Privacy Policy - Bista Standard
Big Standard

Personal data protection documentation
Bista Standard Sp. z o. o
Document number: 10.16.
Document version: 01.2020

Privacy policy of the WWW.BISTA.PL website

The privacy policy defines the rights and obligations of the parties to the service provided electronically via the telecommunications network. The Policy is developed to fulfil the obligation specified in art. 8 sec. 1 point 1 of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2019, item 123, as amended).


Table of Contents:
Privacy policy of the WWW.BISTA.PL website 
I. Definitions. 
II. Legal nature of the Website. 
III. Types and scope of providing electronic services. 
IV. Technical requirements for the provision of services. 
V. Terms for concluding and terminating contracts for the provision of electronic services.  
A. Terms and procedure of registration on the Website. 
B. Contact forms. 
C. Social plugins. 
D. Cookies and similar technologies. 
VI. Risks related to the provision of services and data security. 
VII. Data processing in connection with the use of the Website. 
VIII. Copyright and related rights. 
IX. Complaints procedure. 
X. Final provisions.  

I. Definitions.
1. Admin - the administrator of personal data collected via the www.bista.pl website is Bista Standard Sp. z o. o. based in in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz, which is also a Service Provider within the meaning of the Act on the provision of electronic services.
2. Personal data - – all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier, and information collected via files cookie and other similar technology.
3. Password - a string of characters required to log into the Account.
4. Account - a set of the Administrator's teleinformatic resources marked with an individual name (login) and password, in which the necessary User data provided during registration as well as information about the service are collected. The account enables the User to use the full content of the Website provided by the Administrator – the Product Page of the Website.
5. login - User's e-mail address provided during registration, which is necessary to access the Account.
6. Policy - this Privacy Policy of the www.bista.pl website.
7. Product - tthe product presented through the service of access to the full content of the Website (the Product Page website), the description of which is available to registered Users.
8. Registration - the process of setting up an account by the User on the Website, involving the provision of their personal data using the registration form.
9. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
10. Service - website run by the Administrator at http://www.bista.pl.
11. Product page - a webpage on the Website which provides information about the Products.
12. Agreement - an agreement for the provision of electronic services, concluded between the Administrator
and the User, the subject of which is the provision of the service of running the Website.
13. Act on the provision of electronic services - Act of 18 July 2002 on the provision of electronic services (ie Journal of Laws of 2020, item 344).
14. End user’s device - end user’s telecommunications device as defined in Art. 2 point 43 of the Act – Telecommunications Law (Journal of Laws of 2019, item 2460), intended to be connected directly or indirectly to network terminals, i.e. phones, tablets, computers, etc.
15. Unregistered User - an adult natural person visiting the Website or using one or more of the Website's functionalities that do not require registration on the Website.
16. Registered User - an adult natural person visiting the Website or using one or more Website functionalities requiring registration on the Website, authorized to act on behalf of an entity involved in the production, distribution, or trade of tobacco products, electronic cigarettes, spare containers, or tobacco accessories.


II. Legal nature of the Website.
1. The website is run by the Administrator and is their property.
2. Due to its product-related content, the www.bista.pl website is intended only for information and commercial purposes between entities involved in the production, distribution, and trade of tobacco products, electronic cigarettes, spare containers, or tobacco accessories and is intended only for adults with full legal capacity. only for adultswith full legal capacity.
3. Before using the Website, the User is obliged to read this Policy.
4. The User undertakes to comply with the provisions of this Policy.
5. The User is obliged to provide their current data necessary for proper use of the Website, in particular, they are obliged to provide their current data in the contact and registration forms, and to update it in the event of data changes.
from the Website, in particular, it is obliged to provide its current data in the contact and registration forms, and in the event of data changes, to update them.
6. Information posted on the Website does not constitute an offer within the meaning of Art. 66 (1) of the Civil Code, and serve only as commercial information.
7. This Policy is always available on the www.bista.pl website in a way that enables its acquisition, displaying, and recording of its content by printing or saving on a recordable media at any time.


III. Types and scope of providing electronic services.
The Administrator provides the following types of services on the Website:
     1) "Access to publications" – a service of free access to information and materials collected on the Website, consisting in the delivery of digital content via the Website which allows it to be viewed, read, selected, or printed by Users;
on the Website, consisting in the delivery of digital content via the Website, which allows them to be viewed, read, selected or printed by Users;
     2)Access to the full content of the Website" – a service of free access to information about the Administrator's products, available only to entities involved in the production, distribution, and trade of tobacco products, electronic cigarettes, spare containers, or tobacco accessories and after registration on the Website;
     3) communication with the Administrator via the contact forms available on the Website to achieve the goals set out therein.


IV. Technical requirements for the provision of services.
1. T. Requirements for using the Website:
     1) a device with Internet access with properly installed, configured, and up-do-date web browser with appropriate cookies settings;
and the current version of the web browser with an appropriately set "cookie" option;
     2) an active e-mail account (e-mail address) in the case of using certain web forms (e.g. contact form, registration form).
2. IIn the case of using the Website via a tablet, phone, or other mobile device, some functionalities of the Website may not work properly or not at all, and the use of some electronic services provided on the Website may be impossible or impeded.
3. The Administrator makes every effort to ensure the proper functioning of the Website and individual services available on the Website, but is not responsible for any interruptions in the functioning of the Website or the services available on it, in the event of technical problems beyond its control.
4.The Service Provider reserves the right to temporarily disable the entirety or part of the Website in connection with technical breaks, as well as to introduce new functional solutions, including those improving the level of security and quality of the Website.


V. Terms for concluding and terminating contracts for the provision of electronic services.
1. Using the Website shall be deemed to constitute the conclusion of a contract for the provision of electronic services. The contract is concluded when the User performs any activities on the Website.
2. The contract for the provision of services that do not require registration on the Website is terminated when the Customer ceases to use the Website.
3. The contract for the provision of services that require registration on the Website is terminated when the resignation form is sent or the request to delete the Account is sent to the e-mail address: biuro@bista.pl.
4. The Administrator is entitled to immediately terminate the contract for the provision of services and to block access to the Account or to delete the User Account used in an illegal manner or in breach of the provisions of this Policy required for registration on the Website.
with the law or the provisions of this Policy requiring registration on the Website.
5. The Administrator may refuse to provide a service that requires registration on the Website and delete the User Account, if it was re-established after the Administrator terminated the contract and the Account was removed from the Website due to the User's breach of the law or the provisions of this Policy.
6. TThe Administrator reserves the right to close the Website or resign from providing access to the Product Page without providing justification.


A. Terms and procedure of registration on the Website.
1. In order to access the full content of the Website (access to the Product Page website), the User is obliged to create an Account on the Website. Unregistered Users are not able to view the full version of the Website.
2. Access to the full content of the Website (the Product Page website) may only be used by Users who meet the following conditions jointly:
     1) are over 18 years of age and have full legal capacity;
     2) are entities involved in the production, distribution, and trade of tobacco products, electronic cigarettes, spare containers, or tobacco accessories, or are employees or other persons authorized to act on behalf of the abovementioned entities and using the Website only to obtain information used for commercial purposes, referred to in the Act of November 9, 1995 on the protection of health against the consequences of using tobacco and tobacco products (i.e. Journal of Laws of 2019, item 2182 with as amended).
3. Registration on the Website is free and consists in filling in the registration form.
4. Registration on the www.bista.pl website is voluntary and possible only after the person logging-in confirms that they are of legal age and that they are engaged in activities related to the production, distribution, or trade of tobacco products, electronic cigarettes, spare containers, or tobacco accessories.
5. Data required in the registration process include:
     1) first and last names;
     2) e-mail address,
which are necessary for the provision of electronic services due to the way the ICT system functions for the provision of electronic services and the nature of the service.
6. The User is obliged to provide true data and to make truthful statements during the registration procedure.
7. In order to secure access to the User's account, a Password is required.
8. After registration in the ICT system, the Administrator creates an Account for the User. The account is available after logging in with a Password. The User may change the data provided during registration at any time.
9. The Account and Login created during the registration process on the Website are individual and are assigned to only one person. The User may have many individual Accounts with different Logins and Passwords
10. The Account may be used only by one person indicated in the registration process. Using the Account by more than one person or providing access data to the Account to a person other than the one indicated in point. 2 is a violation of the Privacy Policy.
11. During registration, the User may also consent to receive commercial information from the Administrator to the e-mail address provided in the registration process. The consent in this regard is voluntary and registration on the Website is not dependent on it.
12. The User may resign from the option of receiving commercial information from the Administrator (withdraw the consent granted) at any time by sending an appropriate request to the e-mail address: biuro@bista.pl, while the withdrawal of consent will not affect the legal grounds for processing personal data before its withdrawal.
13. The User may at any time resign from keeping the Account without providing any reasons.
14. The resignation is made by filling in and sending the resignation form or sending the request to delete the Account to the following address: biuro@bista.pl.
15. The Administrator immediately deletes the Account upon receiving the resignation form for the account or the request to delete the data.
16. SSubmitting the resignation form for the Account on the Website shall be deemed to constitute a termination of the contract for the provision of electronic services.


B. Contact forms.
The Administrator provides the possibility of contacting them using electronic contact forms available on the Website. Using the form requires providing personal data including first and last names, e-mail address, and the message, which is necessary for contacting the person who sends the query to the Administrator and for answering the query. Providing data marked as mandatory is required to identify the sender and to accept and handle the inquiry, and failure to provide this data results in the inability to handle the inquiry. Providing other data, i.e. telephone number, is voluntary.
in terms of name and surname, e-mail address, message content, which are necessary to contact the person who sends the query to the Administrator and to answer it. Providing data marked as mandatory is required to identify the sender and to accept and handle the inquiry,
and failure to provide them results in the inability to handle the inquiry. Providing other data, i.e. telephone number, is voluntary.


C. Social plugins.
On the Website, the Administrator places the so-called "Social plugins" of social networks, such as Instagram, LinkedIn, YouTube. When the User visits the www.bista.pl website, the plug-ins are deactivated, which means no data is transferred to the administrators of these websites. Only the User's action through clicking on the appropriate social "plugin" causes a direct connection to the server of the administrators of these portals.
If the User of the www.bista.pl Website has a user account on these portals and is logged in at the time of activating the social plug, the administrators of these portals may assign a visit to the www.bista.pl Website to their user account in accordance with their Policy privacy. The User can avoid this by logging out of social networking sites before activating the social "plugin" on the www.bista.pl Website.


D. Cookies and similar technologies.
1. "Cookies" are small text files installed on the User's computer or other mobile device (laptop, phone, tablet, etc.) when browsing websites. "Cookies" collect information that facilitate the use of the website (e.g. by remembering the User's visits and ensuring that the display of the website is appropriate to their preferences).
and appropriate display of the website to his preferences).
2. "Cookies" are not used by the Administrator to collect information that directly identifies a specific User (such as first and last names).
3. We use the so-called "Service cookies" that are necessary for the proper operation of the Website
and ensuring safety and improving the quality of services provided by electronic means, in particular:
     1) adapting the content of the Website pages to the User's preferences and optimizing the use of websites; in particular, these files allow for recognition of the Website User's device and for ensuring that the Website is displayed properly and tailored to the User’s individual needs, e.g. the preferred language, font size and other such settings that facilitate use of the Website;
     2) maintaining the Website User's session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage of the website;
     3) session "cookies" of multimedia players (e.g. "cookies" of a flash player), for the duration of the session;
4. "cookies" used to ensure security, e.g. used to detect authentication fraud;
     1) "cookies" with data entered by the User (session ID) for the duration of the session;
     2) authentication cookies used for services that require authentication for the duration of the session;
     3) session "cookies" of multimedia players (eg "cookies" of a flash player), for the duration of the session;
     4) "cookies" used to ensure security, eg used to detect abuse
in the field of authentication;
     5) persistent "cookies" for personalizing the User interface, for the duration of the session or a little longer.
5. The right to store and access "cookies" results from the consent of the Website User. This consent is expressed by the User when configuring the web browser or the selected website or service.
6. The User may at any time remove or block the creation of "cookies" using the appropriate mechanisms built into each web browser. Withdrawal of consent to the use of "cookies" is possible through the browser settings. Detailed information on this can be found at the following links:
• Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
• Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
• Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
• Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
• Safari: https://support.apple.com/kb/PH5042?locale=en-GB
7. The administrator informs that restrictions on the use of "cookies" may affect some of the functionalities available on the Website.


VI. Risks related to the provision of services and data security.
1. The systems and applications used by the Administrator ensure a high standard of security and protection of personal data.
2. However, the user should be aware that the use of the Website requires the use of a public telecommunications network (the Internet), which is associated with an increased risk of threats resulting from
the use of the Website.
3. . The Administrator informs that the use of electronic services may involve the risk of introducing malicious software into the User's ICT system as well as the risk of their data being obtained and modified by unauthorized persons. To avoid these risk the User should use appropriate technical measures that will minimize their occurrence, in particular anti-virus software and a firewall.
with the risk of introducing malicious software into the User's ICT system as well as obtaining and modifying his data by unauthorized persons. To avoid the risk of threats, the User should use appropriate technical measures that will minimize their occurrence, in particular anti-virus programs and a firewall.
4. On the pages of the Website, banners and links to other websites may appear. By using such a banner or link, the User is transferred to a website belonging to another service provider. The Administrator is not responsible for the privacy policies of these websites. We encourage the User to read the privacy policy and regulations there after switching to other websites.


VII. Data processing in connection with the use of the Website.
In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website. The detailed rules and purposes of processing personal data collected during the use of the Website by the User are described below.
Who is the administrator of personal data.
The administrator of personal data is Bista Standard Sp. z o. o. based in Bydgoszcz, ul. Smoleńska 29, XNUMX-XNUMX Bydgoszcz.
85-871 Bydgoszcz.
How can you contact us?
You can contact the Administrator:
• by post at the following address: Bista Standard Sp. z o. o. in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz;
• by e-mail: biuro@bista.pl.
Data Protection Officer.
We have appointed a Data Protection Officer (Kinga Hoffmann), whom you can contact:
• by post at the following address: Bista Standard Sp. z o. o. in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz;
• by e-mail: biuro@bista.pl.
You can contact the Data Protection Officer in all matters relating to the processing of your personal data by Bista Standard and the exercise of rights related to their processing.


Purposes and legal grounds for data processing on the Website.
     a) Using the Website.
Personal data of all persons using the Website (including IP address or other identifiers and information collected via "cookies" or other similar technologies), are processed by the Administrator:
1) in order to provide electronic services in the scope of providing Users with content collected on the Website – in which case the legal basis for data processing is the necessity of processing it to perform the contract (Article 6 (1) (b) of the GDPR);
2) for statistical purposes – in which case the legal basis for data processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in conducting statistical analysis of the Users' activity and their preferences in order to improve the functionalities used and the services provided;
3) in order to potentially establish and pursue claims or defend against them – the legal basis for data processing is the Administrator's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of their rights.
     b) Registration on the Website.
1. Personal data of Registered Users is processed by the Administrator in order to:
1) enable entities involved in the production, distribution, and trade of tobacco products, electronic cigarettes, spare containers, or tobacco accessories to access information about the Administrator's activities used for commercial purposes;
2) potentially determine and pursue claims or defend against them.
2. The legal basis for the processing of personal data of the Registered Users is the necessity of processing the data to perform the contract for the provision of electronic services (Article 6 (1) (b) of the GDPR).
3. The legal basis for the processing of personal data for the purpose of potential determination and pursuit of claims or defence against them is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
4. Providing personal data is voluntary, but it is necessary to register on the Website.
5. We will process personal data until the term of the contract (resignation from the Account or cessation of the service of access to the full content of the Website - the Product Page or discontinuation of the Website). Selected personal data may be processed after this time in order to protect against possible claims.
     c) Contact forms.
1. Personal data of Users using the contact form is processed for the purpose of identifying the sender and handling their inquiry.
2. TThe legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in ensuring contact with the Administrator in connection with the conducted business activity.
3. IIn terms of additional data (i.e. telephone number), the legal basis for processing is consent, expressed voluntarily through an unambiguous action, which is filling in this data in the form (Article 6 (1) (a) of the GDPR). Such consent may be withdrawn by the User at any time, but the withdrawal of consent will not affect the processing that was carried out before its withdrawal.
4. We can also process the data in order to secure information in the event of a legal need to prove facts in the event of the need to investigate or defend against claims, which is the implementation of our legitimate interest (Article 6 (1) (f) of the GDPR).
5. We will store personal data for a period of 1 year from the date we were contacted via the form. The selected personal data may be processed after this time in order to protect against possible claims.


What are the rights related to the processing of personal data by the Administrator?
1. the right to request access to their personal data;
     1) the right to request access to your personal data;
     2) the right to request deletion of data;
     3) the right to request the rectification of data and supplementation of incomplete data;
     4) in the cases specified in the GDPR - the right to request the restriction of the processing of personal data;
     5) to the extent to which the Administrator processes data based on a legitimate interest - the right to object to data processing;
     6) to the extent to which the Administrator processes data based on consent - the right to withdraw consent, while the withdrawal of consent will not affect the processing that was carried out before its withdrawal;
     7) the right to lodge a complaint to the supervisory body (the President of the Personal Data Protection Office) if the person whose data we process decides that we violate the provisions of the GDPR.
2. To exercise the above rights, please contact the Administrator or our Data Protection Officer (contact details above).


Recipients of personal data.
1. In connection with the provision of services, personal data will be disclosed to external entities, including in particular partners providing IT services ((e.g. in the field of developing and maintaining IT systems and websites and hosting providers).
2. The Administrator reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.


Transferring data outside the European Economic Area.
The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, we transfer personal data outside the EEA only when necessary and with an adequate level of protection. We always inform about the intention to transfer personal data outside the EEA during its collection (when handling the case).
However, we would like to inform you that in connection with the operation of social profiles, the administrators of these websites (Facebook, LinkedIn, Google) may transfer some personal data of users of these websites outside the European Economic Area. At the same time, we would like to point out that administrators of social networking sites apply appropriate security for data transfer to countries outside the EEA in the form of standard contractual clauses. Detailed information on data transfer outside the EEA is included in their Privacy Policies, available on their websites.


Automated decision making.
Decisions regarding Website Users will not be made solely in an automated manner, and the data will not be profiled.


VIII. Copyright and related rights.
1. The content of the Website is made available free of charge. The content of the Website is protected by industrial and intellectual property rights.
2. IInformation, illustrations, or graphics contained on the Website may not be used in materials that violate decency or are inconsistent with generally applicable laws.
3. Information, illustrations, or graphics contained on the Website may not be reproduced, modified, transferred, or published in whole or in part without the prior consent of the Administrator expressed in writing.


IX. Complaints procedure.
1. All matters regarding the functioning of the Website should be reported to the Administrator via e-mail to the following address: biuro@bista.pl.
2. The Administrator undertakes to remove all technical issues in the operation of the Website as soon as possible.


X. Final provisions.
1. Polish law applies to all legal relations arising from this Policy. All disputes will be settled by the locally competent Polish common courts.
2. The Policy is verified on an ongoing basis and updated if necessary. The current version of the Policy was adopted and is effective from 01.10.2020/XNUMX/XNUMX and is an integral part of the contract concluded with the User.