Bista Standard

Documentation of personal data protection
Bista Standard Sp. z o. o
Document number: 10.16.
Document version: 01.2020

Privacy policy of the website WWW.BISTA.PL

The privacy policy sets out the rights and obligations of the parties to the service provided electronically via the telecommunications network. The development of the Policy is the fulfillment of the obligation specified in art. 8 sec. 1 point 1 of the Act of 18 July 2002 on the provision of electronic services (i.e. of 2019, item 123, as amended).


Table of Contents:
Privacy policy of the website WWW.BISTA.PL 
I. Definitions. 
II. Legal nature of the Website. 
III. Types and scope of services provided electronically. 
IV. Technical conditions for the provision of services. 
V. Conditions for concluding and terminating contracts for the provision of electronic services. 
A. Terms and procedure of registration on the Website. 
B. Contact Forms. 
C. Social Plugins. 
D. Cookies and similar technology. 
VI. Risks related to the provision of services and data security. 
VII. Data processing in connection with the use of the Website. 
VIII. Copyright and related rights. 
IX. Complaints procedure. 
X. Final Provisions. 

I. Definitions.
1. Admin - the administrator of personal data collected via the www.bista.pl website is Bista Standard Sp. z o. o. with its seat in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz, which is also a Service Provider within the meaning of the Act on the provision of electronic services.
2. Personal data - all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via files cookie and other similar technology.
3. Password - a string of characters to log into the Account.
4. Account - a set of the Administrator's ICT resources marked with an individual name (logion) and password, in which the necessary User data provided during registration and information about the service are collected. The account enables the User to use the full content of the Website provided by the Administrator - the Product Page of the Website.
5. Login - User's e-mail address provided during registration, which is necessary to access the Account.
6. Politics - this Privacy Policy of the www.bista.pl website.
7. Product - the product presented in the service of access to the full content of the Website (the Product Page website), the description of which is available to registered Users.
8. Registration - the process of setting up an account by the User on the Website, involving the provision of his personal data using the registration form.
9. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection ).
10. Service - website run by the Administrator at https://www.bista.pl.
11. Product page - a website on the Website, which provides information about the Products.
12. Agreement - an agreement for the provision of electronic services, concluded between the Administrator
and the User, the subject of which is the provision of the service of running the Website.
13. Act on the provision of electronic services - Act of 18 July 2002 on the provision of electronic services (ie Journal of Laws of 2020, item 344).
14. Terminal device - telecommunications terminal equipment as defined in Art. 2 point 43 of the Act - Telecommunications Law (i.e. Journal of Laws of 2019, item 2460), intended to be connected directly or indirectly to network terminals, i.e. phones, tablets, computers, etc.
15. User not registered - an adult natural person visiting the Website or using one or more of the Website's functionalities that do not require registration on the Website.
16. Registered user - an adult natural person visiting the Website or using one or more Website functionalities requiring registration on the Website, authorized to act on behalf of an entity involved in the production, distribution or trade of tobacco products, electronic cigarettes, spare containers or tobacco props.


II. Legal nature of the Website.
1. The website is run by the Administrator and is its property.
2. Due to its assortment content, the www.bista.pl website is intended only for information and commercial purposes between entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco props and is intended for only for adultswith full legal capacity.
3. Before using the Website, the User is obliged to read this Policy.
4. The User undertakes to comply with the provisions of this Policy.
5. The user is obliged to provide his current data necessary for proper use
from the Website, in particular, it is obliged to provide its current data in the contact and registration forms, and in the event of data changes, to update them.
6. Information posted on the Website does not constitute an offer within the meaning of Art. 66 (1) of the Civil Code, and serve only as commercial information.
7. This Policy is continuously available on the www.bista.pl website, in a way that enables its acquisition, playback and recording of its content by printing or saving on a carrier at any time.


III. Types and scope of services provided electronically.
The Administrator provides the following types of services on the Website:
     1) "Access to publications" - a service of free access to information and collected materials
on the Website, consisting in the delivery of digital content via the Website, which allows them to be viewed, read, selected or printed by Users;
     2) "Access to the full content of the Website" - a service of free access to information about the Administrator's products, available only to entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco props and after registration on the Website;
     3) communication with the Administrator via the contact forms available on the Website to achieve the goals set out therein.


IV. Technical conditions for the provision of services.
1. To use the Website, it is necessary to:
     1) a device with Internet access, installed and properly configured
and the current version of the web browser with an appropriately set "cookie" option;
     2) an active e-mail account (e-mail address) in the case of using certain web forms (e.g. contact form, registration form).
2. In the case of using the Website via a tablet, telephone or other mobile device, some functionalities of the Website may not work properly or not at all, and the use of some electronic services provided on the Website may be impossible or difficult.
3. The Administrator makes every effort to ensure the proper functioning of the Website and individual services available on the Website, but is not responsible for any interruptions in the functioning of the Website or the services available on it, in the event of technical problems beyond its control.
4. The Service Provider reserves the right to temporarily disable the Website in whole or in part in connection with technical breaks, as well as introducing new functional solutions, including those increasing the level of security and quality of the Website.


V. Conditions for concluding and terminating contracts for the provision of electronic services.
1. Using the Website is tantamount to concluding a contract for the provision of electronic services. The contract is concluded when the User performs any activities on the Website.
2. The contract for the provision of services that do not require registration on the Website is terminated as a result of the Customer ceasing to use the Website.
3. The contract for the provision of services that require registration on the Website is terminated when the resignation form is sent or the request to delete the Account is sent to the e-mail address: biuro@bista.pl.
4. The Administrator is entitled to immediately terminate the contract for the provision of the service and to block access to the Account or to delete the User Account using in a contradictory manner.
with the law or the provisions of this Policy requiring registration on the Website.
5. The Administrator may refuse to provide a service that requires registration on the Website and delete the User Account, if it was re-established after the Administrator terminated the contract and the Account was removed from the Website due to the User's breach of the law or the provisions of this Policy.
6. The Administrator reserves the right to close the Website or resign from providing access to the Product Page, without giving reasons.


A. Terms and procedure of registration on the Website.
1. In order to access the full content of the Website (access to the Product Page website), the User is obliged to create an Account on the Website. Unregistered users are not able to view the full version of the Website.
2. Access to the full content of the Website (the Product Page website) may only be used by Users who meet the following conditions jointly:
     1) are over 18 years of age and have full legal capacity;
     2) are entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco props, their employees or other persons authorized to act on behalf of the abovementioned entities and using the Website only to obtain information used for commercial purposes, referred to in the Act of November 9, 1995 on the protection of health against the consequences of using the title and tobacco products (i.e. Journal of Laws of 2019, item 2182 with as amended).
3. Registration on the Website is free and consists in filling in the registration form.
4. Registration on the www.bista.pl website is voluntary and possible only after the login confirms that he or she is of legal age and that he or she is engaged in activities related to the production, distribution or trade of tobacco products, electronic cigarettes, spare containers or tobacco props.
5. Data required in the registration process include:
     1) name and surname;
     2) e-mail address,
which data are necessary for the provision of electronic services due to the way the ICT system functions for the provision of electronic services and the nature of the service.
6. The user is obliged to indicate in the registration procedure data and to make statements consistent with the facts.
7. In order to secure access to the User's account, a Password is required.
8. After registration in the ICT system, the Administrator creates an Account for the User. The account is available after logging in with a Password. The user may change the data indicated during registration at any time.
9. The Account and Login created during the registration process on the Website are individual and are assigned to only one person. The User may have many individual Accounts with different Login and Password.
10. The Account may be used only by one person indicated in the registration process. Using the Account by more than one person or providing access data to the Account to a person other than the one indicated in point. 2 is a violation of the Privacy Policy.
11. During registration, the User may also consent to receive commercial information from the Administrator to the e-mail address provided in the registration process. The consent in this regard is voluntary and registration on the Website is not dependent on it.
12. The User may resign from the option of receiving commercial information from the Administrator (withdraw the consent granted) at any time by sending an appropriate request to the e-mail address: biuro@bista.pl, while the withdrawal of consent will not affect the legal grounds for processing personal data before its withdrawal.
13. The User may at any time resign from keeping the Account without giving any reason.
14. The resignation is made by filling in and sending the resignation form or sending the request to delete the Account to the following address: biuro@bista.pl.
15. After receiving the resignation from the account or the request to delete the data, the Administrator immediately deletes the Account.
16. Submitting the resignation from the Account on the Website is tantamount to the termination of the contract for the provision of electronic services.


B. Contact Forms.
The administrator provides the possibility of contacting him using electronic contact forms available on the Website. Using the form requires providing personal data
in terms of name and surname, e-mail address, message content, which are necessary to contact the person who sends the query to the Administrator and to answer it. Providing data marked as mandatory is required to identify the sender and to accept and handle the inquiry,
and failure to provide them results in the inability to handle the inquiry. Providing other data, i.e. telephone number, is voluntary.


C. Social Plugins.
On the Website, the Administrator places the so-called "Social plugins" of social networks, such as Instagram, LinkedIn, YouTube. When the user visits the www.bista.pl website, the plug-ins are deactivated, ie no data is transferred to the administrators of these websites. Only the User's activity by clicking on the appropriate social "plug" causes a direct connection to the server of the administrators of these portals.
If the Website User www.bista.pl has a user account of these portals and is logged in at the time of activating the social plug, the administrators of these portals may assign a visit to the www.bista.pl Website to his user account, on the terms consistent with their Policy privacy. The User can avoid this by logging out of social networking sites before activating the social "plug" on the www.bista.pl website.


D. Cookies and similar technology.
1. "Cookies" are small text files installed on the user's computer or other mobile device (laptop, phone, tablet, etc.) when browsing websites. "Cookies" collect information that facilitates the use of the website (eg by remembering the user's visits
and appropriate display of the website to his preferences).
2. "Cookies" are not used by the Administrator to collect information that directly identifies a specific User (such as name and surname).
3. We use the so-called "Service cookies" that are necessary for the proper operation of the Website
and ensuring safety and improving the quality of services provided by electronic means, in particular:
     1) adapting the content of the Website pages to the User's preferences and optimizing the use of websites, in particular, these files allow to recognize the Website User's device and properly display the website, tailored to his individual needs, e.g. setting the preferred language, font size and other such properties that facilitate work on the Website;
     2) maintaining the Website User's session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage of the website;
     3) remembering the User's choice to stop displaying the selected message or display it a certain number of times.
4. "Cookies" used for this purpose include:
     1) "cookies" with data entered by the User (session ID) for the duration of the session;
     2) authentication cookies used for services that require authentication for the duration of the session;
     3) session "cookies" of multimedia players (eg "cookies" of a flash player), for the duration of the session;
     4) "cookies" used to ensure security, eg used to detect abuse
in the field of authentication;
     5) persistent "cookies" for personalizing the User interface, for the duration of the session or a little longer.
5. The right to store and access "cookies" results from the consent of the Website User. This consent is expressed by the User when configuring the web browser or the selected website or service.
6. The user may at any time remove or block the creation of "cookies" using the appropriate mechanisms built into each web browser. Withdrawal of consent to the use of "cookies" is possible through the browser settings. Detailed information on this can be found at the following links:
• Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
• Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
• Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
• Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
• Safari: https://support.apple.com/kb/PH5042?locale=en-GB
7. The administrator informs that restrictions on the use of "cookies" may affect some of the functionalities available on the Website.


VI. Risks related to the provision of services and data security.
1. The systems and applications used by the Administrator ensure a high standard of security and protection of personal data.
2. However, the user should be aware that the use of the Website requires the use of a public telecommunications network (the Internet), which is associated with an increased risk of threats resulting from
the use of the Website.
3. The administrator informs that the use of services provided electronically may involve
with the risk of introducing malicious software into the User's ICT system as well as obtaining and modifying his data by unauthorized persons. To avoid the risk of threats, the User should use appropriate technical measures that will minimize their occurrence, in particular anti-virus programs and a firewall.
4. On the pages of the Website, banners and links to other websites may appear. By using such a banner or link, the User is transferred to a website belonging to another service provider. The administrator is not responsible for the privacy practices of these websites. We encourage the User to read the privacy policy and regulations there after switching to other websites.


VII. Data processing in connection with the use of the Website.
In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website. The detailed rules and purposes of processing personal data collected during the use of the Website by the User are described below.
Who is the administrator of personal data.
The administrator of personal data is Bista Standard Sp. z o. o. with its seat in Bydgoszcz, ul. Smoleńska 29,
85-871 Bydgoszcz.
How can you contact us?
You can contact the administrator:
• by traditional mail at the following address: Bista Standard Sp. z o. o. in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz;
• by e-mail: biuro@bista.pl.
Data Protection Officer.
We have appointed a Data Protection Officer (Kinga Hoffmann), whom you can contact:
• by traditional mail at the following address: Bista Standard Sp. z o. o. in Bydgoszcz, address: ul. Smoleńska 29, 85-871 Bydgoszcz;
• by e-mail: biuro@bista.pl.
You can contact the Data Protection Officer in all matters relating to the processing of your personal data by Bista Standard and the exercise of rights related to their processing.


Purposes and legal grounds for data processing on the Website.
     a) Using the Website.
Personal data of all persons using the Website (including IP address or other identifiers and information collected via "cookies" or other similar technologies), are processed by the Administrator:
1) in order to provide electronic services in the scope of providing Users with content collected on the Website - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
2) for statistical purposes - then the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in conducting statistical analyzes of Users' activity, as well as their preferences in order to improve the functionalities used and the services provided;
3) in order to possibly establish and pursue claims or defend against them - the legal basis for processing is the Administrator's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of his rights.
     b) Registration on the Website.
1. Personal data of registered Users are processed by the Administrator in order to:
1) enabling entities involved in the production, distribution and trade of tobacco products, electronic cigarettes, spare containers or tobacco props to access information about the Administrator's activities used for commercial purposes;
2) possible determination and pursuit of claims or defense against them.
2. The legal basis for the processing of registered Users' personal data is the necessity of processing to perform the contract for the provision of electronic services (Article 6 (1) (b) of the GDPR).
3. The legal basis for the processing of personal data for the purpose of possible determination and pursuit of claims or defense against them is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
4. Providing personal data is voluntary, but it is necessary to register on the Website.
5. We will process personal data until the term of the contract (resignation from the Account or cessation of the service of access to the full content of the Website - the Product Page or discontinuation of the Website). Selected personal data may be processed after this time in order to protect against possible claims.
     c) Contact forms.
1. Personal data of Users using the contact form are processed for the purpose of identifying the sender and handling his inquiry.
2. The legal basis for processing is the legitimate interest of the administrator (Article 6 (1) (f) of the GDPR), consisting in ensuring contact with the Administrator in connection with the conducted business activity.
3. In terms of additional data (ie telephone number), the legal basis for processing is consent, expressed voluntarily through an unambiguous action, which is filling in this data in the form (Article 6 (1) (a) of the GDPR). Such consent may be withdrawn by the User at any time, but the withdrawal of consent will not affect the processing that was carried out before its withdrawal.
4. We can also process the data in order to secure information in the event of a legal need to prove facts in the event of the need to investigate or defend against claims, which is the implementation of our legitimate interest (Article 6 (1) (f) of the GDPR).
5. We will store personal data for a period of 1 year from the date of contact via the form. The selected personal data may be processed after this time in order to protect against possible claims.


What are the rights related to the processing of personal data by the Administrator?
1. In connection with the processing of personal data, the User is entitled to:
     1) the right to request access to your personal data;
     2) the right to request deletion of data;
     3) the right to request the rectification of data and supplementing incomplete data;
     4) in the cases specified in the GDPR - the right to request the restriction of the processing of personal data;
     5) to the extent to which the Administrator processes data based on a legitimate interest - the right to object to data processing;
     6) to the extent to which the Administrator processes data based on consent - the right to withdraw consent, while the withdrawal of consent will not affect the processing that was carried out before its withdrawal;
     7) the right to lodge a complaint to the supervisory body (the President of the Personal Data Protection Office) if the person whose data we process decides that we violate the provisions of the GDPR.
2. To exercise the above rights, please contact the Administrator or our Data Protection Officer (contact details above).


Recipients of personal data.
1. In connection with the provision of services, personal data will be disclosed to external entities, including in particular partners providing IT services (eg in the field of developing and maintaining IT systems and websites and hosting providers).
2. The Administrator reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.


Transferring data outside the European Economic Area.
The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, we transfer personal data outside the EEA only when necessary and with an adequate level of protection. We always inform about the intention to transfer personal data outside the EEA at the stage of their collection (handling the case).
However, we would like to inform you that in connection with the running of social profiles, the administrators of these websites (Facebook, LinkedIn, Google) may transfer some personal data of users of these websites outside the European Economic Area. At the same time, we would like to point out that administrators of social networking sites apply appropriate security for data transfer to countries outside the EEA in the form of standard contractual clauses. Detailed information on data transfer outside the EEA is included in their Privacy Policy, available on their websites.


Automated decision making.
Decisions regarding Website Users will not be made solely in an automated manner, and the data will not be profiled.


VIII. Copyright and related rights.
1. The content of the Website is made available free of charge. The content of the Website is protected by industrial and intellectual property rights.
2. Information, illustrations or graphics contained on the Website may not be used in materials that violate decency or are inconsistent with generally applicable laws.
3. Information, illustrations or graphics contained on the Website may not be reproduced, modified, transferred or published in whole or in part without the prior consent of the Administrator expressed in writing.


IX. Complaints procedure.
1. All matters regarding the functioning of the Website should be reported to the Administrator via e-mail to the following address: biuro@bista.pl.
2. The Administrator undertakes to remove all technical irregularities in the operation of the Website as soon as possible.


X. Final Provisions.
1. The law applicable to all legal relations arising from this Policy is Polish law. All disputes will be settled by the locally competent Polish common courts.
2. The policy is verified on an ongoing basis and updated if necessary. The current version of the Policy was adopted and is effective from 01.10.2020/XNUMX/XNUMX and is an integral part of the contract concluded with the User.