Privacy policy

PDFArchive — Privacy Policy

Last updated: 11/05/26

Introduction

PDFArchive ("we," "us," or "our") operates this online store at thepdfarchive.com (the "Services"). PDFArchive is a UK-based sole trader business that sells digital PDF guides delivered as instant downloads. PDFArchive is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy explains how we collect, use, store, and disclose your personal information when you visit, interact with, or make a purchase from our store.

We are the data controller of your personal information for the purposes of UK GDPR, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

By using the Services, you acknowledge that you have read this Privacy Policy and understand how we collect, use, and disclose your information as described herein.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

1. Personal Information We Collect

When you interact with our Services, we may collect the following categories of personal information:

Contact details: Your name, email address, billing address, and country.

Payment information: Credit/debit card details, payment confirmations, transaction IDs, and billing details. Payment card information is processed directly by our payment providers (Shopify Payments / Stripe / PayPal) and is not stored on our servers.

Account information (if you create an account): Username, password (stored encrypted), saved preferences, and order history.

Transaction information: The digital guides you view, add to cart, purchase, or download; download history; and refund requests.

Communications with us: Information you include when contacting us (e.g., customer support emails, refund requests).

Device and usage information: IP address, browser type, device type, operating system, referring URL, pages visited, time spent on the site, and similar technical information.

Cookies and similar technologies: See our Cookie Policy for details.

Note: As a digital-only business, we do not collect shipping addresses or telephone numbers (unless you voluntarily provide them in correspondence).

2. How We Collect Personal Information

We collect personal information from the following sources:

- Directly from you when you place an order, create an account, contact us, subscribe to marketing emails, or otherwise interact with the Services;
- Automatically when you visit our website, through cookies and similar technologies (see our Cookie Policy);
- From our service providers including Shopify, payment processors, and email/marketing platforms when they collect or process your personal information on our behalf;
- From publicly available sources in limited circumstances (e.g., to verify a fraudulent chargeback claim).

3. Why We Use Your Personal Information (Lawful Bases)

Under UK GDPR and EU GDPR, we are required to identify a lawful basis for processing your personal information. Our processing activities and their lawful bases are as follows:

| Purpose | Lawful Basis |
|---|---|
| To process your order, deliver your digital guide, and provide customer support | Performance of a contract (Article 6(1)(b)) |
| To process payments and prevent fraud | Performance of a contract and legitimate interests (Article 6(1)(b) and (f)) |
| To comply with tax, accounting, and legal obligations (e.g., HMRC record-keeping) | Legal obligation (Article 6(1)(c)) |
| To send marketing emails (where you have opted in) | Consent (Article 6(1)(a)) |
| To improve our Services, analyse site usage, and prevent technical issues | Legitimate interests (Article 6(1)(f)) |
| To enforce our Terms of Service or defend legal claims | Legitimate interests (Article 6(1)(f)) |

You have the right to withdraw consent or object to processing based on legitimate interests at any time (see Section 8: Your Rights).

4. How We Use Your Personal Information

We use your personal information for the following purposes:

To provide the Services:
- Process your purchase and deliver your digital guide via download link;
- Send order confirmation, receipt, and download instructions;
- Manage your account (if you have one);
- Respond to customer support enquiries;
- Process refund requests in accordance with our Refund Policy.

For marketing (with your consent):
- Send promotional emails about new guides, discounts, and offers;
- Notify you about products related to your past purchases.

You can unsubscribe from marketing communications at any time using the unsubscribe link in any email or by contacting us.

For security and fraud prevention:
- Detect and prevent unauthorised access to your account;
- Identify and prevent fraudulent transactions, chargeback abuse, and unauthorised distribution of our digital content;
- Maintain the security and integrity of our Services.

For legal compliance:
- Comply with HMRC record-keeping requirements (we are legally required to retain transaction records for 6 years);
- Respond to lawful requests from law enforcement or regulators;
- Enforce our Terms of Service and defend legal claims.

For service improvement:
- Analyse aggregate usage trends to improve the Services;
- Diagnose technical issues.

We do not sell your personal information. We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

5. Who We Share Your Personal Information With

We share your personal information only with trusted third parties, in accordance with this Privacy Policy and applicable law:

Service providers (data processors):
- Shopify — our e-commerce platform host (data processed in accordance with Shopify's Privacy Policy: https://www.shopify.com/legal/privacy)
- Payment processors — Shopify Payments, Stripe, PayPal (for processing payments only)
- Email service providers — for sending order confirmations and (if you opt in) marketing emails
- Cloud storage providers — for storing digital guide files and order records
- Analytics providers — for understanding aggregate site usage

Legal and regulatory disclosures:
- HMRC and tax authorities (where legally required);
- Law enforcement agencies in response to valid legal requests;
- Courts and legal advisers in connection with any legal proceedings.

Business transfers:
If PDFArchive is sold, merged, or undergoes a similar business transaction, your personal information may be transferred to the new owner. You will be notified of any such change.

We do NOT:
- Sell your personal information to third parties;
- Share your information with advertisers for cross-site behavioural advertising without your consent;
- Disclose your information for purposes incompatible with this Privacy Policy.

6. International Data Transfers

Because we sell digital products worldwide and use international service providers (including Shopify, which is headquartered in Canada with global infrastructure), your personal information may be transferred to, stored, and processed in countries outside the United Kingdom and European Economic Area (EEA), including the United States and Canada.

When we transfer personal information outside the UK or EEA, we ensure appropriate safeguards are in place, including:

- Transfers to countries with an adequacy decision from the UK Government or European Commission;
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or European Commission;
- Other lawful transfer mechanisms permitted under UK GDPR and EU GDPR.

You can request a copy of the safeguards in place by contacting us.

7. How Long We Keep Your Personal Information

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements:

| Type of Information | Retention Period |
|---|---|
| Order and transaction records | 6 years (HMRC requirement) |
| Account information | Duration of your account + 2 years after closure |
| Customer support correspondence | 3 years from last interaction |
| Marketing email subscribers | Until you unsubscribe + 30 days |
| Cookies and analytics data | As specified in our Cookie Policy |
| Refund and dispute records | 6 years (legal requirement) |

After the retention period expires, we securely delete or anonymise your personal information.

8. Your Rights

Depending on where you live, you have the following rights regarding your personal information. These rights are not absolute and may be subject to certain legal exceptions.

Rights for All Users:

- Right of access — you can request a copy of the personal information we hold about you.
- Right to rectification — you can request that we correct inaccurate or incomplete information.
- Right to erasure ("right to be forgotten") — you can request that we delete your personal information, subject to legal retention requirements.
- Right to restrict processing — you can request that we limit how we use your information in certain circumstances.
- Right to object — you can object to our processing of your information based on legitimate interests, including for direct marketing.
- Right to data portability — you can request a copy of your information in a machine-readable format.
- Right to withdraw consent — where we rely on consent (e.g., marketing emails), you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

Additional Rights for UK and EEA Residents:

You have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113

For EEA residents, you can find your local data protection authority at: edpb.europa.eu/about-edpb/board/members_en

Additional Rights for California Residents (CCPA/CPRA):

- Right to know what personal information we collect, use, and disclose;
- Right to delete personal information we hold about you;
- Right to opt out of "sale" or "sharing" of your personal information (we do not sell personal information);
- Right to correct inaccurate personal information;
- Right to non-discrimination for exercising your CCPA rights.

We do not "sell" or "share" personal information of California residents under 16 years of age.

How to Exercise Your Rights:

To exercise any of these rights, contact us at thepdfarchive@gmail.com with your request. We may need to verify your identity before processing your request. We will respond within 30 days (UK/EU) or 45 days (California), as required by applicable law.

You may also designate an authorised agent to exercise rights on your behalf. We will require proof of authorisation before acting on such requests.

We will not discriminate against you for exercising your rights.

9. Marketing and Email Communications

If you have opted in to receive marketing emails from PDFArchive:

- You can unsubscribe at any time using the link at the bottom of any marketing email;
- You can also opt out by emailing thepdfarchive@gmail.com with the subject line "Unsubscribe";
- Even if you unsubscribe from marketing, we may still send you transactional emails (order confirmations, refund notices, important account updates) as these are necessary to fulfil our contract with you.

We do not send marketing emails to people who have not opted in.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Services, analyse site usage, and (with your consent) for marketing purposes. For full details, please see our separate Cookie Policy.

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner.

11. Children's Privacy

The Services are not intended for use by children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us at thepdfarchive@gmail.com and we will promptly delete it.

We do not have actual knowledge that we sell or share the personal information of any individual under 16 years of age.

12. Security

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, alteration, or disclosure. These include:

- Encrypted connections (HTTPS/SSL) for all data transmission;
- Secure payment processing through PCI-DSS compliant providers (Shopify Payments, Stripe, PayPal);
- Restricted access to personal information on a need-to-know basis;
- Regular security reviews of our systems and service providers.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and we recommend that you do not transmit sensitive information through unsecure channels.

If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and notify affected users without undue delay, as required by UK GDPR.

13. Third-Party Websites and Links

The Services may contain links to third-party websites (e.g., social media platforms, payment provider sites). We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing them with any personal information.

14. Data Protection Officer

As a small sole trader business, PDFArchive is not legally required to appoint a Data Protection Officer (DPO). All privacy-related queries should be sent directly to thepdfarchive@gmail.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

- Update the "Last updated" date at the top of this policy;
- Post the updated policy on our website;
- Where required by law, notify you by email or through a prominent notice on our website.

Your continued use of the Services after the updated Privacy Policy takes effect constitutes acceptance of the changes.

16. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, or if you would like to exercise your rights, please contact us:

PDFArchive
Email: thepdfarchive@gmail.com
Website: ThePDFArchive.com
Business Address: PDFArchive, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA

For the purpose of UK GDPR and EU GDPR, PDFArchive is the data controller of your personal information.

If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local data protection authority.