Privacy Policy
Last updated: July 4, 2026
This Privacy Policy explains how your personal data is collected and processed when you visit equiply.it or use the Equiply platform (the "Service"). It is provided under Articles 13 and 14 of Regulation (EU) 2016/679 (the "GDPR") and Italian Legislative Decree 196/2003 as amended ("Codice Privacy").
1. Who we are (Data Controller)
The data controller is:
- Maritime Ventures S.r.l. ("Equiply", "we", "us", "our")
- Via del Molo 65 A/R, 16128 Genova (GE), Italy
- VAT / Tax code (P.IVA / C.F.): 02955220997
- Email: hello@equiply.it
Equiply is the brand and product of Maritime Ventures S.r.l. Full company identification details are in our Legal Notice. We have not appointed a Data Protection Officer, as we are not required to under Article 37 GDPR; for any privacy matter, contact us at the email above.
2. Who this policy applies to
This policy applies to everyone whose personal data we process, including: seekers (businesses looking to rent, lease, or finance equipment), suppliers (businesses that list equipment), people who join our early-access / waitlist, and general website visitors.
3. What personal data we collect
3.1 Data you provide to us
- Account & profile: first name, last name, email address, password (stored only as a salted hash by our authentication provider), optional phone number, role (seeker / supplier / admin), and any profile image you upload.
- Company information: company name, VAT number, registration number, address, country, website, logo, description, and, for suppliers, fleet size, coverage areas, and year established.
- Quote requests: the equipment you are interested in, access model (rental / lease / hybrid), duration and dates, project location (address, city, country, and, if provided, approximate coordinates), delivery preferences, contact details you enter, and free-text notes.
- Supplier responses: messages, counter-offers, and terms you send in reply to requests.
- Saved equipment: items you bookmark.
- Early-access / waitlist submissions: first name, last name, email, company name, chosen role, the equipment or search terms you express interest in, and any message you write.
- Communications: the content of emails and messages you send us.
3.2 Data we collect automatically
- Technical and usage data: your IP address, browser and device type, and the pages you view. We use your IP address only transiently for security and abuse-prevention (rate limiting); it is stored in pseudonymised (hashed) form and automatically deleted shortly afterwards.
- Cookies and similar technologies: see our Cookie Policy. Analytics and other non-essential technologies are only used with your consent.
We do not intentionally collect special categories of data (Article 9 GDPR). Please do not include such data in free-text fields.
4. Why we use your data and our legal basis
| Purpose | Data used | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Create and operate your account; provide the marketplace | Account, profile, company | Performance of a contract — Art. 6(1)(b) |
| Handle quote requests and supplier responses; connect seekers and suppliers | Requests, responses, company | Performance of a contract — Art. 6(1)(b) |
| Process early-access / waitlist registrations | Waitlist data | Steps prior to a contract / consent — Art. 6(1)(b) / 6(1)(a) |
| Send service (transactional) emails such as confirmations | Contact details | Performance of a contract / legitimate interest — Art. 6(1)(b) / 6(1)(f) |
| Send follow-up and product updates to registrants | Contact details | Consent — Art. 6(1)(a) |
| Security, fraud prevention, rate limiting, keeping records of consent | Technical data, hashed IP, consent logs | Legitimate interest / legal obligation — Art. 6(1)(f) / 6(1)(c) |
| Usage analytics to improve the Service | Usage data via analytics tools | Consent — Art. 6(1)(a) |
| Comply with legal, accounting, and tax obligations | Account, transaction data | Legal obligation — Art. 6(1)(c) |
Where we rely on consent, you may withdraw it at any time (see Section 8) without affecting processing carried out before withdrawal. Where we rely on legitimate interest, you may object at any time.
5. Who we share your data with
We do not sell your personal data. We share it only with:
- Other platform users where necessary to provide the Service — for example, when a seeker submits a request, relevant details are shared with the matched supplier, and vice versa.
- Service providers (processors / sub-processors) who process data on our behalf under Article 28 GDPR data-processing agreements. The current list, with what each does and where, is on our Sub-processors page and summarised below:
- Supabase — database, authentication, and file storage (hosted in the EU, Frankfurt).
- Vercel — website hosting and privacy-friendly, cookieless analytics.
- IONOS — email delivery.
- Microsoft Clarity — usage analytics (only with your consent).
- Google — appointment scheduling, when you choose to book a call.
- Professional advisers, authorities, or acquirers where required by law, to establish or defend legal claims, or in connection with a business reorganisation.
6. International data transfers
Your personal data is primarily stored within the European Union (our database, authentication, and file storage are hosted in Frankfurt, Germany, and our email provider operates in the EU).
Some of our service providers are established in, or may process data in, the United States (for example Vercel, Microsoft, and Google). Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards under Chapter V GDPR — principally the European Commission's Standard Contractual Clauses and, where applicable, the provider's certification under the EU–US Data Privacy Framework. You may request a copy of the safeguards in place by contacting us.
7. How long we keep your data
| Data | Retention |
|---|---|
| Account & company data | For as long as your account is active, then deleted or anonymised within a reasonable period after closure (subject to legal retention below) |
| Requests, responses, transaction records | For the duration of the relationship and as required for legal/accounting obligations (generally up to 10 years for tax-relevant records) |
| Early-access / waitlist data | Until you are onboarded or you ask us to delete it, and in any case no longer than 24 months from last contact |
| Outbound email records | The rendered content is deleted shortly after sending; minimal metadata is kept briefly for delivery auditing |
| Hashed IP / rate-limit data | Automatically deleted within about 24 hours |
| Consent records | Kept as proof of consent for as long as the consent is relied upon and for a reasonable period afterwards |
8. Your rights
Under the GDPR you have the right to: access your data; rectify inaccurate data; request erasure; restrict or object to processing; obtain your data in a portable format (data portability); and withdraw consent at any time.
You can exercise several of these directly:
- Access / export: signed-in users can download their data from Dashboard → Settings.
- Erasure: signed-in users can delete their account from Dashboard → Settings.
- Cookie choices: change or withdraw consent anytime via the "Cookie settings" link in the site footer (see the Cookie Policy).
For any request — including if you are not a registered user — email hello@equiply.it. We will respond within one month (extendable by two further months for complex requests). We may need to verify your identity first.
You also have the right to lodge a complaint with a supervisory authority, in particular the Italian Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma; garante@gpdp.it; www.garanteprivacy.it), or the authority in your country of residence.
9. How we protect your data
We use encryption in transit (HTTPS/TLS), database row-level security to isolate each tenant's data, role-based access controls, password hashing handled by our authentication provider, pseudonymisation of IP addresses, and a Content-Security-Policy and other security headers. We regularly review our security practices.
10. Automated decision-making
We do not carry out automated decision-making that produces legal or similarly significant effects, nor profiling of that kind, within the meaning of Article 22 GDPR.
11. Children
The Service is intended for businesses and is not directed at children. We do not knowingly collect personal data from anyone under 18.
12. Changes to this policy
We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you. Where changes affect cookies or consent-based processing, we will ask for your consent again.
13. Contact
Questions about this policy or your data? Email hello@equiply.it or write to Maritime Ventures S.r.l., Via del Molo 65 A/R, 16128 Genova (GE), Italy.