Last updated: 29 April 2026
1. Purpose
This page summarises key data processing terms used where Straight2PDF processes personal data on behalf of a customer. It is intended to support UK GDPR Article 28 requirements.
2. Parties and Roles
- Customer: Controller (or Processor acting on controller instructions).
- Straight2PDF: Processor in relation to customer submission data.
3. Subject Matter and Duration
Processing relates to digital forms, associated uploads, generated outputs (including PDFs), and related metadata for the duration of active service provision and any agreed post-termination period.
4. Nature and Purpose of Processing
Processing operations may include collection, recording, storage, organisation, retrieval, rendering, transmission and deletion of customer data to provide form workflow and document-generation services.
5. Categories of Data and Data Subjects
Categories depend on customer configuration and may include:
- Identity/contact data entered into forms.
- Operational/job-related notes and attachments.
- Images or files uploaded by authorised users.
- Technical/security metadata (e.g., timestamps, IPs, access logs).
Data subjects typically include customer personnel, contractors, and end users recorded in customer forms.
6. Processor Commitments
- Process personal data only on documented customer instructions (unless required by law).
- Ensure confidentiality obligations apply to authorised personnel.
- Implement appropriate technical and organisational security measures.
- Assist the customer with data subject rights requests where reasonably required.
- Assist with security/impact assessments where required and proportionate.
- Notify customer of personal data breaches without undue delay.
7. Sub-processors
Straight2PDF may use sub-processors for hosting, infrastructure and operational support. Sub-processors are bound by contractual obligations that are no less protective than applicable DPA terms.
Current sub-processors
The following organisations are currently used to support delivery of the Straight2PDF service:
- 24host.uk — hosting/infrastructure provider (server hosting environment).
Third-party distribution platforms
Straight2PDF mobile apps may be distributed through third-party platforms including Google Play and the Apple App Store. These platform operators (Google and Apple) typically act as independent controllers for their own platform-level processing (for example account management, store analytics, device telemetry, and payment ecosystem activities).
They are not generally treated as customer-data sub-processors for Straight2PDF service operations unless they process personal data strictly on our behalf for service delivery.
8. International Transfers
Where personal data is transferred outside the UK, appropriate safeguards will be applied as required by UK data protection law (for example adequacy regulations or approved contractual safeguards).
9. Return and Deletion
On termination/expiry, customer data will be returned and/or deleted in accordance with agreed contract terms, subject to legal retention obligations.
10. Audit and Information Rights
Straight2PDF will provide reasonable information necessary to demonstrate compliance with processor obligations, subject to confidentiality, security and proportionality safeguards.
11. Legal Effect
This webpage is a summary for transparency. The legally binding DPA terms are those in the executed contract, order form, or signed DPA between Straight2PDF and the customer.
12. Contact
For DPA requests or data processing enquiries, contact: info@straight2pdf.co.uk