Corporate Governance Documents

Privacy Policy

Code of Business Conduct & Ethics ESG & Sustainability Statement ESG & Corporate Governance Statement
Effective date 01.03.2026
Company FluidCore Systems™
Website fluidcoresystems.com
Privacy Policy 01 FluidCore Systems™

Effective Date: 01.03.2026

Rockart Inc., a corporation incorporated in the State of Delaware, United States, acts as the Data Controller for purposes of applicable data protection laws unless otherwise specified in this Policy.

Operated by Rockart Inc., a corporation incorporated in the State of Delaware, United States.

Privacy Policy 02 Introduction

This Privacy Policy explains how personal data is collected, used, processed, stored, and protected in connection with:

  • The website fluidcoresystems.com
  • FluidCore Systems™ equipment and dispensing devices
  • Associated software, cloud infrastructure, and analytics platform
  • Partner dashboards, APIs, and system integrрations

FluidCore Systems™ is developed under the intellectual property ownership of Rockart Inc. Operational, software, and technical components may be provided under licensing and authorized partnership structures.

Privacy Policy 03 Scope

This Privacy Policy applies to:

  • Website visitors
  • Business partners, distributors, and franchise operators
  • Authorized system users and administrators
  • End users interacting with FluidCore Systems™ equipment
  • Individuals whose data is processed through the platform or related services

This Policy governs personal data processed directly by Rockart Inc. or through authorized service providers acting on its behalf.

Privacy Policy 04 Categories of Data Collected

FluidCore Systems™ may process the following categories of data depending on the context of interaction:

2.1 Website Data

When visiting fluidcoresystems.com, we may collect:

  • Name
  • Email address
  • Company name
  • Phone number
  • IP address
  • Browser type and device information
  • Cookie and analytics data

This information is collected for communication, security, analytics, and business engagement purposes.

2.1 Equipment Interaction Data

When a user interacts with a FluidCore Systems™ unit, the system may record:

  • Transaction date and time
  • Location (machine-level, not precise personal geolocation)
  • Product SKU and dispensed volume
  • Machine identification number
  • Operational and diagnostic logs
  • Serial number and batch references for traceability

This data is primarily technical and operational in nature.

2.3 Digital Identification Data (If Enabled)

Where enabled by the brand, operator, or loyalty program, the system may process:

  • Phone number (for one-time password verification)
  • Mobile application identifier
  • CRM or customer identifier
  • Loyalty program identifier
  • Encrypted transaction tokens

Digital identification features are optional and subject to configuration by the operator or brand partner.

FluidCore Systems™ does not store full payment card numbers.

2.4 Payment Data

Payments are processed through PCI-DSS compliant third-party acquiring banks or payment processors.

FluidCore Systems™:

  • Does not store raw cardholder data
  • Does not retain CVV codes
  • Does not process full payment credentials internally

Payment processing is governed by the privacy and security standards of the respective payment provider.

2.5 Partner and Operator Data

For authorized partners and operators, we may process:

  • Account credentials
  • Role-based access permissions
  • API keys and integration credentials
  • Operational analytics and dashboard data

Access to such data is controlled through secure authentication and authorization mechanisms.

Privacy Policy 05 Purpose of Processing

Personal data and technical data may be processed for the following purposes:

  • Execution and validation of transactions
  • Product traceability and anti-counterfeit protection
  • Operational monitoring, diagnostics, and predictive maintenance
  • Performance analytics and reporting
  • Integration with ERP, SAP, CRM, and authorized partner systems
  • Service improvement and system optimization
  • Compliance with applicable legal and regulatory requirements
  • Fraud detection and prevention
  • Cybersecurity and platform integrity protection

Data is processed solely for legitimate business, operational, and regulatory purposes in accordance with applicable data protection laws.

Privacy Policy 06 Legal Basis (Where Applicable)

Depending on the jurisdiction and context of processing, personal data may be processed on the basis of:

  • Performance of a contract
  • Legitimate business interests
  • Compliance with legal or regulatory obligations
  • User consent (where required)
  • Public interest or regulatory compliance requirements

For users located in the European Union or the United Kingdom, personal data is processed in accordance with the principles of the General Data Protection Regulation (GDPR) and UK GDPR, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

Privacy Policy 07 Data Sharing

Personal and operational data may be shared with:

  • Authorized distributors and franchise partners
  • Brand owners operating FluidCore Systems™ units
  • Licensed operators and service providers
  • Cloud hosting and infrastructure providers
  • Payment processors and acquiring banks
  • Authorized ERP, CRM, and API integration partners
  • Regulatory or governmental authorities where required by law

Data sharing is limited to what is necessary for operational, contractual, or legal purposes.

All partners and service providers are subject to appropriate contractual confidentiality, data protection, and security obligations consistent with applicable laws.

Privacy Policy 08 International Data Transfers

Personal and operational data may be transferred to and processed in jurisdictions outside the country of origin, including but not limited to:

  • United States
  • European Union
  • Middle East
  • Other regions where FluidCore Systems™ operates or maintains infrastructure

Where international transfers involve personal data originating from regulated jurisdictions (including the European Union or United Kingdom), appropriate safeguards are implemented, which may include:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions issued by competent authorities
  • Contractual data protection commitments
  • Technical and organizational security measures

All cross-border data transfers are conducted in accordance with applicable data protection laws.

Privacy Policy 09 Data Retention

Personal and operational data is retained only for as long as necessary to fulfill the purposes for which it was collected, including:

  • The duration required to provide services and operate the platform
  • Applicable regulatory or statutory retention periods
  • Dispute resolution, contractual enforcement, and legal defense
  • Anonymized or aggregated analytics and system improvement

Retention periods may vary depending on the type of data, jurisdiction, regulatory requirements, and contractual obligations.

Upon expiration of the applicable retention period, data is securely deleted, anonymized, or otherwise rendered inaccessible in accordance with industry-standard security practices.

Privacy Policy 010 Data Security

FluidCore Systems™ is designed and operated under an enterprise-grade cybersecurity architecture incorporating layered technical, organizational, and governance controls appropriate for industrial SaaS and connected infrastructure environments.

FluidCore Systems™ implements appropriate technical and organizational security measures designed to protect personal and operational data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Role-based access controls and authentication mechanisms
  • Secure cloud infrastructure with controlled access
  • Logical segregation of data environments
  • System monitoring and audit logging
  • PCI-DSS compliant payment processing (via certified third parties)
  • Documented incident response and security management procedures

Security measures are regularly reviewed and updated in accordance with industry standards and evolving cybersecurity best practices.

Specific security certifications, compliance standards, and audit frameworks may vary depending on the jurisdiction of deployment, contractual framework, and applicable regulatory environment (including but not limited to the United States, European Union, United Kingdom, Middle East, or other regions of operation).

Privacy Policy 011 User Rights (Where Applicable)

Depending on applicable data protection laws and jurisdiction, individuals may have the right to:

  • Access their personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data
  • Restrict or object to certain types of processing
  • Receive data in a portable format (data portability)
  • Withdraw consent where processing is based on consent

The exercise of these rights may be subject to legal or contractual limitations.

Requests relating to data protection rights may be submitted to:
privacy@fluidcoresystems.com

We will respond to such requests in accordance with applicable laws and within legally required timeframes.

California Privacy Rights (CCPA/CPRA)
California residents may have additional rights including:
– Right to know
– Right to delete
– Right to correct
– Right to opt-out of sale or sharing
– Right to limit use of sensitive personal information

Individuals located in the European Union or United Kingdom have the right to lodge a complaint with their competent supervisory authority.

Privacy Policy 012 Cookies

FluidCore Systems™ uses cookies and similar technologies for:

  • Website functionality and session management
  • Security and fraud prevention
  • Performance measurement and analytics
  • User preference and experience optimization

Where required by applicable law, non-essential cookies are activated only with user consent.

Detailed information regarding cookie categories, retention periods, and consent management is available in our Cookie Policy.

Privacy Policy 013 Automated Decision-Making

FluidCore Systems™ may use automated data processing and analytics for operational purposes, including:

  • Inventory forecasting and supply optimization
  • Transaction monitoring and anomaly detection
  • Fraud detection and risk assessment

These processes are designed to support operational efficiency and system integrity.

FluidCore Systems™ does not engage in automated decision-making that produces legal or similarly significant effects on individuals without appropriate human oversight and review, where required by applicable law.

Where Rockart Inc. processes personal data on behalf of enterprise customers, it acts as a Data Processor under applicable data protection laws.
Franchisees, partners, and independent brand operators may act as independent Data Controllers with respect to data collected within their own operational environments.

Data Processing Agreement (DPA)

Where Rockart Inc. acts as a Data Processor under applicable data protection laws, a separate Data Processing Agreement (DPA) is available upon request for enterprise customers. Such DPA shall govern the processing of personal data in accordance with GDPR, UK GDPR, and other applicable data protection regulations.

Privacy Policy 014 Children’s Data

FluidCore Systems™ is not directed to or intended for use by individuals under the age of 18, unless such use is authorized by a parent or legal guardian and permitted under applicable local laws.

We do not knowingly collect personal data from minors in violation of applicable data protection regulations.

If we become aware that personal data has been collected from a minor without appropriate authorization, we will take reasonable steps to delete such data in accordance with applicable law.

Privacy Policy 015 Changes to This Policy

Rockart Inc. reserves the right to update or modify this Privacy Policy at any time to reflect changes in legal requirements, operational practices, or technological developments.

Any updates will be published on this website with a revised Effective Date.

Where required by applicable law, material changes may be communicated through additional notice or renewed consent mechanisms.

Privacy Policy 016 Contact

For privacy-related inquiries, data protection requests, or regulatory matters, please contact:

Rockart Inc.
A corporation incorporated in the State of Delaware, United States

Registered Address:
501 Silverside Road, Suite 105
Wilmington, Delaware 19809
United States of America

Email: privacy@fluidcoresystems.com

European Union / United Kingdom Representative (If Applicable)
Where required under Article 27 of the General Data Protection Regulation (GDPR) or UK GDPR, Rockart Inc. may appoint a designated representative within the European Union and/or the United Kingdom.
If such representative is appointed, the contact details will be published on this website and incorporated into this Privacy Policy.

All privacy-related requests will be reviewed and handled in accordance with applicable data protection laws and corporate governance standards.

Data Protection Officer (if appointed):
Contact details will be published where required by applicable law.

All documents are governed by the laws of the State of Delaware, United States of America, unless otherwise required by applicable law. Information provided on this website is for informational purposes only and does not constitute a public offer, solicitation, or investment recommendation.