Privacy Policy & Cookies

Date of publication: 18 December 2025

§1. Definitions

Words used in this Privacy Policy shall be understood as follows:

  • ROLMEX – Rolmex Misiuda Sp. z o.o. with its registered office in Kielce, ul. Ściegiennego 264C, 25-116 Kielce, Poland, entered in the register of entrepreneurs of the National Court Register kept by the District Court in Kielce, X Commercial Division of the National Court Register, under KRS number: 0001212930, share capital 5,000.00 PLN paid in full, NIP: PL6573003890, REGON: 543552489.
  • Service – the website operated by ROLMEX at www.rolmexmisiuda.com.
  • Services – all services provided electronically by ROLMEX to Users on the basis of this Privacy Policy.
  • User – any natural person, legal person, or unincorporated entity with legal capacity using the functionalities of the Service or Services.
  • Personal Data – information relating to an identified or identifiable natural person within the meaning of Article 4(1) GDPR.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Cookies – small text files saved on the User’s end device when using the Service.
  • Controller – Rolmex Misiuda Sp. z o.o. (ROLMEX).

§2. General provisions

  1. The Controller of your personal data is Rolmex Misiuda Sp. z o.o., with its registered office in Kielce, ul. Ściegiennego 264C, 25-116 Kielce, Poland, NIP: PL6573003890, KRS: 0001212930, REGON: 543552489, share capital: 5,000.00 PLN.
  2. ROLMEX has appointed a Data Protection Officer (DPO), Karolina Radzińska. Contact details:
    • email: k.radzinska@rolmexmisiuda.com
    • postal address: Rolmex Misiuda Sp. z o.o., ul. Ściegiennego 264C, 25-116 Kielce, Poland (with the note “DPO”)
  3. The Controller ensures the transparency of data processing, in particular always informing data subjects about the processing at the time data is collected, including the purpose and legal basis. Data is collected only to the extent necessary for the indicated purpose and processed only for the period in which it is necessary.
  4. The Controller takes every effort to ensure the protection of personal data in accordance with the GDPR and national data protection laws.

§3. Collection and processing of personal data

3.1. Purposes and legal bases of processing

The Controller processes Users’ personal data for the following purposes:

a) on the basis of consent given (Article 6(1)(a) GDPR):

  • for marketing activities using analytical and marketing cookies (Google Analytics 4, Google Ads, Meta Pixel),
  • for profiling and displaying personalised advertising on Google and Meta advertising networks,
  • for other activities for which the User has given consent.

b) for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR):

  • handling enquiries submitted via the contact form,
  • presenting the commercial offer,
  • conducting commercial correspondence relating to ROLMEX products.

c) on the basis of a legal obligation incumbent on the Controller (Article 6(1)(c) GDPR):

  • fulfilling tax and accounting obligations,
  • providing data to authorised public authorities upon their lawful request.

d) on the basis of the legitimate interests pursued by the Controller (Article 6(1)(f) GDPR):

  • establishment, exercise or defence of legal claims,
  • direct marketing of ROLMEX’s own products and services to existing customers,
  • statistical analysis of Service usage,
  • ensuring IT security of the Service.

3.2. Categories of personal data

The Controller may process the following categories of personal data:

  • identification data (first name, surname, company name),
  • contact data (email address, telephone number, postal address),
  • data relating to commercial correspondence,
  • technical data (IP address, browser type, operating system),
  • data collected via cookies and similar technologies.

3.3. Period of data storage

Personal data is stored:

  • for the duration of the contract and for the limitation period for claims arising from it (typically 6 years),
  • in the case of marketing data – until consent is withdrawn,
  • in the case of accounting documentation – for 5 years from the end of the tax year,
  • in the case of cookies – for the periods indicated in the cookie table below.

§4. Recipients of personal data

Personal data may be transferred to the following categories of recipients:

  • entities providing IT, hosting and email services (data processors under Article 28 GDPR),
  • providers of analytical and marketing tools (Google LLC – Analytics, Ads; Meta Platforms Ireland Ltd. – Pixel),
  • accounting offices and tax advisors,
  • law firms, debt collection companies (in the case of asserting claims),
  • authorised public authorities (upon legal request),
  • postal and courier operators (for shipment of correspondence and goods).

4.1. Transfer of data outside the EEA

Some of our service providers (in particular Google LLC and Meta Platforms, Inc.) are located in the United States. Data transfers to these recipients take place on the basis of:

  • EU-US Data Privacy Framework – the US adequacy decision adopted by the European Commission on 10 July 2023,
  • Standard Contractual Clauses approved by the European Commission, where the recipient is not certified under the DPF,
  • additional safeguards in accordance with EDPB recommendations.

§5. Data subject rights

In connection with the processing of personal data, the User has the following rights:

  1. Right of access (Article 15 GDPR) – obtain confirmation as to whether your personal data is being processed and access that data.
  2. Right to rectification (Article 16 GDPR) – have inaccurate personal data corrected.
  3. Right to erasure / “right to be forgotten” (Article 17 GDPR) – have your data erased in the cases specified in the GDPR.
  4. Right to restriction of processing (Article 18 GDPR) – request limitation of processing in defined situations.
  5. Right to data portability (Article 20 GDPR) – receive personal data in a structured, commonly used and machine-readable format.
  6. Right to object (Article 21 GDPR) – object at any time to processing based on the Controller’s legitimate interests, including profiling.
  7. Right to withdraw consent (Article 7(3) GDPR) – withdraw consent at any time, without affecting the lawfulness of processing carried out before such withdrawal.
  8. Right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland.

To exercise the above rights, please contact the DPO at: k.radzinska@rolmexmisiuda.com

§6. Cookies and similar technologies

6.1. What are cookies?

Cookies are small text files saved on the User’s end device (computer, tablet, smartphone) when visiting the Service. They allow Service operation, remembering preferences, traffic analysis and personalisation of advertising content.

6.2. Types of cookies used in the Service

a) Necessary cookies (do not require consent):

  • WordPress / WPML – session management, language version selection (storage period: session / 1 year),
  • Cookie Notice consent cookie – recording the User’s cookie preferences (storage period: 1 year),
  • WooCommerce – shopping cart functionality (where applicable, storage period: session).

b) Analytical cookies (require consent):

  • Google Analytics 4 (_ga, _ga_*) – traffic analysis, source of visits, user behaviour (storage period: up to 2 years),
  • Google Tag Manager – tag and event management (storage period: up to 2 years).

c) Marketing cookies (require consent):

  • Google Ads (_gcl_*, IDE, NID) – measurement of advertising campaign effectiveness, remarketing (storage period: up to 13 months),
  • Meta Pixel (Facebook) (_fbp, fr) – tracking conversions and remarketing in the Meta network (storage period: up to 90 days / 3 months).

6.3. Managing cookies

The User can manage cookies in the following ways:

  • via the cookie consent banner displayed when first visiting the Service,
  • via the browser settings (Chrome, Firefox, Safari, Edge, Opera),
  • via tools provided by the relevant suppliers (Google Ads Preferences, Meta Ads Preferences).

Disabling necessary cookies may affect the proper functioning of the Service.

§7. Final provisions

  1. This Privacy Policy enters into force on 18 December 2025.
  2. The Controller reserves the right to amend the Privacy Policy. Information on changes will be published in the Service.
  3. In matters not regulated by this Privacy Policy, the relevant provisions of the GDPR and Polish data protection law shall apply.
  4. Contact regarding the Privacy Policy: k.radzinska@rolmexmisiuda.com

Date of publication: 18 December 2025

Start typing and press enter to search