Privacy Policy
Privacy Policy
Poseidon Connect Platform
Last Updated: February 2026
Version: 1.0
1. Introduction
1.1 About This Policy
This Privacy Policy explains how EM Solutions S.r.l. ("EM Solutions", "we", "us", "our") collects, uses, shares, and protects personal data when you use the Poseidon Connect platform ("Platform", "Service").
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the Italian Privacy Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018), and other applicable data protection laws.
1.2 Data Controller
The data controller for the processing described in this Policy is:
EM Solutions S.r.l.
P.IVA: 01342300918
Italy
Email: privacy@em-solutions.it
1.3 Data Processing Roles
EM Solutions operates in different roles depending on the type of data:
- As Data Controller: For Reseller account data (our direct customers)
- As Data Processor: For data that Resellers enter about their employees and customers (Technicians, Project Managers, End Users, Site Managers). In these cases, the Reseller is the Data Controller.
This Privacy Policy describes how we process all user data on the Platform, regardless of our role.
1.4 Data Protection Officer
For data protection inquiries, contact: privacy@em-solutions.it
2. Personal Data We Collect
2.1 Data You Provide
When you register and use the Platform, we collect:
Account Information
- Full name
- Email address
- Password (stored encrypted)
- Role within the organization
- Professional certifications (for technicians)
- Customer type (for end users: private, business, public administration, other)
Organizational Relationships
- Association with your Reseller organization
- Association with End User organization (for Site Managers)
2.2 Data Created Through Platform Use
Installation Data
- Project identifiers
- Physical addresses (street, city, province, region, ZIP code, country)
- GPS coordinates
- Installation dates
Barrier Technical Data
- Serial numbers and QR codes
- Barrier models and specifications
- Dimensions (width, protection height, number of sections)
- Installation type, typology, and protection type
- Surface finishes
- Manufacturing dates
- Maintenance schedules and status
- FloodLink IoT device identifiers
Intervention Records
- Inspection and maintenance dates
- Intervention types and descriptions
- Technician assignments
- Work hours and materials used
- Checklist data and inspection results
- Photos taken during inspections
- Digital signatures (technician and end user)
- Recommendations and follow-up requirements
Documents
- Uploaded files (reports, certificates, photos)
- File metadata (name, type, size)
2.3 Data Collected Automatically
Technical Data
- IP addresses
- Browser type and version (user agent)
- Device information
- Access timestamps
- Pages and features accessed
IoT Monitoring Data (if FloodLink integration enabled)
- Device status and alerts
- Alarm events and timestamps
- Sensor readings
2.4 Consent Records
When you register, we record:
- Your acceptance of Terms of Service and Privacy Policy
- Version of documents accepted
- Timestamp of acceptance
- IP address at time of acceptance
3. How We Use Your Data
3.1 Purposes and Legal Bases
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation and authentication | Performance of contract |
| Providing Platform features | Performance of contract |
| Managing user hierarchy and permissions | Performance of contract |
| Processing installation and barrier data | Performance of contract |
| Recording inspections and maintenance | Performance of contract |
| Generating reports and compliance documentation | Performance of contract |
| FloodLink IoT monitoring and alerts | Performance of contract |
| Communicating service updates | Legitimate interest |
| Responding to support requests | Performance of contract |
| Ensuring Platform security | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
| Improving the Platform | Legitimate interest |
3.2 Legitimate Interests
When we rely on legitimate interest as a legal basis, we have conducted a balancing test to ensure our interests do not override your rights. Our legitimate interests include:
- Maintaining Platform security and preventing fraud
- Improving Platform functionality and user experience
- Communicating important service information
- Analyzing usage patterns to optimize performance
You may object to processing based on legitimate interest by contacting us.
4. Data Sharing
4.1 Within the Platform Hierarchy
Data is shared within the Platform according to user roles:
| Your Role | Data Visible To |
|---|---|
| Reseller | EM Solutions Administrator |
| Technician | Reseller, EM Solutions |
| End User | Reseller, EM Solutions |
| Project Manager | Reseller, EM Solutions |
| Site Manager | End User, Reseller, EM Solutions |
Detailed access controls ensure users only see data relevant to their role and assigned installations.
4.2 Service Providers (Sub-processors)
We use the following third-party service providers to operate the Platform:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU (Frankfurt) |
| Vercel | Platform hosting | EU |
| Sentry | Error monitoring and debugging | EU/US |
| OpenStreetMap/Nominatim | Geocoding services | Various |
All sub-processors are bound by data processing agreements ensuring GDPR compliance.
4.3 Other Disclosures
We may disclose personal data:
- Legal Requirements: When required by law, court order, or government authority
- Safety: To protect the safety of any person or prevent illegal activity
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
- With Your Consent: When you have given explicit consent
We do NOT sell personal data to third parties.
5. International Data Transfers
5.1 Transfer Mechanisms
Your data is primarily processed within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards:
- Adequacy Decisions: Transfers to countries with EU adequacy decisions
- Standard Contractual Clauses: EU-approved contractual protections
- Supplementary Measures: Additional technical and organizational safeguards where necessary
5.2 Sub-processor Locations
See Section 4.2 for the locations of our sub-processors. You may request details of specific transfer safeguards by contacting us.
6. Data Retention
6.1 Retention Periods
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 2 years | Contract performance, legal claims |
| Installation records | 10 years from installation | Regulatory compliance, warranty |
| Intervention records | 10 years from intervention | Safety documentation, compliance |
| Checklist photos | 10 years | Evidence of inspection conditions |
| Digital signatures | 10 years | Legal validity of documentation |
| Technical logs | 12 months | Security and troubleshooting |
| Consent records | Duration of account + 5 years | Proof of consent |
6.2 Retention Justification
Longer retention periods for installation and intervention data are required for:
- Building safety and compliance documentation
- Insurance and liability purposes
- Regulatory requirements for flood protection equipment
- Warranty and maintenance history
6.3 After Retention Period
When data reaches the end of its retention period, it will be:
- Securely deleted, or
- Anonymized for statistical purposes
7. Your Rights
7.1 GDPR Rights
Under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interest |
| Withdraw Consent | Withdraw consent at any time (where consent is the legal basis) |
| Automated Decisions | Not be subject to solely automated decision-making |
7.2 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: privacy@em-solutions.it
We will respond within 30 days. We may need to verify your identity before processing your request.
7.3 Limitations
Some rights may be limited where:
- We have a legal obligation to retain data
- Data is necessary for legal claims
- Exercising the right would adversely affect the rights of others
- There is an overriding legitimate interest
7.4 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. In Italy:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma
Website: www.garanteprivacy.it
8. Data Security
8.1 Technical Measures
We implement appropriate technical measures to protect your data:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for sensitive data
- Secure password hashing
- Role-based access controls
- Regular security updates and patches
- Secure API authentication
- Database isolation and access controls
8.2 Organizational Measures
- Employee training on data protection
- Access limited to authorized personnel
- Confidentiality agreements with staff and contractors
- Regular security assessments
- Incident response procedures
8.3 Data Breach Notification
In the event of a personal data breach that poses a risk to your rights, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected individuals without undue delay (where required)
- Document the breach and remedial actions taken
9. Cookies
We use cookies and similar technologies on the Platform. For detailed information, please see our Cookie Policy.
10. Children's Privacy
The Platform is designed for business use and is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.
11. Changes to This Policy
11.1 Updates
We may update this Privacy Policy from time to time. Material changes will be communicated through:
- Notice within the Platform
- Email to your registered address
- Requirement to re-accept the updated Policy
11.2 Version History
The current version of this Policy is indicated at the top of the document. Previous versions are available upon request.
12. Contact Us
For questions about this Privacy Policy or our data practices, contact:
EM Solutions S.r.l.
P.IVA: 01342300918
Italy
Privacy Inquiries: privacy@em-solutions.it
General Inquiries: info@poseidonconnect.com
13. Additional Information for Specific Processing Activities
13.1 Digital Signatures
Digital signatures collected during interventions:
- Are processed to create legally valid maintenance documentation
- Contain signature image data and metadata (signatory name, timestamp)
- Are retained for 10 years as part of intervention records
13.2 Checklist Photos
Photos taken during inspections:
- Document the physical condition of installations and barriers
- May contain incidental personal data (persons in background)
- Are stored securely with access restricted to authorized users
- Are retained for 10 years as evidence of inspection conditions
13.3 GPS/Location Data
GPS coordinates:
- Are collected for installation addresses only
- Enable location-based features (maps, navigation to sites)
- Are not used for tracking user movements
- Can be updated or removed by authorized users