|All products

Privacy Policy

Last updated: June 2026

1. Data Controller

Rocket Milano Srl Via Achille Grandi 1, 20060, Trucazzano (MI), Italy VAT: IT05846260965 Email: info@rocket-espresso.com

2. Data processed and purposes

2.1 Browsing data – non-registered visitors

This platform uses Umami, a self-hosted, cookieless analytics tool. Umami does not install any cookies on the user's device and does not use persistent identifiers across sessions. The following information is collected in anonymous and aggregated form: • Pages visited and visit duration • Browser type and operating system (generic) • Country of origin (derived from IP address, which is not stored) • Traffic source (referrer) Data is anonymous, cannot be used to identify individual visitors, and is stored exclusively on the Controller's own servers.

2.2 Technical cookies

This platform uses only strictly necessary technical cookies required for the service to function. No profiling, marketing or third-party tracking cookies are used. Cookies in use: authjs.session-token — Maintains the authentication session for logged-in users. Duration: end of session or 30 days. Legal basis: performance of a contract (Art. 6(1)(b) GDPR). NEXT_LOCALE — Stores the language preference selected by the user. Duration: 1 year. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

2.3 Registered user data

For users with accounts (dealers, distributors, administrators), the following data is processed: • First and last name • Email address • Password (stored in encrypted form using the bcrypt algorithm — unreadable by anyone, including the Controller) • Registration date This data is provided by the user themselves or by a platform administrator when creating the account.

3. Legal basis for processing

• Session cookie: performance of a contract or requested service (Art. 6(1)(b) GDPR) • Language cookie: legitimate interest of the Controller (Art. 6(1)(f) GDPR) • Umami analytics: legitimate interest of the Controller (Art. 6(1)(f) GDPR) — data is anonymous, aggregated and non-intrusive • Account data: performance of a contract (Art. 6(1)(b) GDPR)

4. Retention

• Umami analytics data: retained in aggregated, anonymous form on the Controller's servers. • Session cookie: deleted at end of session or after 30 days. • Language cookie: deleted after 1 year or upon manual deletion by the user. • Account data: retained for the duration of the relationship and for the following 10 years in accordance with legal obligations. Upon a deletion request, data is removed within 30 days unless overriding retention obligations apply.

5. Disclosure to third parties

Personal data is not sold, shared or disclosed to third parties for marketing or profiling purposes. The platform is entirely self-hosted: no third-party cloud services are used for analytics, advertising or tracking. Data remains on the Controller's own servers. Data may be disclosed to third parties only as required by law (e.g. competent authorities upon a reasoned request).

6. Your rights

Under Articles 15–22 of the GDPR, you have the right to: • Access your personal data (Art. 15) • Rectify any inaccuracies (Art. 16) • Request erasure — "right to be forgotten" (Art. 17) • Restrict processing (Art. 18) • Receive your data in a portable format (Art. 20) • Object to processing based on legitimate interest (Art. 21) To exercise your rights, please write to: [privacy@rocket-espresso.com] You also have the right to lodge a complaint with the competent supervisory authority. In Italy: Garante per la Protezione dei Dati Personali — www.garanteprivacy.it

7. Changes to this policy

The Controller reserves the right to update this privacy policy to reflect regulatory or operational changes. Updates will be published on this page with a revised date. We recommend checking this page periodically.