GDPR

GDPR SUPPLEMENT to the Privacy Policy

1. Scope of This GDPR Supplement

This Supplemental Privacy Statement under the General Data Protection Regulation (“GDPR Supplement”) contains information applicable to residents of the European Economic Area (“EEA”), Switzerland and the United Kingdom (“UK”) to supplement or amend the information provided in the Privacy Policy of PDF Solutions, Inc. (the “Policy”).   Unless defined specifically in this GDPR Supplement, capitalized terms shall have the meaning set forth in the Policy.

1. Controller

PDF Solutions, Inc. operates the Site and is the controller of any personal data collected or otherwise processed on or through the Site.

III. Purposes and Legal bases for processing

We process your personal data on several different legal bases, as follows:

1. Based on necessity to enter into or perform a contract with you – we need to process your personal data to enter into an agreement with you or a legal entity you represent, to perform contractual obligations, to respond to related questions and requests from you, or provide customer support.
2. Based on legitimate interests – we process personal data from you

• for the security and safety of the Site, our IT connected to the Site and the users of the Site;
• to detect and prevent fraud;
• to protect and defend the rights or property of others, or our own rights and interests;
• to track your activities on the Site and present you with advertising based on your browsing activities and interests, provided you have not opted out of such data processing.
• to send marketing communications if you are a business contact (e.g. business email address) so that we can inform you about relevant products, services and updates, provided you have not opted out of such data processing.

3. Based on compliance with legal obligations – we may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process.
4. Based on your prior consent – for placing cookies on your device (subject to certain exceptions) or sending marketing communications to you.

IV. Data Transfers to Recipients Outside of the EEA

To facilitate your use of the Site, we may transfer your personal data outside of the country where you are located.  To ensure that your personal data will remain protected wherever it is transferred, we have taken appropriate safeguards as follows: When we transfer personal data of individuals in the EEA, Switzerland or the UK to a country or jurisdiction that cannot ensure an adequate level of protection for their personal data from the GDPR perspective, we make use of Module 2 the 2021 Standard Contractual Clauses (SCC) issued by the European Commission as they pertain to transfers from the EU/EEA and Switzerland (https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en) and the International Data Transfer Agreement (IDTA) transfer mechanisms issued by the UK Information Commissioner’s Office (ICO) as it pertains to transfers from the UK (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/, with PDF as Data Importer and Processor.

You can request a copy of such safeguards by contacting us in accordance with Section 3.g. (“Contacting Us,”) of the Policy.

1. Your Rights Regarding the Processing of Your Personal Data

Subject to the conditions set out in the applicable law, you have, without limitation, the rights to (i) inquire whether and what kind of personal data we hold about you and how it is processed, and to access or request copies of such personal data, (ii) request the correction or supplementation of personal data about you that is inaccurate, incomplete or out-of-date in light of the purposes underlying the processing, or to (iii) obtain the erasure of personal data no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, processed for legitimate interests that, in the context of your objection, do not prove to be compelling, or processed in noncompliance with applicable legal requirements.

In addition, you have, subject to the conditions set out in the applicable law and without limitation, the rights to (iv) request us to restrict the processing of personal data in certain situations where you feel its processing is inappropriate, (v) object, in certain circumstances, to the processing of personal data for legitimate interests, and to (vi) request portability of personal data that you have actively or passively provided to us (which does not include data derived or inferred from the collected data), where the processing of such personal data is based on consent or a contract with you and is carried out by automated means. In case of concerns, you also have the right to lodge a complaint with the competent local data protection authority.

You may exercise the above-mentioned rights of access, rectification, erasure, restriction, objection and data portability by contacting us in accordance with Section 3.g. (“Contacting Us,”) of the Policy.   Please note, however, that the exercise of certain of these rights may impact your use of the Site and/or result in our inability to provide you with Services relating to your use of the Site.