The Internet is becoming an ever-present tool. In fact, it enters all fields of human activity, especially the conduct of business. It would be difficult to imagine an entrepreneur not using the Internet or not gathering or analyzing information about his contracting partners and customers. To be sure, in order to carry on business on-line or to process personal data, entrepreneurs must meet certain legal requirements.

1 Sites that provide information

Web sites created by entrepreneurs are nearly always commercial in character. They may differ, however, as to the purposes they are intended to serve. Business-related web sites may include promotional sales, feature on-line shops engaged in mail order selling or serve the sole purpose of establishing business contacts or searching for new partners or even business news portals. Depending on the nature of their contacts with business partners or consumers, businesses have to meet various legal conditions.

1.1 Information to be provided

The issue of providing services via the Internet is governed by the Act on Providing On-Line Services dated July 18, 2002. Under that statute, provision of e-services consists in sending and receiving data by means of ICT (Information and Communication Technology) systems at the request of an individual service receiver, obviating the presence of the parties concerned. The term “service provider” should be construed to mean a natural or legal person or an unincorporated organizational entity, which, while engaging in gainful or professional activities (even only on an ancillary basis), provides services on line. The statute imposes a number of obligations on a service provider (maintaining a web site). These involve providing service receivers with specific information. Under Art. 5 of the statute, a service provider is primarily required to provide the following data clearly and explicitly, ensuring it can be accessed via an ICT system:

• email addresses;
• name, surname, place of residence and address or name or company name as well as registered office and address;
• where an appropriate permit [license] is required for services to be provided, one should provide information concerning the licensing authority and the permit;
• where a service provider happens to be a natural person, whose right to pursue his or her occupation depends on his or her fulfilling specific requirements as set forth in separate legislation acts, one should also give the identity of the professional organization to which the service provider belongs, the occupational title s/he uses and the country in which the said title was granted, his or her number in the register in which the service provider was recorded and information on the relevant professional ethics for the occupation in question.

Moreover, a service provider is required to provide a service receiver with access to up-to-date information about any special risks associated with using e-services and about the function and purpose of software or data which is not part of the service, but which is incorporated by the service provider into the ICT system used by the service receiver. Furthermore, prior to concluding a contract, a service provider has to draw up and provide to a service receiver, free of charge, the rules and regulations whereby the service provider renders its services. More specifically, the rules and regulations at issue set forth the following:

• type and scope of on-line services;
• terms and conditions for providing on-line services, including the necessary technical requirements for interacting with the ICT system used by a service receiver and a ban on a service receiver providing any illegal content;
• terms and conditions for concluding and terminating contracts for on-line services;
• complaint procedure.

A service receiver is not bound by any rules and regulations that he has not received as described above.

1.2 Liability of the Entrepreneur as Service Provider for Information on his Website

An entrepreneur maintaining a web site is liable for the information included on it. A distinction has to be made between two situations. In one situation, an entrepreneur maintaining a web site posts a text that directly affects the content of information included on the web site. In the other, an entrepreneur maintains a so-called forum or chat room inviting web users to express their thoughts, while the entrepreneur is not liable for any content they might post.
A service provider may bear both civil and criminal liability for providing information whose content is decided by it. A service provider may be held liable in a situation where he causes damage to a third party due to information posed on his website. Under the Civil Code, whoever causes damage to another due to his own fault, shall be obligated to cure the said damage (Art. 415 of the Civil Code), while one’s intangible inalienable personal rights, such as one’s image, good name, scientific or artistic creation among other things, are protected by civil law.
Under Art. 212 § 1 and 2 of the Criminal Code, whoever libels another via the mass media by ascribing to that person such behavior or character traits as might demean it in the eyes of the public or expose him or her to the loss of trust necessary for a given post, occupation or type of activity shall be liable to a fine, restriction of freedom or imprisonment of up to 2 years.
Moreover, an entrepreneur transferring content from other sources to his web site should be careful not to infringe third-party copyrights. Excluded from copyright protection, however, are reports concerning current affairs. According to the literature on the subject, the latter should be construed to mean any information concerning current political, economic, etc. affairs that is free of any comment or appraisal. And while posting works within the limits of permissible use, under the statutory license envisaged in Art. 25 of the Copyright Law, one should cite the author’s identity and the source of information.
It is different with the aforementioned forum or chat room hosted on web sites. Under an agreement for on-line services, the service provider, referred to as the administrator, is required to post on his or her web site the rules and regulations concerning the services rendered. The rules and regulations at issue should contain provisions on a ban on service receivers (forum or chat participants) posting any illegal content. This ban can be extended to include a ban on posting any abusive content on the forum, as well as any vulgarities or advertisements. In theory, the participants should comply with the rules and regulations, but in practice they can post any information whatsoever. It is the administrator’s task to remove any statements running contrary to the rules and regulations, i.e., contrary to the law. However, such measures are taken in the wake of violations, and do not prevent them from happening. This is why a question arises as to whether the administrator can be liable for any statements violating, for example, the above-mentioned intangible inalienable personal rights of others. In March 2005, the District Court in Złotoryja acquitted the administrator of the zlotoryja.info site, sued in connection with someone posting an unfavorable opinion about a third party on the forum. The administrator was charged with a breach of Art. 212 of the Criminal Code. In the reasons, the District Court held that a court could not hold a person liable for another’s statements. The Regional Court in Ostrołęka issued a similar ruling. In 2005, the court acquitted the moja-ostroleka.pl site administrator in connection with libelous comments having been made on the forum. In the reasons, the court stated that it was not the administrator’s fault that the said comments had appeared on his site.

1.3 Hyperlinks

The administrator may want to use related links (hyperlinks) to make it easier for surfers to navigate the site. These links refer the user to another place in an on-line text or web site located on a different portal. With regard to the use of hyperlinks, one might ask whether they breach of third-party rights and are contrary to provisions on combating unfair competition.
While there are no provisions expressly regulating this issue, there is a prevalent view in the literature on the subject that the very act of referring one to other web sites (even if this entails a trademark or other commercial mark) does not breach third-party rights, nor does it amount to an act of unfair competition. That said, use in a link of another’s trademarks with the object of criticizing the owners of these trademarks might amount to a breach of the law.

1.4 Meta tags

Meta tags are hidden sections of HTML code one enters onto one’s Web page. They are not visible to users, but allow the search engines to know what one’s site is about and index it. In other words, they enable the search engines to place a given site on top of a list shown for every query made by a Web user. It is obvious that, in an attempt to reach the largest possible number of prospective customers or contracting partners, entrepreneurs want their sites to be displayed by the search engines as frequently as possible. As a result, some may be tempted to enter trademarks or advertising slogans of other firms as meta tags, a practice that can result in a breach of their trademark registration rights or a breach of the provisions on combating unfair competition. In October 2004, the Regional Court in Poznań issued a judgment enjoining one of the Poznań-based firms from inserting any words into its HTML code that form a part of the name of a competitive business. The court held that use of such words is in breach of the Act on Combating Unfair Competition.

2 Marketing and information gathering

2.1 Gathering, processing and using Personal Data

The issue of personal data processing is regularized by the Personal Data Protection Law dated August 29, 1997. In turn, personal data protection principles relating to on-line services are governed by the Act on Providing On-Line Services.
The Personal Data Protection Law applies to entities processing personal data in connection with gainful and professional activities or in pursuance of the objectives set forth in the articles of association/corporate charter. The said entities must have their registered office or place of residence in Poland, but they also may have their registered office in another country if they process personal data using technical resources located in Poland.
The Personal Data Protection Law allows entities to process (and thus transfer) personal data in a situation, among others, where it is necessary to attain any legally justified objectives being pursued by data administrators or by data recipients if such processing does not violate the rights and liberties of the person concerned. What is more, the statute makes it clear that a legally justified objective is specifically construed to mean the direct marketing of the data administrator’s products or services, as well as pursuance of one’s claims in connection with the business conducted. Hence, this serves as the basis for franchisors and franchisees to provide one another with information about their customers or contracting partners. However, under these circumstances, one should not forget to inform the persons from whom one receives personal data of the entities to which one will provide it.
The Act on Providing On-Line Services recites that a service provider may process such personal data of a service receiver as may be necessary to establish, form the substance of, amend or terminate the legal relation between them. The statute also allows service providers to process any other personal data of a service receiver (so long as the latter consents to that) for advertisement and market research purposes.
While collecting personal data from the person concerned, a franchisor or franchisee should inform that person of the following:

• address of its registered office and full name, and in the event of a natural person being a data administrator – of his or her place of residence, as well as his or her name and surname;
• purpose of gathering data or, more specifically, any known or anticipated recipients or categories of data recipients during the provision of information (e.g., franchisor and its franchisees);
• right to review the content of one’s data and to revise it;
• whether such provision of data is a voluntary or an obligatory act, and if it is obligatory, the legal grounds for it.

Everyone has the right to monitor the processing of data concerning them.

2.2 Marketing, including by e-mail

The act sending out business information by electronic mail is governed by the Act on Providing On-Line Services dated July 18, 2002. The statute introduced an opt-in principle, whereby a franchisor or franchisee cannot send adverting materials until it obtains the relevant consent. Art. 10 of the statute refers expressly to a ban on sending unsolicited business information addressed to a named recipient by electronic means, particularly electronic mail.

Business information must be clearly designated as such. Moreover, it must contain the following:

• identity of the entity ordering its dissemination as well as the email addresses of that entity;
• clear description of the forms of promotional activity or, more specifically, price reductions, gratuitous money offers or valuable items or any other benefits related to the promotion of a product, service or image and clear specification of the terms and conditions for using such benefits if the latter constitute part of the offer;
• any information which may have a bearing on the determination of the scope of liability of the parties involved, particularly warnings and qualifications.
  Whoever sends unsolicited business information by electronic means shall be liable to a fine. Perpetrators are prosecuted at the request of the aggrieved party.

2.3 The use of Cookies

Cookies are small messages given to a Web browser by a Web server. The messages at issue are subsequently stored on the browser’s hard drive. Due to the implicit parameters of cookies, messages contained in cookies may only be deciphered by the server which has created them. Cookies are usually used in the case of user statistics, on-line opinion polls, on-line shops or log-in web sites. Any web sites using cookies should inform browsers of that in their rules and regulations in addition to instructing users on how to deactivate them. While this issue is not expressly regularized in Polish law, it must be noted that whenever a cookie is attributable to a specific natural person, the provisions on personal data protection concerning personal data collecting and processing apply.

2.4 Transfer of Personal Data out of Poland

Personal data may be provided to a third-party country if the target country guarantees protection of personal data at least to the extent it is protected in Poland, unless the transfer of personal data results from an obligation imposed on a data administrator by law or by the provisions of a ratified international treaty. A data administrator may transfer personal data to a third-party country where:

• the person concerned has expressed his or her consent in writing;
• such transfer is necessary to perform a contract concluded between a data administrator and another entity in the interest of the person concerned;
• such transfer is necessary for reasons of public welfare or to prove the reasonableness of legal claims;
• such transfer is necessary to protect the vital interests of the person concerned;
• the data is in the public domain;
• the General Personal Data Inspector consents to such transfer.

The aforementioned requirements for transmitting data to third-party countries apply only to countries that do not belong to the European Economic Area.

2.5 Register of Personal Data

Personal Data Protection Law imposes an obligation on data administrators to submit database for registration by the General Personal Data Protection Inspector, who maintains a countrywide public personal database register. It is important to franchisors as well as franchisees that administrators of data processed only for the purpose of issuing invoices, bills or keeping accounts are exempt from the obligation to register.

2.6 Data Security

Neither the Personal Data Protection Law nor the implementing regulations to it mention any specific measures to be taken by data administrators to ensure that personal data is safe. Instead, they confine themselves to the general statement that it is data administrators’ task to ensure technical and organizational resources to protect personal data. The idea is mainly to protect it from being disclosed to or appropriated by unauthorized persons, processed in breach of the Law or changed, tampered with or destroyed.

3 Selling on the web

Selling products or services on the web is becoming increasingly popular. Entrepreneur is completely free to choose the scope of goods or services offered on his web site. This way, he may provide all or some of his products. Besides, he can also carry out sales primarily – if not exclusively – on his own site, opening traditional shops only for purposes of promoting his brand. Hence, if a franchisor wants to influence the scope of the franchisee’s on-line business, he should deal with that aspect in detail in a franchise agreement.

3.1 Legal requirements

A franchisor or franchisee selling products on-line should keep in mind the provisions of the Act on Protection of Certain Consumer Rights and on Liability for Damage Caused by a Hazardous Product dated March 2, 2000.
On-line sales are effected under a contract concluded by electronic means, i.e., concluded by a consumer and entrepreneur without the parties being present, by electronic means, such as on-line order form, form or on-line letter, telephone, telefax, electronic mail, and the like. An entrepreneur who set up this type of business must meet several specific requirements. One of the main obligations that an on-line seller has is to inform the consumer of the following:

• name and registered office or name, surname and address,
• authority which registered the entrepreneur’s business activity and the number under which it was registered,
• important characteristics of performance rendered and the object thereof,
• price or fee, including all of its components, particularly duties and taxes as well as mode of payment,
• costs as well as the deadline for and manner of delivery,
• right to rescind a contract,
• costs of using electronic means of communication if calculated other than according to a regular tariff,
• time limit in which an offer or information about price or fee is binding,
• minimum period for which a contract for continued or periodic performance is to be concluded,
• place and manner of lodging complaints.

The above information must be provided by electronic means of communication no later than the moment a consumer is offered to conclude a contract.
The statute makes it possible for a consumer concluding a contract by electronic means to rescind the contract without cause within ten days following release of an item and, if the contract pertains to the provision of a service – following the date of conclusion of the contract. In order to meet the deadline, it suffices for the purchaser of a product or service to send a written statement before the lapse of the aforementioned time limit. One cannot stipulate that a consumer may rescind a contract by paying a named sum. Unless the parties agreed otherwise, a consumer cannot rescind a contract if it pertains to any performance in which the price of or fee for such performance depends solely on (1) the fluctuation of prices in the financial market; (2) any performance which due to its nature cannot be returned or the object of which quickly deteriorates; (3) any delivery of the press or services concerning games and mutual bets.
A contract concluded by electronic means of communication may not impose on a consumer an obligation to pay the price or a fee before the receipt of an item or a service. Moreover, it should set forth the place and manner of lodging complaints. A contract should be performed by an entrepreneur no later than within thirty days after a consumer has made a declaration of intent on concluding it.

3.2 Choice of law issues

Under the Private International Law, contracting parties may choose the governing law for their relations; however, their choice is limited to the law which bears a relation to the obligation at issue. If the parties choose a different governing law, a court may annul their choice. However, this general principle is modified in the event of contracts concluded with consumers. The provision of Art. 3853 Point 23 of the Civil Code finds impermissible those provisions of a contract with a consumer which exclude the jurisdiction of Polish courts or refer a dispute to a Polish or foreign arbitration court and which stipulate that a dispute must be heard by a court which has no territorial jurisdiction under the Code of Civil Proceedings. Under the provisions in question, the plaintiff files suit with a court having jurisdiction over the defendant’s place of residence; in the case of a lawsuit against a legal person or any other entity that is not a natural person, the plaintiff files suit with a court having jurisdiction over the defendant’s seat.

3.2 Electronic Signature

The e-signature was introduced into Polish law by operation of the E-Signature Law dated September 18, 2001. The e-signature may be deemed as equivalent to a handwritten signature if it meets the specific statutory requirements for an e-signature to be deemed safe. A declaration of intent signed with such a signature triggers the same legal effects as that signed by a handwritten signature. A safe e-signature, however, does not supersede a handwritten signature. Indeed, the law clearly requires a handwritten signature, for example, for drawing up a holographic will or for affixing a signature to be certified by a notary public.

4 Conclusion

As shown above, the laws governing the issues of on-line business and personal data processing impose a number of obligations on a franchisor and its franchisees alike. It is extremely important for a franchisor to ensure that all of its franchisees comply with these obligations. Although noncompliance by one of them will not result in the direct liability of the franchisor, it will have a negative impact on the image of the whole franchising system.

Andrzej Krawczyk

Managing Partner
Academy of Franchising Systems' Development