What kind of data is being collected?
We may collect and process personal data (as defined in the Personal Data (Privacy) Ordinance ("PDPO")) about you when you visit the site, install, download, access, register for or use the app, use our Services, or contact us in relation to the Services. We will only use your personal data as set out below and always in accordance with the PDPO. While we are not based in the European Economic Area ("EEA") nor do we actively offer our goods and services to, or monitor the behaviour of, individuals in the EEA, we also comply with the European Union's General Data Protection Regulation 2016/679 ("GDPR") as a matter of best practice.
We do not collect special category personal information (as defined in the GDPR), i.e. personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.
a) Information we collect automatically: Your privacy matters to us. We do not automatically collect any personal data that allows us or other parties to personally identify you, unless you're using our optional services related to GoodNotes Cloud. We automatically collect the following information when you use our optional Services:
We may not be able to provide you with the aforementioned Services if you do not provide us with such information.
We do automatically collect anonymized, aggregated statistical data like the number of visitors per week, the number of created documents or the average time users spend on the site or in the app per session. None of the data we collect allows us or other parties to personally identify you. Neither us nor any other party can access, modify, or read any of your documents that are saved in the app, except as otherwise specified in the GoodNotes Cloud Terms of Service and the preceding paragraph if you use GoodNotes Cloud.
b) Information you voluntarily provide to us: If you contact us via email, or subscribe to our newsletter, your name and your email address are collected for the purpose of communication. While it is voluntary for you to provide such information to us, please note that we may not be able to respond to you or to process your subscription to our newsletter if you do not provide such information.
Furthermore, if you register as a member in order to access or use certain parts of the Services, we may collect your name and your email address. While it is voluntary for you to provide such information to us, please note that we may not be able to provide all of our Services to you (in particular, those that require registration) if you do not provide such information.
For certain support requests and issues, we may ask you to export and send us diagnostic data of your app. This data includes information necessary to diagnose and resolve issues you might experience with our Services including the titles of your documents, folders, and imported files. While it is voluntary for you to provide such information to us, please note that we may not be able to provide all of our Services to you (in particular, those that require technical support and investigation for certain issues) if you do not provide such information.
What is this data being used for?
You agree that all personal data provided by you to us may be used and retained by us for the purposes stated below or as required by any applicable laws and regulations from time to time. If we intend to use your personal data for any new purposes not listed below, we will inform you in advance and you will have an opportunity to refuse to allow us to do so. We will not use your personal data for any unlawful purpose.
Furthermore and separately, we may use the information that you provide us voluntarily to advertise promotions or offers to you via the Services, and for you to accept or redeem any promotions or offers that you may choose to accept. Where we do so, we will do so as specified under "Marketing and opting out".
No data will be disclosed by us to any third parties, except as specified below under "Who is my data disclosed to?".
a) Information we collect automatically:
Personal data such as names, contact information, personal information and metadata you may have included in the User Content (as defined in the GoodNotes Cloud Terms of Service) submitted will be used as part of providing the features of GoodNotes Cloud described in paragraph 4.3 of the GoodNotes Cloud Terms of Service.
All other data is used to compile various (anonymised) metrics to get a better understanding of how the site and the app are being used (which pages are visited most, how many times users are using ”search”, for example), so that the Company can make better decisions for future initiatives like new products or services (better explanation of the product's features, for example).
b) Information you voluntarily provide us with: All information you provide us with voluntarily by subscribing to our newsletter or consulting our support via email will only be used by us for communication, such as helping you to solve support requests or sending regular newsletters via email.
If you register as a member in order to access or use certain parts of the Services, we will only use the information you provide us as follows:
- in order to authenticate and verify your membership;
- to help you to solve support requests;
- to provide you with the Services;
- to customise our Services and our content to your particular preferences; and
- to carry out research and statistical analysis and create market reports on an anonymised or aggregated basis (which means that we will not identify you individually for the purpose of such research, analysis or reports) to help us better understand our users, and to enhance and develop our Services,
Who is my data disclosed to?
We may disclose your personal data to other companies within our group for the purposes set out in "What is this data being used for?" above, as well as to law enforcement and regulatory agencies as may be required by law.
We may also disclose and transfer your personal data (whether in Hong Kong or abroad) to our agents, contractors or vendors ("Service Providers"), provided that they are under a duty of confidentiality to us and we have imposed contractual obligations to ensure they can only use your personal data to provide agreed services to us and to you. Such Service Providers may provide administrative, data processing or other similar services to us to enable us to better provide the features and services of GoodNotes and GoodNotes Cloud to you. We may also provide your personal data to actual or proposed assignees or transferees of our rights with respect to you in connection with a merger, sale or transfer (whether of assets or shares). In particular:
- To collect feedback and ideas in our idea forum, we use the service provided by UserVoice. In order to submit feedback to the forum, an account with UserVoice will need to be created. UserVoice's terms and services apply here. For customers based in the EU, UserVoice will collect consent before creating an account starting from May 25th, 2018. The data we collect will only be used for the purpose of communicating with you about ideas that you have submitted, voted on or commented. This is also guaranteed by our DPA with UserVoice.
Other companies may also forward to us additional personal data, (such as, for example, names, mailing addresses and email addresses, as well as demographic and other usage information) when we have news or product offerings that may be of special interest to those individuals. We work to ensure that these companies have obtained consent or a lawful basis before they pass such personal data on to us. Please inform us if you believe we have acquired your personal data this way and you have not given your consent for such companies to do so or that they do not have a lawful basis for passing such personal data onto us, as it is not our intent to make use of personal data which has not been lawfully acquired.
How is the data being retained?
We may store your personal data in the following locations:
- If you use GoodNotes Cloud: Amazon Web Services regions us-east-1 and us-west-2, and Compose, Inc. region us-east-1
We will not retain your personal data for longer than is necessary. We will keep your personal data while you make use of our Services, which may include keeping your personal data for as long as is necessary to respond to any questions, complaints or claims that may be made by you or on your behalf, to show that we treated you fairly, and/or to keep records as required by law.
You have the right to request the removal of any personal data you provided us with voluntarily (like your email address) but won’t be able to use the related Services anymore after.
Marketing and opting out
We intend to use your personal data for direct marketing (for example by email) about our products and/or services, but we will not do so without your consent. You may be asked separately and clearly to indicate your consent by choosing to opt in.
If you have indicated consent, we will be able to help you discover new related products and features of GoodNotes, and show you relevant promotions and offers in your transaction feed displayed on the Services, that generally directly relate to the app or services of GoodNotes that you are using. If you use GoodNotes or GoodNotes Cloud, under no circumstances will we use your User Content (as defined in the GoodNotes Cloud Terms of Services) or documents that you have uploaded for the purpose of direct marketing.
We do not disclose your personal data to any third-party advertisers but may provide them with reports based on anonymised or aggregated data. For example, if you redeem an offer advertised via the Services, we will provide the advertiser with information that an individual has redeemed the offer as well as the date and amount of the transaction relating the offer redemption, but we do not provide the advertiser with your name or phone number.
If you prefer not to receive any marketing communications, you can opt out at any time by contacting us here or using the options to opt out in any communication you may receive from us.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your membership, if you register with us, is controlled by your email or mobile phone number and a password that is unique to you;
- we encrypt your personal data;
- any personal data that we process or store is done on secure servers.
- All processing of your personal data shall be conducted according to the data protection principles as follows:
- personal data must be processed lawfully, fairly and transparently;
- personal data must be accurate and kept up to date with every effort to erase or correct;
- personal data must be processed in a manner that ensures the appropriate security.
In addition, we have appropriate security measures in place to prevent personal data from being accidentally or unlawfully lost, used or accessed. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so or if there is a risk to your rights and freedoms.
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing and transfer of his/her personal data; and
- receive on his/her behalf any notices relating to data protection.
You have the following rights, which you can exercise free of charge:
- Access and rectification: you have the right to know whether we hold your personal data and to request access to and/or correct any inaccuracies of your personal data held by us.
- Right to be forgotten: you have the right to require us to delete your personal data.
- Restriction of processing: you have the right to require us to restrict processing of your personal data in certain circumstances, such as if you contest the accuracy of the data.
- Data portability: you have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format and/or to instruct us to transmit that data to a third party.
- Objection: you have the right to object at any time to your personal data being processed for direct marketing and in other certain circumstances, such as if we change our legitimate interests from the basis on which we initially collected and processed your personal data.
- Not to be subject to automated individual decision-making: while we do not subject you to decisions based solely on automated processing that produces legal effects concerning you or otherwise significantly affecting you, should we ever engage in such processes, we will first notify you and you will have the right to object to such processing.
If you wish to exercise any of the above rights, or make any related complaint or request in relation to your personal data, please contact us in writing here.
Frequently Asked Questions
Can you read any of the notes I take or can you see any of the documents I save in the app?
No. Neither us nor any other party can view, read, or modify any of the documents you save locally in the GoodNotes app. If you are using optional features of GoodNotes Cloud, we will save the necessary documents and data solely in order to provide the features of GoodNotes Cloud described in paragraph 4.3 of the GoodNotes Cloud Terms of Service on our servers. We will not view, read, or modify the content of any of the documents you save in GoodNotes Cloud unless being instructed by you to do so (for example in order to recover accidentally lost documents). If you don't choose to backup or sync to a cloud storage or use the optional features of GoodNotes Cloud, all your documents are only saved locally on your device.
I save personal data of customers in your app. Do I need a data processing agreement with you?
Subject to the aforementioned, neither us nor any other party can view, read or modify any of the documents you save in the GoodNotes app.
Do you have Data Protection Agreements ("DPAs") with all data processors in place?
If you have more questions, feel free to contact us here.
Changes to this policy