Personal data protection documentation
Bista Standard Sp. z o. o.
Document number: 10.16.
Document version: 01.2020
Privacy policy of the WWW.BISTA.PL website
The privacy policy defines the rights and obligations of the parties to the service provided electronically via a telecommunications network. The development of the Policy is the fulfillment of the obligation specified in art. 8 sec. 1 item 1 of the Act of 18 July 2002 on the provision of services by electronic means (consolidated text of 2019, item 123, as amended).
Table of Contents:
Privacy policy of the WWW.BISTA.PL website
I. Definitions.
II. Legal nature of the Website.
III. Types and scope of services provided electronically.
IV. Technical requirements for the provision of services.
V. Conditions for concluding and terminating contracts for the provision of services by electronic means.
A. Terms and procedure for registration on the Website.
B. Contact forms.
C. Social plugins.
D. Cookies and similar technologies.
VI. Risks related to the provision of services and data security.
VII. Data processing in connection with the use of the Service.
VIII. Copyright and related rights.
IX. Complaints procedure.
X. Final provisions.
I. Definitions.
1. Admin – the administrator of personal data collected via the Website www.bista.pl is Bista Standard Sp. z o. o. with its registered office in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz, which is also the Service Provider within the meaning of the Act on the provision of services by electronic means.
2. Personal data – all information about a natural person identified or identifiable through one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected through cookies and other similar technologies.
3. Password – a string of characters enabling logging in to the Account.
4. Account – a collection of the Administrator's IT resources marked with an individual name (login) and password, in which the necessary User data provided during registration and information about the service are collected. The account allows the User to use the full content of the Service provided by the Administrator – the Product Page of the Service.
5. login – the User’s e-mail address provided during registration, which is necessary to access the Account.
6. Policy – this Privacy Policy of the website www.bista.pl.
7. Product – a product presented in the service of access to the full content of the Service (product page website), the description of which is available to registered Users.
8. Registration – the process of setting up an account by the User on the Website, which involves providing his/her personal data using the registration form.
9. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
10. Service – website operated by the Administrator at http://www.bista.pl.
11. Product page – a page on the Website that presents information about the Products.
12. Agreement – an agreement for the provision of services by electronic means, concluded between the Administrator
and the User, the subject of which is the provision of the service of running the Website.
13. Act on the provision of services by electronic means – Act of 18 July 2002 on the provision of services by electronic means (consolidated text: Journal of Laws of 2020, item 344).
14. End user’s device – telecommunications terminal equipment defined in art. 2 point 43 of the Telecommunications Law (consolidated text: Journal of Laws of 2019, item 2460), intended for direct or indirect connection to network terminations, i.e. telephones, tablets, computers, etc.
15. Unregistered User – an adult natural person visiting the Website or using one or more functionalities of the Website that do not require registration on the Website.
16. Registered User – an adult natural person visiting the Website or using one or more functionalities of the Website that require registration on the Website, authorized to act on behalf of an entity engaged in the production, distribution or trade of tobacco products, electronic cigarettes, spare containers or tobacco accessories.
II. Legal nature of the Website.
1. The Website is operated by the Administrator and is his property.
2. Due to its assortment content, the www.bista.pl website is intended solely for informational and commercial purposes between entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco accessories and is intended only for adultswith full legal capacity.
3. Before starting to use the Website, the User is obliged to familiarize themselves with this Policy.
4. The User undertakes to comply with the provisions of this Policy.
5. The User is obliged to provide their current data necessary for proper use of the Website, in particular, they are obliged to provide their current data in the contact and registration forms, and to update it in the event of data changes.
from the Website, in particular he/she is obliged to provide his/her current data in the contact and registration forms, and in the event of any changes to the data, to update them.
6. The information posted on the Website does not constitute an offer within the meaning of Article 66(1) of the Civil Code, but serves only as commercial information.
7. This Policy is continuously available on the website www.bista.pl, in a manner enabling its acquisition, reproduction and recording of its content by printing or saving on a medium at any time.
III. Types and scope of services provided electronically.
The Administrator provides the following types of services on the Website:
1) "Access to publications" - a service of free access to information and materials collected
on the Website, consisting in the delivery of digital content via the Website, which allows them to be viewed, read, selected or printed by Users;
2) "Access to the full content of the Website" - a service of free access to information about the Administrator's products, available only to entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco accessories and after registration on the Website;
3) communication with the Administrator via the contact forms provided on the Website in order to achieve the purposes specified therein.
IV. Technical requirements for the provision of services.
1. To use the Service you must:
1) a device with access to the Internet with installed and properly configured
and the current version of the web browser with the appropriate cookie handling option set;
2) an active e-mail account (e-mail address) when using certain web forms (e.g. contact form, registration form).
2. When using the Service via a tablet, telephone or other mobile device, some functionalities of the Service may not work properly or not work at all, and the use of some electronic services provided within the Service may be impossible or difficult.
3. The Administrator makes every effort to ensure the proper functioning of the Website and individual services available on the Website, but is not responsible for any interruptions in the functioning of the Website or services available on it in the event of technical problems beyond its control.
4. The Service Provider reserves the right to temporarily disable the Service in whole or in part due to technical breaks, as well as to introduce new functional solutions, including those that increase the level of security and quality of operation of the Service.
V. Conditions for concluding and terminating contracts for the provision of services by electronic means.
1. Using the Service is tantamount to concluding a contract for the provision of services by electronic means. The contract is concluded at the moment of performing any actions on the Service by the User.
2. The agreement for the provision of services that do not require registration on the Website is terminated as a result of the Service Recipient ceasing to use the Website.
3. The agreement for the provision of services requiring registration on the Website is terminated upon sending the service cancellation form or sending a request to delete the Account to the e-mail address: biuro@bista.pl.
4. The Administrator is entitled to immediately terminate the service provision agreement and to block access to the Account or to delete the Account of the User who uses it in a manner that is contrary to
with the law or the provisions of this Policy requiring registration on the Website.
5. The Administrator may refuse to provide a service that requires registration on the Website and delete the User Account if it was created again after the termination of the agreement by the Administrator and deletion of the Account from the Website as a result of the User violating the provisions of the law or the provisions of this Policy.
6. TThe Administrator reserves the right to close the Website or resign from providing access to the Product Page without providing justification.
A. Terms and procedure for registration on the Website.
1. In order to gain access to the full content of the Service (access to the Product Page website), the User is required to create an Account on the Service. Unregistered Users do not have access to the full version of the Service.
2. Access to the full content of the Service (Product Page website) is available only to Users who meet all of the following conditions:
1) are over 18 years of age and have full legal capacity;
2) are entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco accessories, their employees or other persons authorized to act on behalf of the above entities and using the Website solely to obtain information used for commercial purposes, referred to in the Act of 9 November 1995 on the protection of health against the effects of using tobacco and tobacco products (consolidated text: Journal of Laws of 2019, item 2182, as amended).
3. Registration on the Website is free of charge and involves completing the registration form.
4. Registration on the www.bista.pl website is voluntary and possible only after the person logging in confirms that they are of legal age and that they conduct business related to the production, distribution or trade of tobacco products, electronic cigarettes, spare containers or tobacco accessories.
5. Data required in the registration process include:
1) name and surname;
2) e-mail address,
which are necessary for the provision of electronic services due to the way the ICT system functions for the provision of electronic services and the nature of the service.
6. The User is obliged to provide data during the registration procedure and submit declarations consistent with the actual state of affairs.
7. In order to secure access to the User account, a Password is required.
8. After registration in the IT system, the Administrator creates an Account for the User. The Account is available after logging in using the Password. The User may change the data provided during registration at any time.
9. The Account and Login created during the registration process on the Service are individual and are assigned to only one person. The User may have many individual Accounts that have different Logins and Passwords.
10. The Account may only be used by one person, indicated in the registration process. Use of the Account by more than one person or sharing access data to the Account with a person other than the one indicated in point 2 constitutes a violation of the Privacy Policy.
11. During registration, the User may also consent to receive commercial information from the Administrator to the e-mail address provided during the registration process. Consent in this respect is voluntary and registration on the Service is not dependent on it.
12. The User may opt out of receiving commercial information from the Administrator (withdraw the consent granted) at any time by sending an appropriate request to the e-mail address: biuro@bista.pl, and the withdrawal of consent will not affect the legal basis for the processing of personal data before its withdrawal.
13. The User may resign from maintaining the Account at any time without giving any reason.
14. Resignation is effected by completing and sending the resignation form or by sending a request to delete the Account to the following address: biuro@bista.pl.
15. After receiving a resignation from the account or a request to delete data, the Administrator immediately deletes the Account.
16. Submitting a resignation from the Account on the Website is equivalent to terminating the agreement for the provision of services by electronic means.
B. Contact forms.
The Administrator provides the possibility of contacting him using electronic contact forms placed on the Website. Using the form requires providing personal data
in terms of name and surname, e-mail address, content of the message, which are necessary to establish contact with the person who sends the Administrator a query and to provide an answer. Providing data marked as mandatory is required in order to identify the sender and accept and process the query,
and failure to provide them results in the inability to handle the inquiry. Providing other data, i.e. telephone number, is voluntary.
C. Social plugins.
In the Service, the Administrator places so-called "social plugins" of social networking sites, i.e. Instagram, LinkedIn, YouTube. When the User visits the Service www.bista.pl, the "plugins" are deactivated, i.e. no data is transferred to the administrators of these sites. Only the User's activity by clicking on the appropriate social "plugin" establishes a direct connection with the server of the administrators of these portals.
If the User of the www.bista.pl Service has a user account of these portals and is logged in at the time of activating the social "plug-in", the administrators of these portals may assign the visit to the www.bista.pl Service to his user account, on the principles consistent with their Privacy Policy. The User can avoid this if he logs out of the social portals before activating the social "plug-in" placed on the www.bista.pl Service.
D. Cookies and similar technologies.
1. Cookies are small text files installed on the user's computer or other mobile device (laptop, phone, tablet, etc.) while browsing websites. Cookies collect information that facilitates the use of the website (e.g. by remembering the user's visits
and appropriate display of the website to his preferences).
2. “Cookies” files are not used by the Administrator to collect information that directly identifies a specific User (such as name and surname).
3. We use the so-called "Service cookies" that are necessary for the proper operation of the Website
and ensuring security and improving the quality of services provided electronically, in particular:
1) adapting the content of the Service's web pages to the User's preferences and optimizing the use of the web pages; in particular, these files allow the Service User's device to be recognized and the website to be properly displayed, adjusted to their individual needs, e.g. by setting the preferred language, font size and other such features that facilitate work on the Service;
2) maintaining the Service User's session (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage of the service;
3) remembering the User's choice to stop displaying a selected message or to display it a specified number of times.
4. Cookies used for this purpose include:
1) “cookies” files with data entered by the User (session identifier), for the duration of the session;
2) authentication cookies used for services that require authentication for the duration of the session;
3) session "cookies" of multimedia players (eg "cookies" of a flash player), for the duration of the session;
4) "cookies" used to ensure security, eg used to detect abuse
in the field of authentication;
5) persistent "cookies" for personalizing the User interface, for the duration of the session or a little longer.
5. The right to store and access "cookies" results from the consent expressed by the User of the Service. This consent is expressed by the User when configuring the web browser or a selected website or service.
6. The User may at any time remove or block the creation of "cookies" using the appropriate mechanisms built into each web browser. Withdrawal of consent to the use of "cookies" is possible through the browser settings. Detailed information on this can be found at the following links:
• Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
• Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
• Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
• Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
• Safari: https://support.apple.com/kb/PH5042?locale=en-GB
7. The administrator informs that restrictions on the use of "cookies" may affect some of the functionalities available on the Website.
VI. Risks related to the provision of services and data security.
1. The systems and applications used by the Administrator ensure a high standard of security and personal data protection.
2. However, the User should be aware that using the Service requires the use of a public telecommunications network (Internet), which is associated with an increased risk of threats arising from
from using the Website.
3. The Administrator informs that the use of services provided electronically may involve
with the threat of introducing malicious software into the User's IT system and obtaining and modifying their data by unauthorized persons. In order to avoid the risk of threats, the User should use appropriate technical measures that will minimize their occurrence, in particular antivirus programs and a firewall.
4. Banners and links to other websites may appear on the Service pages. By using such a banner or link, the User goes to a page belonging to another service provider. The Administrator is not responsible for the privacy policies in force on these pages. We encourage the User to familiarize themselves with the privacy policies and regulations established there after going to other pages.
VII. Data processing in connection with the use of the Service.
In connection with the User's use of the Service, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User's activity on a given Service. Detailed principles and purposes of processing personal data collected during the User's use of the Services are described below.
Who is the administrator of personal data.
The administrator of personal data is Bista Standard Sp. z o. o. with its registered office in Bydgoszcz, ul. Smoleńska 29,
85-871 Bydgoszcz.
How can you contact us?
You can contact the Administrator:
• by traditional mail to the following address: Bista Standard Sp. z o. o. in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz;
• by e-mail: biuro@bista.pl.
Data Protection Officer.
We have appointed a Data Protection Officer (Kinga Hoffmann), whom you can contact:
• by traditional mail to the following address: Bista Standard Sp. z o. o. in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz;
• by e-mail: biuro@bista.pl.
You can contact the Data Protection Inspector on all matters relating to the processing of your personal data by Bista Standard and the exercise of rights related to their processing.
Purposes and legal basis of data processing on the Website.
a) Using the Website.
Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator:
1) for the purpose of providing services electronically in the scope of making the content collected on the Website available to Users – then the legal basis for processing is the necessity of processing for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR);
2) for statistical purposes – then the legal basis for processing is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR), consisting in conducting statistical analyses of Users’ activities, as well as their preferences in order to improve the functionalities used and the services provided;
3) in order to determine and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR), consisting in the protection of its rights.
b) Registration on the Website.
1. Personal data of registered Users are processed by the Administrator for the purpose of:
1) enabling entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco accessories to access information on the Administrator’s activities used for commercial purposes;
2) any determination and pursuit of claims or defense against them.
2. The legal basis for the processing of personal data of registered Users is the necessity of processing for the performance of the contract for the provision of services by electronic means (Article 6, paragraph 1, letter b of the GDPR).
3. The legal basis for the processing of personal data for the purpose of determining and pursuing claims or defending against them is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR).
4. Providing personal data is voluntary, but necessary for registration on the Website.
5. We will process personal data for the duration of the contract (resignation from the Account or cessation of providing access to the full content of the Service - the Product Page website or cessation of running the Service). Selected personal data may be processed after this time in order to protect against potential claims.
c) Contact forms.
1. Personal data of Users using the contact form are processed for the purpose of identifying the sender and handling their inquiry.
2. The legal basis for processing is the legitimate interest of the administrator (Article 6, paragraph 1, letter f of the GDPR), consisting in ensuring contact with the Administrator in connection with the conducted business activity.
3. In the scope of additional data (i.e. telephone number), the legal basis for processing is consent, expressed voluntarily through an unambiguous action, which is filling in this data in the form (Article 6, paragraph 1, letter a of the GDPR). The User may withdraw such consent at any time, and the withdrawal of consent will not affect the processing carried out before its withdrawal.
4. We may also process data to secure information in the event of a legal need to prove facts in the event of the need to pursue or defend against claims, which is the implementation of our legitimate interest (Article 6, paragraph 1, letter f of the GDPR).
5. We will store personal data for a period of 1 year from the date of contact using the form. Selected personal data may be processed after this time in order to protect against potential claims.
What rights do you have in connection with the processing of personal data by the Administrator?
1. In connection with the processing of personal data, the User has the right to:
1) the right to request access to your personal data;
2) the right to request deletion of data;
3) the right to request the rectification of data and the completion of incomplete data;
4) in cases specified in the GDPR – the right to request the restriction of the processing of personal data;
5) to the extent that the Administrator processes data based on a legitimate interest – the right to object to data processing;
6) to the extent that the Administrator processes data based on consent – the right to withdraw consent, whereby the withdrawal of consent will not affect the processing carried out before its withdrawal;
7) the right to lodge a complaint to the supervisory body (the President of the Personal Data Protection Office) if the person whose data we process decides that we violate the provisions of the GDPR.
2. To exercise the above rights, please contact the Administrator or our Data Protection Officer directly (contact details above).
Recipients of personal data.
1. In connection with the provision of services, personal data will be disclosed to external entities, including in particular partners providing IT services (e.g. in the field of developing and maintaining IT systems and websites, and hosting providers).
2. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
Transferring data outside the European Economic Area.
The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, we only transfer personal data outside the EEA when necessary and with an adequate level of protection. We always inform you about the intention to transfer personal data outside the EEA at the stage of their collection (handling the matter).
However, we inform you that in connection with maintaining social media profiles, the administrators of these services (Facebook, LinkedIn, Google) may transfer some personal data of users of these services outside the European Economic Area. At the same time, we indicate that the administrators of social media services apply appropriate safeguards for data transfer to countries outside the EEA in the form of standard contractual clauses. Detailed information on data transfer outside the EEA is included in their Privacy Policies, available on their websites.
Automated decision making.
Decisions regarding Users of the Service will not be made in a solely automated manner, including data will not be subject to profiling.
VIII. Copyright and related rights.
1. The content posted on the Service pages is provided free of charge. The content of the Service is protected by industrial and intellectual property rights.
2. Information, illustrations or graphics contained in the Service may not be used in materials that violate good customs or are inconsistent with generally applicable legal provisions.
3. Information, illustrations or graphics contained in the Service may not be reproduced, modified, transmitted or published in whole or in part without the prior consent of the Administrator expressed in writing.
IX. Complaints procedure.
1. All matters regarding the functioning of the Website should be reported to the Administrator via e-mail to the following address: biuro@bista.pl.
2. The Administrator undertakes to remove all technical irregularities in the operation of the Service as soon as possible.
X. Final provisions.
1. The law applicable to all legal relations arising from this Policy is Polish law. Any disputes will be resolved by locally competent Polish common courts.
2. The Policy is continuously verified and updated as necessary. The current version of the Policy has been adopted and is effective from 01.10.2020 and is an integral part of the agreement concluded with the User.