the EEA.
  • The Trans-Atlantic Data Privacy Framework (TADPF), where applicable, to facilitate lawful data transfers between the EU and the U.S., ensuring equivalent data protection measures.
  • Evaluates the data protection laws in the destination country and implements supplementary measures where necessary to enhance data security.
  • Maintains an up-to-date list of sub-processors in our Terms of Use, detailing the nature and purpose of such transfers.
  • Where we do engage with sub-processors we do so in a considered fashion considering the legalities of the transfer at each step.

For further information, contact dpo@aspose.com

3. Aspose as a Data Controller

Aspose acts as a data controller for personal data collected about our users and customers. This includes:

  • Data collected during the use of our web applications, cloud APIs and website.
  • Information necessary for fulfilling purchases or contracts.
  • Data processed for legal or legitimate business interests.

3.1 Basis for Processing

Aspose processes personal data under the following legal bases:

  • Contractual Obligations: Data required to fulfill contracts with customers.
  • Legal Obligations: Compliance with legal and financial requirements (e.g., tax and accounting records).
  • Legitimate Interests: Activities such as improving our products, ensuring system security, and responsible marketing efforts.

3.2 Legitimate Interests

Legitimate interests include:

  • Improving and securing products and services.
  • Conducting responsible marketing.
  • Supporting contractual agreements with our customers.

Aspose respects the rights of individuals and ensures transparency in all processing activities. For inquiries or concerns, contact our Data Protection Officer at dpo@aspose.com

4. Measures for GDPR Compliance

4.1 Internal Processes and Security

  • Data Mapping: Aspose audits and maps data flows to ensure visibility and compliance.
  • Privacy by Design: New features and systems are developed with GDPR principles integrated into the design.
  • Access Controls: Access to personal data is restricted to authorized personnel only, following the principle of least privilege.

4.2 Third-Party Management

  • Sub-processors are onboarded through a rigorous evaluation process focusing on security and compliance.
  • Regular audits and monitoring ensure ongoing adherence to GDPR requirements.

5. Subject Access Requests

Aspose recognizes the importance of data subject rights and has implemented processes to address:

  • Access: Individuals can request copies of their personal data.
  • Correction: Individuals can request updates to inaccurate or incomplete data.
  • Erasure: Upon request, data will be deleted where permitted by law.
  • Data Portability: Individuals can request their data in a structured, commonly used format.

For assistance, customers can contact our support team in our forums or email our Data Protection Officer at dpo@aspose.com

6. Training and Awareness

Aspose ensures all employees understand GDPR obligations through:

  • Comprehensive training during onboarding.
  • Regular refresher sessions to reinforce knowledge of data protection principles.
  • Clear internal policies on handling and processing personal data.

7. Continuous Improvement

Aspose remains committed to:

  • Policy Updates: Regularly reviewing and updating our Terms of Use, Privacy Policy, Data Processing Addendum and internal processes to reflect changes in regulations and best practices.
  • Monitoring and Auditing: Conducting regular compliance audits to identify and address gaps.
  • Transparency: Ensuring customers are kept aware of any significant updates or changes to data processing practices by transparently publishing this information on our website.