DataMapper - Privacy Policy

Privacy Policy

Last updated: 24 January 2023

At Safe Online, we care about protecting your privacy. Please take a moment to read about how we keep the personal data you share with us safe.

This privacy policy explains what types of data we collect when you use DataMapper, why we need it, how we keep it safe, how you can manage and delete it; and who to contact if you have any questions or concerns.

Our policy will be updated from time to time as we continue to improve our services, so check our website to read the latest version.

About Safe Online ApS

DataMapper is owned and operated by Safe Online ApS (Safe Online), located in Copenhagen, Denmark.

When you use DataMapper, Safe Online becomes a data controller in accordance with the legislation on personal data applicable in Denmark. That makes us responsible for protecting any personal data you decide to share with us to use DataMapper.

Safe Online was founded to help companies manage personal data properly and keep it safe. We take your privacy seriously. That’s why it’s so important to us that your data is processed securely and appropriately, even basic data like your name and email address.

What is personal data?

Personal data is any kind of information that can be used to identify you or any natural person.

What personal data do you collect about me, and why?

DataMapper collects some of your basic personal data to create your account and get started.

Personal data you share when creating an account

When you start a freeDataMapper account, you submit your name, company name and work email. If you sign up for a paid account, you also submit payment information that we store on file to keep your account active.

Will Safe Online share, sell or rent my personal information?

We do not rent or sell our customers’ personally identifiable information.

We will never share personal information unless it is required to comply with law or court order, enforce or apply our terms of use and other agreements; or protect the rights, property, or safety of Safe Online, our employees, our users, or others.

Where is my information stored?

Your data is stored on secure servers physically located in the EU.

How does Safe Online keep my data safe?

Here are some details about our security:

Our access is restricted

Just 2 developers in Denmark have access toDataMapper user data. Their access is restricted with MFA and location access. Our developers can access your data only if you request them to, and only with two written consents.

Access is logged

We log every access to your files.

All data is kept in the EU

We guarantee that your data will not leave the EU.

Backups

We regularly back up documents and data.

Servers and security patches

We monitor and keep all our servers up to date with the latest OS and security patches.

Users stay in control

Each user chooses which files DataMapper can access and the user retains full control to manage data access over time.

Users are authenticated

As the verified creator of an account, you are given admin status. You can invite additional admins and users. Users are identified by an administrator’s invite and a dedicated sign-up flow ensuring each user is verified.

Network and access

All communication between your computer and our servers is encrypted using 2048-bit RSA encryption. To prevent man-in-the-middle attacks, all our servers are certified with X.509 certificates provided by WebTrust certified certificate authorities. Finally, all your data is hosted on trusted third-party services (e.g., Azure) that use state-of-the-art access control and operate server facilities that are physically guarded.

Authentication tokens

DataMapper uses passwordless secure authentication tokens from trusted providers like Microsoft or Google that are securely transferred to our system for verification to ensure that the tokens are authentic and are only accessible by authorized users.

Data encrypted in transit

HTTPS in transit, TLS 1.2, Shared access signature

Data encrypted at rest

Azure private blob storage encrypted at rest with Azure managed AES 256 bit keys

What can I do to protect my account?

DataMapper is built with security features to limit access to only the users you invite. Make sure you and your users protect the logins and the devices you use for DataMapper to prevent unauthorized persons from gaining access to your account.

Legal basis

To create your account you must click the checkbox to agree to our Terms and Conditions.

By doing so you consent for us to store and process personal information as outlined in this privacy policy.

You can withdraw consent at any time as described in the section “What are my rights as a data subject?”. Simply email us at support@safeonline.dk

Remember that after withdrawing consent, it may not be possible to continue using DataMapper.

How long do you keep my personal data?

We store your account information as long as the account is open. If you close your DataMapper account, we will delete all data within 2 weeks.

We store contact information for the purpose of sending newsletters and updates about our products until you unsubscribe.

As a user, you always have the right to have your data deleted. This action can be requested here. When we receive a request for deletion, data will be deleted in 32 days max, and you will receive confirmation of the deletion.

Read more about your rights as a data subject, as well as your options for deleting your personal data, in the section below.

What are my rights as a data subject?

At Safe Online, we respect the privacy rights of individuals as “data subjects” and owners of their data, as outlined in the GDPR:

• As a data subject, you have the right to have your personal data deleted. In some cases, however, we reserve the right to either restrict or reject a deletion if the personal data in question is required in order for us to comply with applicable law or regulation or to defend a legal claim.

As a data subject, you are entitled to be informed as to what personal data we are processing about you. You can request a data extract at any time of all the data that we keep regarding your person. Your personal data will be delivered as soon as possible – however, always within 4 weeks.

As a data subject, you are entitled to transfer your data to another data controller. Your data will be delivered to you electronically so that you are able to transfer the data to another data controller/service provider.

As a data subject, you are entitled to correct any inaccurate data we may process about you.

• As a data subject, you are entitled to withdraw the consent if you wish to stop or restrict our processing of your personal data.

For inquiries about your personal data, please click here.

Notification of a breach of the protection of your personal data

In case of a security breach that may compromise your personal data, we will notify you by email within 72 hours. The email will contain information about the extent of the security breach, what specific data is affected, and what actions and plans have been initiated to limit any possible harm or misuse of your personal data.

How can I make a complaint?

If you wish to make a complaint about the processing and/or use of your personal data, you can do so by contacting the authorities. In Denmark, the relevant government body is Datatilsynet, at Borgergade 28, 5, 1300 Kbh K, Tel. +45 33 19 32 00. See more at www.datatilsynet.dk

Will you change this Privacy Policy?

Our policy will be updated from time to time as we continue to improve our services, so check our website to read the latest version. The date of our latest update will always be displayed.

Last update: 24 January 2023.

How can I contact you?

If you have any questions about this privacy policy, please contact us at:

Købmagergade 22, 2, 1150 Copenhagen, Denmark

Phone: +45 27772737

E-mail: support@safeonline.dk

CVR-no.: DK38589962