EU Data Act
Data Holder
Solution Tech S.r.l, Via Vittorio Veneto 1/C - 38086 Rovereto (TN) - E-mail: info@solutiontech.tech
Data Act Compliance Statement (EU Regulation 2023/2854)
In compliance with the obligations set forth by Regulation (EU) 2023/2854 of the European Parliament and of the Council, concerning harmonized rules on fair access to and use of data, our company ensures maximum transparency regarding the data generated by the use of our connected products (IoT) and related digital services (mobile and web applications).
This statement describes user rights and the technical and operational methods we implement to ensure full compliance with European regulations.
1. Pre-contractual Information on Data Use
In accordance with Article 3 of the Data Act, prior to concluding any contract for the purchase, rental, or use of one of our connected products or related services, users receive clear and accessible information regarding the generated data.
The privacy policy outlines the data collected and processed and explains the reasoning why such data is processed and/or collected. The privacy policy also points to this document in which a detailed view of the data is provided.
The following table provides a structured overview of the data and its lifecycle.
| Data Category | Specific Data Field | App Access | Retention | Deletion | |
|---|---|---|---|---|---|
| User Profile & Account | First Name | ✅ | Indefinitely until account deletion | Immediate after user deletion | |
| User Profile & Account | Last Name | ✅ | Indefinitely until account deletion | Immediate after user deletion | |
| User Profile & Account | Email Address | ✅ | Indefinitely until account deletion | Immediate after user deletion | |
| User Profile & Account | Password hash | Not exposed for security reasons | Indefinitely until account deletion | Immediate after user deletion | |
| User Diagnostics | Login Source | Internal diagnostic field | Indefinitely until account deletion | Immediate after user deletion | |
| User Diagnostics | Registration Date | Internal diagnostic field | Indefinitely until account deletion | Immediate after user deletion | |
| Smart Home Structure | Home Information (name) | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Smart Home Structure | Rooms (name and ordering preference) | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Smart Home Structure | Calendars (calendars and presets) | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Smart Home Structure | Device Configuration (name and room assignment) | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Smart Home Structure | Timezone | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Device Hardware Metadata | MAC Address | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Device Hardware Metadata | Node ID | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Device Hardware Metadata | Product Type | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Device Hardware Metadata | Manufacturer ID | Manufactures have different apps | Indefinitely until account deletion | Immediate after user/house deletion | |
| Device Hardware Metadata | Firmware Version | ✅ | Indefinitely until account deletion | Immediate after user/house deletion | |
| Device Hardware Metadata | Hardware (HW) Version | Internal diagnostic field | Indefinitely until account deletion | Immediate after user/house deletion | |
| Live Device Telemetry | System State | ✅ | Real-time only; not stored on servers | Not retained (ephemeral) | N/A |
| Network & Diagnostics | IP Addresses (in logs) | Server-side logs only | Rotated every 2 months | Automatic after rotation | |
| Infrastructure Backups | Full Database / System Backups | Server-side only | Rolling backups | Purged every 6 months | |
| App Analytics | Firebase Usage Metrics | Operational metrics only | 60 days | Automatic after retention period |
2. User’s Right to Access Data
Pursuant to Article 4 of the Data Act, users have the right to access and use all data generated by the use of their connected product free of charge, continuously and, where technically feasible, in real time.
If direct access is not natively integrated into the product or application interface, users can initiate a formal request procedure:
- Request Method: Users can submit a specific request via email to info@solutiontech.tech.
- Processing Time: Feedback and data delivery occur without undue delay and in any case within a maximum period of 30 days from receipt of the request.
- Data Format: To ensure maximum interoperability, data is extracted and delivered in a structured, commonly used, and machine-readable format (standard JSON or CSV).
- Gratuity: Exercising the right of access and extracting the data generated by the product does not involve any cost for the final user.
Legal Limitations: The right of access is strictly limited to data generated by the actual use of the product by the requesting user. The manufacturer’s or the Data Holder’s trade secrets, proprietary software source code, and data belonging to other users are strictly excluded from the scope of extraction.
3. Data Sharing with Third Parties upon User Request
Article 5 of the Data Act grants users the right to request that data generated by the connected product be made available to a third party.
While the data access must be free for the end-user (the consumer), the Data Holder is legally entitled to request reasonable compensation from the third-party recipient for making data available to them.
The sharing process follows strict rules to protect the security and privacy of our users and the data generated by their devices:
- User Initiative: Sharing occurs exclusively upon the user’s explicit mandate, who must formally authorize the Data Holder, indicating the specific data to be transferred and the identity of the third-party recipient.
- Third-party Vetting: In order to guarantee privacny and security standards third-party data recipients will have to perform a vetting process to ensure they meet quality standards.
- Obligations of the Third-Party Recipient: In accordance with Article 6 of the Data Act, the third party receiving the data is legally bound to use it exclusively for the purposes and under the conditions agreed with the user. They are expressly prohibited from transferring such data to further third parties or using it to develop a competing product.
- Traceability: Every data export flow to authorized third parties is appropriately recorded in the system logs to ensure maximum accountability and auditability of the transfer processes.
4. Contractual Basis and Limits on the Use of Non-Personal Data
Our use of non-personal data (anonymized technical information, aggregated hardware operating metrics) generated by the product is strictly regulated within the Privacy Policy accepted by the user.
5. Cloud Infrastructure Localization and Security Standards
To further guarantee European digital sovereignty and the security of the processed data, our technological architecture adopts the following standards.
Geographical Localization (Data Residency)
All data collected from IoT devices and European users’ applications is routed, processed, and stored exclusively within data centers located in the European Economic Area (EEA).
Certifications and Guarantees of Sub-processors
The cloud infrastructure partners chosen to deliver our digital services are selected according to strict criteria and hold the following enterprise-level credentials:
- ISO/IEC 27001 Certification: International standard for information security management.
- Contractual Guarantees: Strict bindings that prevent unlawful or unauthorized cross-border transfer of data to third countries outside the EEA, in the absence of the safeguards provided for by Chapter V of the GDPR and European Union adequacy decisions.
For any clarification regarding our company’s compliance with the Data Act Regulation or to exercise your data access and portability rights, you can contact info@solutiontech.tech.