PRIVACY POLICY
Last updated: 05 May 2026
1. Introduction and data controller
Welcome to e-MAPs® – Intelligent Safety Compliance Platform (hereinafter "e-MAPs®"), software developed and exclusively owned by Digiconforme, Lda., with registered office at Alenquer Inovar, Rua Orlando Jorge Pereira, no. 1, 2580-385 Alenquer, Portugal, NIPC 518521397 and general email address [email protected] (hereinafter "Digiconforme"), made available as a SaaS (Software as a Service) model, under the Terms and Conditions available on the dedicated page.
Digiconforme acts, within the scope of e-MAPs®, primarily as a Data Processor, processing personal data on behalf of and under the instructions of the Client companies, which are the Data Controllers with respect to the data entered into the platform. Digiconforme shall assume the role of Data Controller only with respect to the administrative data of the contractual relationship with the Client (e.g., billing, commercial and support contacts) necessary for the platform subscription and services provided in that context.
This Privacy Policy sets out and explains how Digiconforme collects, uses, shares and protects Client data in connection with the use of e-MAPs®.
2. What data do we collect and for what purpose?
Digiconforme, as owner of e-MAPs®, being a B2B platform, will process the data that corporate users and their employees enter into e-MAPs®, as described in the table below.
| Category of data | Examples | Purpose (Legal basis) |
| User identification | Name, email, phone, photo or avatar (optional) | Account management, authentication, technical support (Basis: performance of the subscription) |
| Client company data | Company name, address(es), email, phone | Invoice issuance and registration of the establishments the Client wishes to manage (Basis: performance of the subscription and legal obligation) |
| Technical management | Equipment and related data: anomalies, verification dates, maintenance, inspections, etc. | Core SaaS operation: registration, monitoring and history of the Client's technical assets (Basis: performance of the subscription and legitimate interest of the Client) |
| Technical documentation | Upload of photos, certificates, reports, etc. | Evidence of regulatory compliance, maintenance history and equipment safety (Basis: performance of the subscription) |
3. How do we collect data?
Data is actively provided by the Client's employees when they use e-MAPs®, namely through:
- Completing forms;
- Uploading documents;
- Configuring equipment.
Important notice: the Client company shall always be the Controller of the data relating to its own employees and equipment. Digiconforme acts only as Processor, processing the data provided by the Client and its employees exclusively to provide the subscribed SaaS service.
The processing of data carried out by Digiconforme is governed by a Data Processing Agreement (DPA) which forms part of the e-MAPs® Terms and Conditions and is an integral part of the subscription entered into by the Client.
4. Data sharing (Sub-processors)
To operate e-MAPs®, Digiconforme may use third parties that process data on its behalf:
- Hosting – e.g. AWS, Digital Ocean, OVH, Hetzner, PTisp. Data is stored on servers located in the European Union.
- Email and DNS – e.g. AWS, Mailgun, Mailjet, Smtp2go, Cloudflare.
- Analytics tools – only if anonymised or subject to a sub-processing agreement.
Digiconforme shall not sell or share data entered by users for any purposes other than those provided in this Privacy Policy and in the e-MAPs® Terms and Conditions.
5. Data retention period
With regard to the data retention period, the following applies:
- Account data (name, email, company): until the subscription is cancelled or until a deletion request is submitted by the Client. After termination of the subscription or upon the Client's request, Digiconforme may retain backup copies for 30 to 90 days, or for any legally required period (e.g. tax obligations regarding invoices).
- Equipment data, anomalies and documents: only for the duration of the subscription.
After termination of the subscription, the Client may request the export of the data they entered. Once the technical backup retention period (30 to 90 days) has elapsed, all data will be permanently deleted by Digiconforme, unless otherwise required by law.
6. Data subjects' rights (GDPR)
Even in a B2B context, the Client company's employees (end users) have the following rights under the GDPR:
- Access: obtain information about the personal data entered into e-MAPs®.
- Rectification: request the correction of incorrect or incomplete data (e.g. email or phone number).
- Erasure ("right to be forgotten"): request the removal of personal data that is no longer necessary or for which there is no justifiable reason to continue processing.
In cases where complete deletion of personal data is incompatible with legal record-keeping obligations (in particular, records of safety verifications, maintenance and inspections), the request will be fulfilled through the anonymisation of the user's identifying data, replacing it with an anonymous identifier, so as to preserve the integrity of operational records without enabling re-identification of the data subject.
- Portability: receive the data provided in a structured format.
- Objection: request that processing be objected to, in cases justifiable under the law and admissible on the basis of the applicable legal criteria.
As access to e-MAPs® is managed by the employer, each employee should contact the relevant Administrator in e-MAPs® in case of a data rectification request for data they do not have permission to modify.
Requests to exercise the above rights should be directed to the Client company (Data Controller). Digiconforme will only act on such requests upon duly documented instructions from the Client, in accordance with the GDPR.
7. Security measures
Digiconforme implements technical and organisational measures duly appropriate to the nature of the data provided:
- Encryption: SSL/TLS in transit (HTTPS).
- Access control: implemented via secure password and email code verification.
- Backups: daily database backups with secure retention.
Digiconforme also develops procedures to identify and resolve any suspected security breach, notifying e-MAPs® clients in the event of any data breach, in accordance with the terms and provisions of the GDPR.
8. International data transfers (outside the EU or EEA)
Data processed by Digiconforme is hosted and processed in the European Union and/or the European Economic Area, or by service providers (e.g. Google or Microsoft login tools) that have entered into binding agreements fully compliant with the lawfulness of transfers to third countries. Digiconforme prefers suppliers based in the EU and EEA.
9. Cookies and tracking
Digiconforme uses strictly necessary cookies for the operation of the platform (login session, security, user preferences) and cookies that collect anonymised statistical data for periodic analysis of platform usage and technical improvement assessments.
Digiconforme does not use marketing or third-party cookies without consent.
10. How to contact us
For questions regarding this Privacy Policy or to exercise your rights, please contact us in writing through the means indicated below. Digiconforme may require specific information from the requester in order to confirm their identity and ensure that, in responding to the exercise of rights, personal information is not disclosed to unauthorised persons.
- Email: [email protected]
- Address: Alenquer Inovar, Rua Orlando Jorge Pereira, no. 1, 2580-385 Alenquer
Although the exercise of rights does not require payment of any fee, Digiconforme may charge a reasonable fee to cover the administrative costs of providing the information, or may refuse to act on requests if they are manifestly unfounded, excessive or repetitive.
11. Changes to this Privacy Policy
Digiconforme may update this Privacy Policy whenever necessary to reflect legal, technical or operational changes related to the provision of the service.
In the event of any change, the Client will be informed by email or through a notification on e-MAPs® with 30 (thirty) days' prior notice, with the date of the last update always indicated at the top of this document.