What are the obligations of an entrepreneur providing services by electronic means?


The status of a service provider is associated with many obligations, primarily informational, the violation of which may result in a fine, liability for damages or the recognition of the entrepreneur's actions as a misleading practice or an act of unfair competition. Let's read what are the obligations of an entrepreneur providing electronic services?

What is the provision of electronic services?

Provision of services by electronic means is:

In practice, this enigmatic definition comes down to the provision of services such as online booking of accommodation or online store services (setting up an account, shopping and other functions).

Entities enabling access to such functions should bear in mind the statutory obligations associated with their online presence, whether or not such activities are their core business.

Basic information about the service provider as obligations of an entrepreneur providing services by electronic means

The main obligation of the service provider is to provide, in a clear, unambiguous and directly accessible way through the ICT system used by the service recipient, information allowing for the identification of the entrepreneur providing a given service. This obligation is a guarantee of transparency and security for the user and enables him to pursue claims against the service provider subsequently.

The regulations require the service provider to inform about:

  • electronic addresses,

  • name and surname,

  • place of residence and address,

  • name or company with its registered office and address.

An entrepreneur whose activity requires a permit under separate regulations is also required to provide information on:

  • proper permit,

  • the authorizing authority.

Similarly, in the case of professionals, access to which depends on meeting certain statutory requirements, it is necessary to inform about:

  • name and surname, place of residence and address (name, company, seat and address) of the representative, if appointed,

  • professional self-government to which he belongs,

  • professional title along with the country in which it was awarded,

  • the number in the public register to which it is entered, indicating the name of the register and the authority keeping it,

  • the ethics rules applicable to your profession and the way in which you can read them.

Failure by the service provider to provide these basic data, as well as providing false or incomplete data by the service provider, is an offense punishable by a fine.

Special risks and information about cookies

The service provider is obliged to provide the service recipient with access to up-to-date information about:

  • specific risks related to the use of an electronic service,

  • the function and purpose of the software or data that is not a component of the content of the service, introduced by the service provider to the ICT system used by the recipient.

The first of the above-mentioned obligations boils down to providing the user with, as it seems, obvious information that while using the services available on the Internet, there is a possibility of infecting the user's system with viruses, and in order to minimize the risk of damage, certain precautions should be taken.

The second obligation relates to the use by the recipient of the so-called cookie files ("cookies"), i.e. files stored on the user's computer, used to monitor his preferences, visit history of individual websites, etc. Using cookies, the service provider collects information about users using his services, therefore it is necessary to inform the recipient that such activities are taking place.

Obligation to introduce regulations

In any case, when the activity of the entrepreneur is connected, even incidentally, with the provision of electronic services, it is necessary for him to introduce regulations, in which he will include the information required by law. The regulations should be made available to the recipient before concluding a contract for the provision of such services. The user may also request that the regulations be made available to him in a way that allows the acquisition, playback and recording of its content (e.g. by downloading it in pdf format).

The regulations should contain in particular:

  • types and scope of services provided electronically,

  • conditions for the provision of services by electronic means, including technical requirements necessary to cooperate with the ICT system used by the service provider and the prohibition of the service recipient from providing illegal content,

  • conditions for concluding and terminating contracts for the provision of electronic services,

  • complaint procedure.

Obligation to ensure the operation of the ICT system

The service provider is also responsible for ensuring the operation of the ICT system it uses. Pursuant to the Act, the entrepreneur is to provide the user free of charge, if required by the nature of the service:

  • using the service in a way that prevents unauthorized access to the content of the message that makes up this service, in particular using cryptographic techniques appropriate to the properties of the service provided,

  • unequivocal identification of the parties to the service and confirmation of the fact of submitting declarations of will and their content necessary to conclude a contract for the provision of this service, in particular through the use of a secure electronic signature.

It is also obliged to enable the user, free of charge, to terminate the use of the service provided electronically at any time.

Start a free 30-day trial period with no strings attached!

Processing of personal data

When providing services by electronic means, the entrepreneur also processes the personal data of users. In this regard, the service provider is obliged to enable the user to obtain up-to-date information about:

  • the possibility of using the service provided electronically anonymously or using a pseudonym,

  • technical measures provided by the service provider to prevent the acquisition and modification of personal data sent electronically by unauthorized persons,

  • the entity entrusted with the processing of data, their scope and intended date of transfer, if the service provider has concluded an agreement with this entity for entrusting data processing.

This information should be constantly and easily accessible to the user by means of the ICT system he uses.

How information is provided

The form and method of providing information to users are also important. The Act requires that they are communicated in a legible and comprehensible manner and that they are not misleading.

Therefore, a breach of this obligation will be to place information in a place that is difficult to access, to post it in a way that significantly hinders its reading, or to disclose distorted information.

This situation can have two consequences. On the one hand, it exposes the entrepreneur to the accusation that de facto the information required by the law has not been provided to the user, which as an offense is punishable by a fine. On the other hand, such infringements may form the basis for the initiation of proceedings by the Office of Competition and Consumer Protection and may be regarded as an unfair market practice or an act of unfair competition.

An example of sanctioning this type of infringement may be the decision of 30 May 2005, in which the President of the Office of Competition and Consumer Protection indicated that the action of not providing the user with information required by the Act on the provision of electronic services: "(...) the will of the legislator and is a failure by the entrepreneur to provide consumers with reliable, truthful and complete information about their rights. It is therefore an unlawful act. (...) it should be stated that the described activity of the entrepreneur, violating the provisions of the Act on the provision of electronic services and consumer rights, and the regulations, undoubtedly harmed the interests of the consumer and had adverse effects on his side "[Decision of the President of the Office of Competition and Consumer Protection No. 35/2005 of May 30, 2005]. For this reason, the decision recognizes the breach of disclosure obligations as a practice violating collective consumer interests.

In practice, entrepreneurs operating on the Internet fulfill the obligations imposed by the act by placing relevant information or a link to it, e.g. in the footer of the website or in the "Contact" tab, or introduce them to the regulations or create a special document, the so-called "Privacy policy", made available in a visible place on the website.