Last updated: 18 April 2026
1. Who we are (data controller)
Konvert Technologies Ltd (“we”, “us”) operates the DocTemplates store (doctemplates.co.uk) and is the controller of your personal data.
Konvert Technologies Ltd
Ruukintie 93 b7, 60100 Seinäjoki, Finland
As we are established in Finland (the EU), we process your personal data in accordance with the EU General Data Protection Regulation (GDPR). If you have any questions about how we handle your data, please contact us at the email address above.
2. What data we collect
We collect the information you provide when you buy from us:
- Contact details — name, email address and, where needed, billing details
- Order details — the templates you buy, order number, date and price
- Payment details — handled by our payment provider; we do not store full card numbers
- Technical data — IP address, browser type and cookie-related identifiers
Providing this information is necessary to complete your purchase; without it we cannot fulfil your order.
3. Why we process your data and our lawful basis
| Purpose | Lawful basis (GDPR Article 6) |
|---|---|
| Fulfilling and confirming your order (delivery and support) | Performance of a contract (Art. 6(1)(b)) |
| Accounting and tax obligations | Legal obligation (Art. 6(1)(c)) |
| Keeping the service secure and preventing fraud | Legitimate interests (Art. 6(1)(f)) |
| Analytics and marketing cookies | Consent (Art. 6(1)(a)) |
We do not carry out automated decision-making that produces legal effects, or profiling, without your separate consent.
4. Sharing of data
We do not sell or rent your personal data. We may share data with the following recipients:
- Payment providers, to process your payment
- Hosting, email and accounting providers, to operate the service (acting as our processors under Article 28)
- Authorities, where we are required to do so by law
5. How long we keep your data
- Order and accounting records: kept for the statutory accounting retention period (around 6 years)
- Customer support correspondence: no more than 24 months
- Analytics data: anonymised or deleted within 26 months
6. International transfers
We aim to use providers based in the EU or the EEA. Where a processor is located outside the EU/EEA, we put in place the safeguards required by the GDPR — typically the European Commission’s Standard Contractual Clauses (SCCs) or a transfer to a country with an adequacy decision.
7. Your rights
Under the GDPR you have the right to:
- be informed about, and request access to, the personal data we hold about you
- have inaccurate data corrected, or your data erased
- restrict or object to our processing of your data
- data portability
- withdraw your consent at any time where we rely on it
Please send any request to the email address above. We will respond within one month.
If you believe we have not handled your data in accordance with the law, you have the right to lodge a complaint with a supervisory authority. As our lead authority, you may contact the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi). You may also contact the supervisory authority in your own country of residence — in the UK, the Information Commissioner’s Office (ICO, ico.org.uk). We would, however, appreciate the chance to deal with your concerns first.
Note for UK customers: where the UK GDPR and the Data Protection Act 2018 apply to the processing of your data, we comply with them in addition to the EU GDPR, and you may exercise equivalent rights and contact the ICO as set out above.
8. Cookies
We use strictly necessary cookies for the basket and for security. For non-essential cookies (analytics, marketing) we ask for your consent through a cookie banner. You can withdraw your consent at any time.
9. Data security and changes
We use appropriate technical and organisational measures to protect your data, and data is transmitted over an encrypted connection (HTTPS/TLS). We update this policy when needed and will note any significant changes on the website, with the “last updated” date above.