Privacy Policy

Poseidon Connect Platform

Last Updated: March 2026

1. Introduction

1.1 About This Policy

This Privacy Policy explains how EM Solutions S.r.l. ("EM Solutions", "we", "us", "our") collects, uses, shares, and protects personal data when you use the Poseidon Connect platform ("Platform", "Service").

We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the Italian Privacy Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018), and other applicable data protection laws.

1.2 Data Controller

The data controller for the processing described in this Policy is:

EM Solutions S.r.l. P.IVA: 01342300918 Italy

Email: privacy@em-solutions.it

1.3 Data Processing Roles

EM Solutions operates in different roles depending on the type of data:

As Data Controller: For Reseller account data (our direct customers)
As Data Processor: For data that Resellers and their authorized users enter about their employees, customers, and sub-users (Technicians, Project Managers, End Users, Site Managers). In these cases, the Reseller is the Data Controller.

This Privacy Policy describes how we process all user data on the Platform, regardless of our role.

1.4 Data Protection Officer

For data protection inquiries, contact: privacy@em-solutions.it

2. Personal Data We Collect

2.1 Data You Provide

When you register and use the Platform, we collect:

Note: An authorized user within your organization's hierarchy (see our Terms of Service, Section 3.2) may set your role and organizational relationships before you complete registration. Upon registration, you provide your own name, email, and password. By registering, you acknowledge this pre-existing account data and consent to its processing under this Policy.

Account Information

Full name
Email address
Password (stored encrypted)
Role within the organization
Professional certifications (for technicians)
Customer type (for end users: private, business, public administration, other)

Organizational Relationships

Association with your Reseller organization
Association with End User organization (for Site Managers)

2.2 Data Created Through Platform Use

Installation Data

Project identifiers
Physical addresses (street, city, province, region, ZIP code, country)
GPS coordinates
Installation dates

Barrier Technical Data

Serial numbers and QR codes
Barrier models and specifications
Dimensions (width, protection height, number of sections)
Installation type, typology, and protection type
Surface finishes
Manufacturing dates
Maintenance schedules and status
FloodLink IoT device identifiers

Intervention Records

Inspection and maintenance dates
Intervention types and descriptions
Technician assignments
Work hours and materials used
Checklist data and inspection results
Photos taken during inspections
Digital signatures (technician and end user)
Recommendations and follow-up requirements

Documents

Uploaded files (reports, certificates, photos)
File metadata (name, type, size)

2.3 Data Collected Automatically

Technical Data

IP addresses
Browser type and version (user agent)
Device information
Access timestamps
Pages and features accessed

IoT Monitoring Data (if FloodLink integration enabled)

Device status and alerts
Alarm events and timestamps
Sensor readings

2.4 Consent Records

When you register or re-accept updated documents, we record:

Your acceptance of Terms of Service and Privacy Policy
Version of documents accepted
Timestamp of acceptance
IP address at time of acceptance
Browser user agent at time of acceptance

3. How We Use Your Data

3.1 Purposes and Legal Bases

Purpose	Legal Basis (GDPR Art. 6)
Account creation and authentication	Performance of contract
Providing Platform features	Performance of contract
Managing user hierarchy and permissions	Performance of contract
Processing installation and barrier data	Performance of contract
Recording inspections and maintenance	Performance of contract
Generating reports and compliance documentation	Performance of contract
FloodLink IoT monitoring and alerts	Performance of contract
Communicating service updates	Legitimate interest
Responding to support requests	Performance of contract
Ensuring Platform security	Legitimate interest
Compliance with legal obligations	Legal obligation
Improving the Platform	Legitimate interest

3.2 Legitimate Interests

When we rely on legitimate interest as a legal basis, we have conducted a balancing test to ensure our interests do not override your rights. Our legitimate interests include:

Maintaining Platform security and preventing fraud
Improving Platform functionality and user experience
Communicating important service information
Analyzing usage patterns to optimize performance

You may object to processing based on legitimate interest by contacting us.

4. Data Sharing

4.1 Within the Platform Hierarchy

Data is shared within the Platform according to user roles:

Your Role	Data Visible To
Reseller	EM Solutions Administrator
Technician	Reseller, EM Solutions
End User	Reseller, EM Solutions
Project Manager	Reseller, EM Solutions
Site Manager	End User, Reseller, EM Solutions

Detailed access controls ensure users only see data relevant to their role and assigned installations.

4.2 Service Providers (Sub-processors)

We use the following third-party service providers to operate the Platform:

Provider	Purpose	Location
Supabase	Database, authentication, and file storage	EU (Frankfurt)
Vercel	Platform hosting	EU
Postmark (ActiveCampaign)	Transactional email delivery	US
Sentry	Error monitoring and debugging (may receive user identifiers with error reports)	EU (Germany) / US
Google (Maps Platform)	Address autocomplete and geocoding	US
OpenStreetMap/Nominatim	Reverse geocoding services	Various
Anthropic	AI-powered photo analysis for Product Finder tool	US
Ajax Systems	IoT device monitoring (FloodLink)	EU
AWS (Amazon Web Services)	IoT event queue processing (SQS)	EU (Ireland)
Open-Meteo	Weather forecast data	CH
Formspree	Contact form submission processing	US

All sub-processors are bound by data processing agreements ensuring GDPR compliance.

4.3 Other Disclosures

We may disclose personal data:

Legal Requirements: When required by law, court order, or government authority
Safety: To protect the safety of any person or prevent illegal activity
Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
With Your Consent: When you have given explicit consent

We do NOT sell personal data to third parties.

5. International Data Transfers

5.1 Transfer Mechanisms

Your data is primarily processed within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards:

Adequacy Decisions: Transfers to countries with EU adequacy decisions
Standard Contractual Clauses: EU-approved contractual protections
Supplementary Measures: Additional technical and organizational safeguards where necessary

5.2 Sub-processor Locations

See Section 4.2 for the locations of our sub-processors. You may request details of specific transfer safeguards by contacting us.

6. Data Retention

6.1 Retention Periods

Data Category	Retention Period	Reason
Account data	Duration of account + 2 years	Contract performance, legal claims
Installation records	10 years from installation	Regulatory compliance, warranty
Intervention records	10 years from intervention	Safety documentation, compliance
Checklist photos	10 years	Evidence of inspection conditions
Digital signatures	10 years	Legal validity of documentation
Technical logs	12 months	Security and troubleshooting
Consent records	Duration of account + 5 years	Proof of consent

6.2 Retention Justification

Longer retention periods for installation and intervention data are required for:

Building safety and compliance documentation
Insurance and liability purposes
Regulatory requirements for flood protection equipment
Warranty and maintenance history

6.3 After Retention Period

When data reaches the end of its retention period, it will be:

Securely deleted, or
Anonymized for statistical purposes

7. Your Rights

7.1 GDPR Rights

Under the GDPR, you have the following rights:

Right	Description
Access	Request a copy of your personal data
Rectification	Correct inaccurate or incomplete data
Erasure	Request deletion of your data ("right to be forgotten")
Restriction	Limit how we process your data
Portability	Receive your data in a machine-readable format
Objection	Object to processing based on legitimate interest
Withdraw Consent	Withdraw consent at any time (where consent is the legal basis)
Automated Decisions	Not be subject to solely automated decision-making

7.2 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@em-solutions.it

We will respond within 30 days. We may need to verify your identity before processing your request.

7.3 Limitations

Some rights may be limited where:

We have a legal obligation to retain data
Data is necessary for legal claims
Exercising the right would adversely affect the rights of others
There is an overriding legitimate interest

7.4 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In Italy:

Garante per la protezione dei dati personali Piazza Venezia 11, 00187 Roma Website: www.garanteprivacy.it

8. Data Security

8.1 Technical Measures

We implement appropriate technical measures to protect your data:

Encryption in transit (TLS/HTTPS)
Encryption at rest for sensitive data
Secure password hashing
Role-based access controls
Regular security updates and patches
Secure API authentication
Database isolation and access controls

8.2 Organizational Measures

Employee training on data protection
Access limited to authorized personnel
Confidentiality agreements with staff and contractors
Regular security assessments
Incident response procedures

8.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected individuals without undue delay (where required)
Document the breach and remedial actions taken

9. Cookies

We use cookies and similar technologies on the Platform. For detailed information, please see our Cookie Policy.

10. Children's Privacy

The Platform is designed for business use and is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

11. Changes to This Policy

11.1 Updates

We may update this Privacy Policy from time to time. Material changes will be communicated through:

Notice within the Platform
Email to your registered address
Requirement to re-accept the updated Policy

11.2 Version History

The current version of this Policy is indicated at the top of the document. Previous versions are available upon request.

12. Contact Us

For questions about this Privacy Policy or our data practices, contact:

EM Solutions S.r.l. P.IVA: 01342300918 Italy

Privacy Inquiries: privacy@em-solutions.it General Inquiries: info@poseidonconnect.com

13. Additional Information for Specific Processing Activities

13.1 Digital Signatures

Digital signatures collected during interventions:

Are processed to create legally valid maintenance documentation
Contain signature image data and metadata (signatory name, timestamp)
Are retained for 10 years as part of intervention records

13.2 Checklist Photos

Photos taken during inspections:

Document the physical condition of installations and barriers
May contain incidental personal data (persons in background)
Are stored securely with access restricted to authorized users
Are retained for 10 years as evidence of inspection conditions

13.3 GPS/Location Data

GPS coordinates:

Are collected for installation addresses only
Enable location-based features (maps, navigation to sites)
Are not used for tracking user movements
Can be updated or removed by authorized users

13.4 Product Finder Tool

The Product Finder is a public tool (no account required) that helps users identify suitable flood barrier products. When you use the Product Finder:

Quiz answers: Your responses to product selection questions are processed to generate recommendations
Contact information: If you submit a lead form, we collect your name, email, phone number, company, and country
Photo analysis: If you upload a photo, it is sent to Anthropic's AI service for analysis of flood risk factors. The photo is processed in real-time and is not stored permanently by Anthropic (subject to Anthropic's data retention policies)
AI analysis results: The AI-generated product recommendations and analysis are stored in our database
Legal basis: Consent (you actively submit the form and opt in to processing via a GDPR checkbox)

13.5 Contact and Demo Request Forms

The Poseidon Connect website includes contact forms that allow visitors to request a demo or get in touch without creating an account. When you submit a contact form:

Data collected: Name, email address, company name (optional), and message
Processing: Form submissions are sent to Formspree, a third-party form processing service based in the US, and forwarded to EM Solutions via email
Purpose: To respond to your inquiry, schedule product demonstrations, and provide commercial information about our services
Retention: Contact form submissions are retained for 2 years from the date of submission, or until your inquiry is resolved, whichever is later
Legal basis: Consent (you actively submit the form and accept the privacy policy via a required consent checkbox)
Third-party processing: Formspree processes your data in accordance with its own privacy policy. Data may be transferred to the US under Standard Contractual Clauses

For questions about this document, please contact us.