Data Rights Requests Effective Date: 16 March 2026 Last Updated: 16 March 2026 Service: AiEasyPDF.com Company: Dantium Technologies Limited (Company No. 09439021) Registered Office: 34 Birch Road, Wolverhampton, UK, WV11 2HA Overview This page describes how you can exercise your privacy and data protection rights when using AiEasyPDF. We are committed to facilitating the exercise of your legal rights under applicable data protection law. The rights available to you depend on your jurisdiction and the applicable data protection regime (UK GDPR, EU GDPR, or US state privacy laws). 1. Your Rights United Kingdom (UK GDPR) Under the UK General Data Protection Regulation (UK GDPR), as enforced by the Information Commissioner's Office (ICO), you have the following rights: Right of Access (Article 15): You may request a copy of the personal data we hold about you. Right to Rectification (Article 16): You may request correction of inaccurate personal data or completion of incomplete data. Right to Erasure (Article 17): You may request deletion of your personal data in certain circumstances (also known as the right to be forgotten). Right to Restriction of Processing (Article 18): You may request that we limit how we process your data in certain situations. Right to Data Portability (Article 20): You may request your personal data in a structured, commonly used, machine-readable format, or transfer of that data to another controller. Right to Object (Article 21): You may object to processing based on legitimate interests or public task. Authority: Information Commissioner's Office (ICO) Website: https://ico.org.uk/ Complaint Form: https://ico.org.uk/make-a-complaint/ European Union and European Economic Area (EU GDPR) If you are located in the EU or EEA, you have the same rights under the EU General Data Protection Regulation (EU GDPR), enforced by your local supervisory authority: Right of Access (Article 15): Obtain confirmation as to whether personal data concerning you is processed, and access to that data. Right to Rectification (Article 16): Request correction of inaccurate data or completion of incomplete data. Right to Erasure (Article 17): Request deletion of your data where specific conditions are met. Right to Restriction of Processing (Article 18): Request restriction of processing in specific situations. Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format. Right to Object (Article 21): Object to processing based on legitimate interests or public task. Authority List: https://edpb.europa.eu/about-edpb/about-edpb/members_en United States (State Privacy Laws) If you are a resident of a US state with comprehensive privacy legislation, you may have the following rights (scope varies by state): Right to Know or Access: Request disclosure of the categories and specific pieces of personal data collected. Right to Delete: Request deletion of personal data, subject to certain exceptions. Right to Correct: Request correction of inaccurate personal data. Right to Portability: Request a copy of personal data in a portable, readily usable format. Right to Opt Out: Opt out of sale, sharing, or targeted advertising where applicable. Right to Non-Discrimination: Not be discriminated against for exercising privacy rights. California (CCPA and CPRA) California residents have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Response deadline: 45 days, with possible 45-day extension for complex requests. California Privacy Protection Agency (CPPA): https://cppa.ca.gov/ California Attorney General: https://oag.ca.gov/privacy/ccpa Other US States As of 2025, over 20 states have comprehensive privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and others. Most require a 45-day response (some allow 60 to 90 days). 2. How to Submit a Request To exercise any of the rights described above, please contact us: Email: privacy@aieasypdf.com Alternative: support@aieasypdf.com Subject Line: Data Rights Request When submitting a request, please include: 1) Your registered email address (the email associated with your AiEasyPDF account) 2) The specific rights you wish to exercise (access, deletion, correction, portability, objection, or restriction) 3) Any additional context that may help us locate your data (for example, approximate registration date or account ID if known) 4) For deletion requests, your reason (optional but may help us process your request) We aim to acknowledge receipt of your request within 5 business days. 3. Identity Verification To protect your account and ensure your data is not disclosed to unauthorized parties, we may request verification of your identity before processing your request. This is a standard security measure to prevent unauthorized access. Verification may involve: - Confirming your account email address - Responding to a verification email - Providing additional account details If we cannot verify your identity to a reasonable degree of certainty, we may need to decline or limit your request. 4. Response Timeline We are committed to responding to your request within the legally required timeframe. UK (ICO): 1 month, extendable up to 2 months for complex requests. EU and EEA: 1 month, extendable up to 2 months for complex requests. California (CCPA and CPRA): 45 days, with an additional 45 days for complex or high-volume requests. Other US States: 45 days in most states, with variation by jurisdiction. If we cannot fulfill your request in whole or in part, we will explain the legal basis for our decision, in accordance with applicable law. 5. Scope and Limitations Your rights are subject to certain statutory limitations and exceptions. We may need to retain or restrict processing of your data where: - Legal obligations require retention (for example tax or accounting records) - Data is needed for establishing, exercising, or defending legal claims - Data is necessary for security, fraud prevention, or abuse detection - Retention is necessary for freedom of expression - Processing is necessary for a task in the public interest - Data is necessary to perform a contract with you If we cannot fulfill your request due to a legal exception, we will explain the specific basis for our refusal. 6. Controller and Processor Requests When we are the data controller: For account data, billing, authentication, and general service operations, we act as the data controller and handle your rights requests directly. When we are the data processor: If you use AiEasyPDF through an enterprise or business customer who has signed a Data Processing Agreement (DPA), we may process your data solely on their instructions as a processor. In such cases, we may direct your request to the relevant enterprise customer (the controller) who is responsible for responding to your rights requests. To determine whether a DPA applies to your account, contact us with your request. 7. No Fee Required We do not generally charge a fee for processing data rights requests. However, we reserve the right to charge a reasonable fee or decline to act on requests that are manifestly unfounded or excessive, particularly due to their repetitive character, in accordance with applicable law. 8. Complaints If you are dissatisfied with how we have handled your request, you may: UK: Lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/ EU and EEA: Lodge a complaint with your local supervisory authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en US: Contact your state attorney general (for example California: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company) We encourage you to contact us first so we can attempt to resolve any concerns directly. 9. Contact Information Data Controller: Dantium Technologies Limited (Company No. 09439021) Registered Office: 34 Birch Road, Wolverhampton, UK, WV11 2HA Privacy Contact: Email: privacy@aieasypdf.com General Support: Email: support@aieasypdf.com 10. Retention Information For reference, we retain different categories of personal data for the following periods (subject to legal and operational requirements): Uploaded documents and extracted content: Up to 365 days Chat sessions and messages: Up to 180 days Security and usage logs: Up to 90 days Billing and accounting records: Up to 6 years Account data: Duration of account plus deletion request processing For more details, see our Privacy Policy at /legal/privacy-policy. 11. Changes to This Page This page may be updated from time to time to reflect changes in legal requirements or our data practices. The Last Updated date at the top of this page indicates when the most recent changes were made. This document is intended for informational purposes and does not constitute legal advice. For specific questions about your rights under applicable law, please consult a qualified legal professional.