1. Introduction

At Filesbuddy we are committed to protecting your privacy and ensuring the security of your personal information and documents. This Privacy Policy explains how we collect, use, disclose and protect your information when you use our PDF tools and services. This policy is prepared in accordance with the General Data Protection Regulation (GDPR) and Dutch privacy law.

2. Data Controller

MMR Solutions B.V. is the data controller for the processing of your personal data. For questions about this privacy policy or the processing of your data, you can contact us via our contact page or by email.

3. Information We Collect

We collect different types of information when you use our services:

Account information: name, email address, password (hashed) and preference settings.
Usage information: log files, IP address, browser type, device information and visited pages.
Files: the documents you upload for processing and the generated results.
Payment information: transaction history and invoice details (we do not store full credit card details).
Communications: messages you send to us via email or contact forms.
Third-party information: data from social media if you log in via an external platform.

4. Legal Basis for Data Processing

We process your personal data on the basis of the following legal bases pursuant to the GDPR:

Performance of the contract: to provide our services to you.
Legal obligation: to comply with tax and administrative laws.
Legitimate interest: to improve, secure, and prevent fraud in our services.
Consent: for sending newsletters or placing tracking cookies (you can withdraw this at any time).

5. File Processing and Storage

Your uploaded files are handled with the utmost care according to strict security protocols:

Files are transmitted encrypted (TLS/SSL) and stored encrypted (AES-256).
We do not read, scan, or manually analyze the contents of your files unless strictly necessary for technical troubleshooting.
You retain full ownership and copyright of your files at all times.
Processing takes place on secure servers within the EU.

6. Purposes of data processing

We use your personal data for the following purposes:

To provide and maintain our PDF tools and services.
To manage your account and process invoices.
To communicate about updates, security notifications, and system maintenance.
To detect and prevent fraud, abuse, and security incidents.
To analyze the performance of our website and improve the user experience.
To comply with legal obligations.

7. Retention periods

We retain your personal data only as long as necessary for the purposes for which it was collected:

Account data: as long as your account is active.
Files: temporarily for the duration of processing, then automatically deleted (maximum 24 hours).
Invoice data: 7 years, as required by the Dutch Tax Authority (Belastingdienst).
Logs and analytics: up to 12 months in anonymized form.
Backups: may be retained for up to 30 days in our disaster recovery systems.

8. Data security

We implement comprehensive technical and organizational measures to protect your data:

Use of strong encryption for data in transit and at rest.
Regular security audits and penetration testing.
Access control based on the 'need-to-know' principle.
Use of secure data centers with physical access controls.
Continuous monitoring of our infrastructure for suspicious activity.

9. Sharing data with third parties

We only share your personal data in the following cases:

With service providers who help us deliver the service (e.g., hosting, payment processing (Stripe), email delivery).
To comply with legal obligations or court orders.
To protect our rights, property, or safety.
In the event of a merger, acquisition, or sale of assets.

We never sell your personal data to third parties for marketing or other commercial purposes.

10. International data transfers

Your personal data is primarily processed and stored within the European Economic Area (EEA). In cases where we need to transfer data to countries outside the EEA, we ensure appropriate safeguards:

The country has an adequacy decision from the European Commission.
We enter into standard contractual clauses (SCCs) with the receiving party.
Additional security measures have been implemented to ensure the protection of your data.

11. Cookies and tracking technologies

We use cookies and similar tracking technologies for the following purposes:

Essential cookies: necessary for the operation of the website (e.g., logging in).
Functional cookies: to remember your preferences (e.g., language setting).
Analytical cookies: to measure and improve website usage.
Marketing cookies: to show relevant advertisements (only with your consent).

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our services.

12. Your rights under the GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of access: you can request a copy of the personal data we hold about you.
Right to rectification: you can have incorrect data corrected.
Right to erasure ('right to be forgotten'): you can request the deletion of your data.
Right to restriction: you can request limited processing of your data.
Right to data portability: you can request your data in a structured format.
Right to object: you can object to processing based on legitimate interest.

To exercise your rights, you can contact us via our contact page. We will respond to your request within 30 days. In some cases, we may ask you to verify your identity before we can process your request.

13. Data of minors

Our services are not intended for persons under 16 years of age. We do not knowingly collect personal data of children under 16 without parental or guardian consent. If we discover that we have accidentally collected data from a child under 16 without consent, we will delete that data immediately.

14. Automated decision-making and profiling

We do not use automated decision-making or profiling that has significant effects on you without your explicit consent. Any automated processes we do use (such as fraud detection) are intended to improve and secure our services, and do not have significant effects on your rights or freedoms.

15. Data breaches

In the unlikely event of a data breach in which your personal data may have been compromised, we will:

Notify the competent supervisory authority (Dutch Data Protection Authority) within 72 hours, unless the breach is unlikely to pose a risk.
Inform you immediately if there is a high risk to your rights and freedoms.
Take immediate action to contain the breach and mitigate the damage.
Carry out a full investigation into the cause and take measures to prevent recurrence.

16. Supervisory authority

If you are not satisfied with how we process your personal data, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP), the Dutch supervisory authority for data protection. You can contact the AP via their website (autoriteitpersoonsgegevens.nl) or by phone.

17. Changes to this privacy policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of any material changes by:

Send an email to registered users.
Post a clear notice on our homepage.
Update the 'Last updated' date.

We recommend that you review this Privacy Policy regularly to stay informed about how we protect your data.

18. Contact and questions

If you have questions about this Privacy Policy, your rights under the GDPR, or if you wish to submit a request to exercise your rights, you can contact us:

By email: [email protected]
Via our contact form on the website.
By post: MMR Solutions B.V., Prins Hendrikkade 21 E, 1012TL, Amsterdam, Netherlands.

We aim to respond to all requests and inquiries within 30 days.