KSeF API logo

Terms and conditions of the ksefapi.pl website

§1

General provisions

1. These Regulations define the scope and terms of providing Services electronically via the ksefapi.pl Service. The business owner of the ksefapi.pl platform and all other domain names listed in these Regulations is the company: NETCAT – SYSTEMY INFORMATYCZNE, 02-495 Warsaw, Zagłoby 21/10, NIP: 7272445205, REGON: 472301670.

2. The provisions contained in the document define the rights and obligations of the Users and the ksefapi.pl Website.

3. These Regulations have been drawn up based on applicable legal provisions, in particular the provisions of:

[1] Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2013, item 1422).

[2] Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as GDPR).

[3] Act of 29 August 1997 on the Protection of Personal Data (Journal of Laws of 2016, item 922).

§2
Definitions and concepts

For the purposes of these Regulations, the following definitions apply:

System administrator – a person responsible for the correct functioning of the ksefapi.pl website, who is authorized to perform all activities aimed at ensuring the implementation of the provisions of these Regulations.

Personal data – data provided by the User during registration in the system. During registration, the User must provide the following personal data: e-mail address. To use paid plans, the User must also provide Billing Data.

Billing details – data enabling the issuance of a VAT invoice: Company name, Tax Identification Number, company address including: street, building number, apartment number (optional), postal code and city, as well as a dedicated company e-mail address to which electronic invoices in the form of PDF files are to be sent (optional), and after the mandatory use of KSeF comes into force, to which e-mails containing notification of the issuance of a new e-Invoice will be sent.

e-Invoice – an electronic structured invoice that adopts the XML format consistent with the currently applicable logical structure of the e-Invoice FA(2) published in the Central Repository of Electronic Document Templates (CRWDE) on the ePUAP platform

User Password – means a code selected by the User containing at least 9 characters, which in combination with the User Identifier allows access to the User Account. The User Password is confidential.

User ID – e-mail address provided by the user during registration, which, in combination with the User Password, allows access to the User Account. The User Identifier is public.

User Account – means an account of a person or company. After successful authentication to the system, the account may be used only and exclusively to implement services provided by the ksefapi.pl service in accordance with these rules and the rights that a specific user has.

KSeF – National e-Invoice System providing an API interface, with which integration in various forms is offered by the ksefapi.pl website.

Buyer – a user using paid plans who is required to provide a correct (true) Tax Identification Number in order to issue a VAT invoice.

Ksefapi.pl – system, internet service, internet portal, www application, mobile application and platform providing REST KSEF API interface and programming libraries enabling integration with KSeF system. Use of the above names anywhere in this document is identical to use of the name ksefapi.pl.

Additional fee – a fee charged for each operation performed by Customer Service employees, even though the User can perform this operation themselves using their account. In particular, it concerns re-sending an invoice, even though all invoices are available to Users after they log in to their account on the Service.

Plan – a set of services, operations and activities and configuration settings that can be defined by the User in accordance with the applicable price list of services. Within the Plan, the Service Recipient purchases a number of queries specified in a given plan, the validity of which always expires on the last day of a given calendar month. The ksefapi.pl service offers standard plans and an Individual plan, which allows for any configuration of the service in order to best adapt them to the User's needs.

Service – see ksefapi.pl.

Services – all services related to the functioning of ksefapi.pl, the scope of which is described in detail in §3. The services are provided in accordance with the provisions of the Act [1].

Service recipient – means a natural person, a legal person or an organizational unit without legal personality that uses the Services.

Service Provider – NETCAT – IT SYSTEMS, 02-495 Warsaw, Zagłoby 21/10, NIP: 7272445205, REGON: 472301670.

User – A service recipient who has an account in the ksefapi.pl system.

Account blocking – operation related to the User Account. Blocking the User Account may be blocked by the System Administrator as a result of failure to comply with the rights and obligations arising from these Regulations.

§3

Scope of Services Provided

1. Services are made available via GUI and API interfaces.

2. Services provided by GUI (web application, mobile application):

a) Generating e-Invoices

b) Sending e-Invoices to KSeF

c) Searching and downloading e-Invoices

d) Downloading any e-Invoice (sales or cost) in which the Service Recipient is indicated as the seller or buyer.

e) Visualization of e-Invoice in the form of a PDF file

f) Creating templates for e-Invoices

3. Services (operations) provided by API and programming libraries, in accordance with the published technical documentation.

4. The information service is provided using the e-mail address of the Users and is intended to inform them about:

a) Planned system downtime.

b) Possible failures.

c) Important changes affecting the operation of the Service and Users (e.g. new versions of applications, libraries or changes to these Terms and Conditions).

§4

User Rights and Obligations

1. The condition for using the Website Services is to express consent to the processing of personal data within the meaning of the GDPR [2] and the Act [3].

2. The Website User has the right to:

a) Use the Services in accordance with these terms and within the currently selected Plan.

b) Changes to the selected Plan.

c) Submitting complaints in the event of observing improper operation of the Website.

d) Reporting errors, suggestions, observations and other comments related to the operation of the Service.

e) Requesting the extension or introduction of a new functionality or service, if the currently selected Plan allows it.

f) Using the online help system and telephone technical support.

e) Protection of personal data and data management in accordance with the provisions of §13.

3. The User of the Service is obliged to:

a) Read and accept the content of these Regulations.

b) Meeting payment deadlines resulting from the performance of the Services provided, and thus complying with the provisions of these Regulations.

c) Inform the Service Provider about any changes affecting the implementation or enforceability of the provisions of these Regulations.

d) Providing true data in the registration process (setting up an account) and ordering Services. For all paid Plans, it is required to provide a correct Tax Identification Number and e-mail address enabling verification of the User. The data provided during registration will be used to settle the provided Service.

e) Use the Services in accordance with applicable law and these terms and conditions.

f) Not taking any action to the detriment of other entities, in particular entities about which information is presented on the Website.

g) Making payments for issued invoices in accordance with the Plan selected by the User, even if the User has not made any enquiries during the billing period.

4. The User consents to the use by the Service Recipient of the User's trademarks (logos) on websites belonging to the Service Provider, also for marketing purposes, without additional remuneration for this.

5. Sharing your password with anyone is prohibited. The Service Provider is not liable for any damages incurred by a User who has shared their password with third parties.

6. The User agrees to the termination of the provision of Services (blocking of the Account) with immediate effect in the event that the User violates the provisions of these Regulations.

7. The User has the right to resign from using the Website's services at any time, with effect at the end of the following month from the date of sending the resignation instruction.

§5

Privacy Policy

1. The administrator of the Users’ personal data is NETCAT – SYSTEMY INFORMATYCZNE, 02-495 Warsaw, Zagłoby 21/10, hereinafter referred to as the Administrator.

2. Administrator's contact details: kontakt@ksefapi.pl, tel. +48 222 199 199. The Administrator has appointed and authorized a person to perform the function of the Personal Data Inspector. Any questions related to the protection of personal data should be directed to the Personal Data Inspector by sending an e-mail to the account provided in point 2.

3. The purpose and scope of data collection are described in detail in §13.

4. Providing data is voluntary, but necessary for the Website to provide Services or to ensure contact with the Administrator or to receive important information and system messages from the Administrator.

5. The Service Provider undertakes to make every effort to protect data and privacy in accordance with the GDPR [2] and the Act [3].

6. The Administrator declares that he has conducted a risk analysis, applies security measures described in the Security Policy (PB), processes Users' data in accordance with the GDPR [2] and the Act [3] and that he has implemented technical and organizational measures ensuring protection of the processed data appropriate to the threats and categories of data subject to protection, and in particular protects the personal data of Users against making them available to unauthorized persons, loss or damage.

7. The Administrator informs that the applied security measures fully guarantee the confidentiality, integrity and accountability of the processed data.

8. The basic documents describing all of the Service's obligations to guarantee the highest level of privacy are the provisions of these Regulations and internal regulations (Security Policy, procedures, etc.).

9. Every User has the right to view their data and the right to update it.

10. The User may request the removal of the account and information about themselves provided when creating the account from the database. To do this, they should send a request to the following address: kontakt@ksefapi.pl with data enabling the unambiguous identification of the user account.

§6

Rights and obligations of the Service Provider

1. The Service Provider will make every effort to ensure that the Services are provided at the highest level, continuously and uninterruptedly.

2. The Service Provider undertakes to ensure the highest quality of the Services provided and to perform all possible actions aimed at guaranteeing full satisfaction of the Users using the Service.

3. The Service Provider is not responsible for:

a) Content of the data provided.

b) Data made available to authorized state bodies and institutions (Police, Prosecutor's Office), the transfer of which may be requested on the basis of separate legal provisions.

c) How other Users use the Services.

d) Damage resulting from a lack of continuity of service provision resulting from force majeure or unavailability of the systems referred to in point e.

e) Lack of availability of the KSeF system and other external systems (VIES system and VAT system) and the REGON reference register.

4. The Service Provider collects in the form of logs and stores for evidentiary purposes all queries and responses obtained from the National e-Invoice System (KSeF).

5. At the User's request, the Service Provider shall make the above-mentioned logs available free of charge in the event of the need to present evidence to tax inspection authorities.

6. The Service, its graphic design and functionalities may be changed at any time without prior notice.

7. The System Administrator may block or delete the User Account at any time if it is found that the User has failed to comply with the provisions of these Regulations.

§7

Availability Guarantee

1. The Service Provider guarantees that it will make every effort to ensure that the Service is available 24 hours a day, 7 days a week and 365 days a year (7/24/365). The above guarantee assumes that the service availability over the year will not be lower than 99%. The calculation of the total service availability over the year does not include planned downtime.

2. The availability guarantee does not apply to KSeF, external systems and reference registers listed in § 6 item 3 section e.

3. We guarantee that failures will be removed within a maximum of 4 hours, provided that the failure or lack of access to the service are not related to force majeure.

4. We guarantee that for any downtime longer than 8 hours, the User may apply for a reduction of the monthly fee for the provision of Services.

5. The Service Provider reserves the right to perform planned downtime related to system maintenance. Downtime may involve temporary disconnection of access to the Services. If the planned downtime or temporary unavailability is carried out during the night hours: 22-6 and is not longer than 6 hours, it may be performed without prior notice. Planned downtime may be related to:

a) Installing updates or patches to existing software.

b) Introducing new functionalities.

c) Other work of a maintenance nature.

§8

Complaints

1. All complaints related to the operation of the Service should be submitted electronically, no later than 30 days from the occurrence of the event to which the complaint relates.

2. Complaints will be considered within 14 days from the date of their submission, and the person submitting the complaint will be immediately informed about the method of considering the comments by e-mail to the e-mail address provided in the form.

3. The complaint should be submitted in the form of an electronic message sent to the following address: kontakt@ksefapi.pl.

4. Complaints sent in any language other than Polish or English will not be considered.

5. If the complaint does not contain information that would allow for the complaint to be considered unambiguously, the Service Provider reserves the right to send an e-mail to the address from which the complaint was sent, requesting additional information.

6. If the situation described in point 5 occurs, the deadline for considering the complaint is counted from the date of providing the additional information referred to in point 5.

7. Complaints cannot be filed regarding actions performed by the System Administrator aimed at enforcing applicable law, e.g. blocking a User Account.

8. Complaints resulting from ignorance of these Regulations will be considered negatively.

a) The right to file a complaint is available to Users using the portal’s services who are not in arrears with payments for the Services provided.

b) Complaints cannot relate to events and situations that occurred during planned downtime (system shutdown and maintenance), because Users are informed of each planned downtime at least 3 days in advance.

§9

Obligation to obey the law

1. The User undertakes to use the Services in a manner that does not violate the rights of third parties, personal rights, copyrights, good customs or legal provisions.

2. The entire content of the portal is protected by copyright, and therefore it is prohibited to copy in part or in whole the information posted on the portal, process, duplicate, modify and further make available to any entities without the express written consent of the owner of the portal. It is prohibited to connect to the Service using programs other than a web browser and the provided API software. It is prohibited to execute any scripts or place malicious code, as well as to carry out attacks aimed at blocking the Service. It is prohibited to buffer this data in a way that allows for its further processing. It is prohibited to use hypertext links and place the content of the Service in frames on other websites. It is prohibited to sell or make available for a fee applications and programming libraries and MS Excel add-ons that can be downloaded from the Service pages and to make the User's account available to third parties for a fee. Any detected prohibited activities will be reported to the appropriate law enforcement authorities.

§10

Settlements and payments

1. The settlement of the use of Services is carried out in accordance with the Plan selected by the User and the applicable price list, which is available at: https://ksefapi.pl/oferta.

2. The Service provides two types of accounts:

a) Pre-paid – a type of prepaid account that requires payment before using the Services.

b) Post-paid – a type of subscription account in which payment is made after using the Services.

3. The online payment service is provided by Krajowy Integrator Płatności SA (tpay.com) and the stripe.com platform.

4. Each new User of the Service, when creating an account, receives a pre-paid account type by default. Post-paid accounts are assigned by default to Users who have created Individual Plans.

5. In order to purchase one of the available paid plans, it is necessary to provide the User's Tax Identification Number (NIP) on the "Information" tab in the "Taxpayer's Identification Number (NIP) field of the contractor for whom VAT invoices are issued for the service".

6. The purchase of the selected plan can be made on the "Plan details" tab, where you should select the selected plan and then press the "BUY NOW" button. The selection of the purchased plan can still be changed on the "Payments" tab. The User can choose for what period (by default until the end of the current month) they want to purchase a given plan. To do this, they should select the appropriate date in the "TO" field. In order to make a payment for the selected plan, the User is automatically redirected to the tpay.com online payment system, which allows for the execution of transactions using the telecommunications network. The User is not obliged to enter the Service Provider's data, their bank account number, amount and transaction description. This data should be filled in automatically.

7. Users with a pre-paid account, after exhausting the number of queries in the current billing month, have the option to purchase additional query packages at the price of one query equal to the price of the query costs above the currently selected Plan.

8. If the User has a post-paid account and does not exceed the limit on the number of queries resulting from the query package available in the selected Plan per month, he or she does not incur any additional costs apart from the price of the selected Plan.

9. If the User has a post-paid account and exceeds the limit on the number of queries resulting from the query package available in the selected Plan per month, in addition to the fee for the selected Plan, the User is also obliged to pay for all additional queries above the Plan at the rate specified in the price list, appropriate for the selected Plan.

10. The billing period is a calendar month. If the User makes a payment to a prepaid account on a day other than the first day of the month, they are obliged to pay the full monthly fee, because the number of queries available under a given plan can be used in one day.

11. The settlement document is a VAT invoice.

12. The User agrees to the issuing of VAT invoices in electronic form. The Service Provider declares that the invoice in electronic form complies with the conditions specified in art. 106n. section 1 of the Act of 11 March 2004 on the tax on goods and services. The issued VAT invoices (PDF file) will be sent to the e-mail address provided by the User when creating the User Account or entered in the field "E-mail of the contractor to which VAT invoices for the service are sent". All invoices are also available in the "Invoices" tab for self-download from the User Account. For the avoidance of doubt, the Service Provider is exempt from the obligation to send invoices to the User in regular (paper) form.

13. If the User has a post-paid account, they can change their current Plan to another Plan at any time. The Plan can be changed only once in a given billing period. The old Plan is valid until the end of the current billing period, and the new Plan is activated at the beginning of the new billing period.

14. For post-paid accounts, if the amount due for a given settlement period does not exceed PLN 10 net, it will be carried forward to the next settlement period.

15. The date of payment is deemed to be the date on which the bank account specified on the VAT invoice is credited.

16. The payment deadline is 14 days from the date of issue of the VAT invoice.

17. If the 14-day invoice payment deadline is exceeded, the User Account which is of the post-paid type will be automatically switched to a pre-paid type account.

18. If the delay in payment exceeds 10 days from the due date, the Website Administrator is entitled to block the User Account until the payment is settled.

19. If the delay in payment exceeds 30 days from the due date, the Service Provider will be entitled to initiate debt collection procedures through a company providing professional debt collection services. In such a situation, the User will be obliged to cover the costs of collection, the costs of any legal proceedings and statutory interest.

20. If the User commissions the performance of an operation to employees of the Customer Service Office, even though he or she can perform it himself or herself from his or her account, the Administrator is obliged to charge an additional fee of PLN 50 net.

§11

Account Deletion

1. The User may at any time submit a request to delete the User Account from the ksefapi.pl portal. For this purpose, the User should send the request to the following address: kontakt@ksefapi.pl with data enabling unambiguous identification of the User Account to be deleted. Deleting the User Account is equivalent to ceasing to provide the Service to the User.

2. If the User has purchased any Plan paid for several months "in advance" and has submitted a request to delete the User Account before the expiry of this period, the User may not request a refund of the fee paid or any part thereof.

§12

Higher power

1. The Service Provider shall not be liable for failure to perform or improper performance of obligations arising from these Regulations due to the occurrence of force majeure - an event beyond the control of the parties, external, impossible to predict and prevent, in particular: fire, flood, earthquake, hurricane, war, natural disaster and other acts of nature, in addition to power failures, failures of the Internet provider and failures of hosting services, as well as strikes and acts of state authorities. In the event of force majeure, the performance of the Services will be suspended for a period equal to the period of force majeure.

§13

Data protection - Information clause

1. The provisions of these Regulations, in accordance with the preamble (81) of the GDPR and the provisions of the Act [1] constitute another legal instrument that is subject to the law of the Union or the law of a Member State. This means that acceptance of the provisions of these Regulations means consent to the entrustment and processing of personal data in accordance with the principles described in the Regulations.

2. The Service Provider declares that it protects the personal data of Users to the extent that they constitute personal data within the meaning of the GDPR.

3. All data provided by the User will be processed by the Service Provider solely for the purpose of providing the Services referred to in these Regulations. The User acknowledges that, pursuant to the provisions of Article 19 of the Act [1], the Service Provider is entitled to process the User's personal data provided when setting up the User Account, also after the end of using the Service, if they are:

a) Necessary to settle the Service and pursue claims for payments for using the Service.

b) Necessary to clarify the circumstances of unauthorized use of the Service, referred to in Article 21 paragraph 1 of the aforementioned Act.

c) Permitted for processing under separate acts.

4. All data provided by the User will be processed by the Service Provider solely for the purpose of providing the Services (legal basis: Art. 6 sec. 1 letter b of the GDPR) and for accounting and tax purposes pursuant to applicable legal provisions – Art. 6 sec. 1 letter c of the GDPR.

5. The content of this paragraph fulfils the information obligation required by Article 13 paragraph 1 of the GDPR [2].

6. Personal data may be processed for the following purposes:

a) In the event of acceptance of these Regulations – in order to provide services by electronic means, referred to in §3 of these Regulations, pursuant to Article 6 paragraph 1 letter b of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding a contract.

b) In the case of an inquiry received during a telephone conversation, to the company e-mail address or via the contact form – in order to answer a question, solve a problem or provide information content, pursuant to art. 6 sec. 1 letter f of the GDPR – the legitimate interest of the Controller in providing all information on its activities and on the products and services it offers, at the request of interested persons.

c) In other cases such as:

    1. settlement of completed queries and billing,
    2. ensuring the correct provision of services (technical logs),
    3. ensuring payment service support,
    4. providing tax and accounting services,
    5. debt collection,
    6. conducting court proceedings,
    7. conducting statistical analyses,
    8. ensuring the security of services, including enforcing compliance with the provisions of the Security Policy and other internal procedures and counteracting fraud and abuse and ensuring the security of network traffic,
    9. conducting research and analysis, among others, in terms of the functionality of the Service, improving the operation of services or estimating the main interests and needs of visitors,

– pursuant to Article 6 paragraph 1 letter f of the GDPR, i.e. the implementation of the legitimate interest of the Administrator.

7. Users' personal data are not made available to any other third parties. Only persons authorized by the Administrator may process personal data. In accordance with point 6, paragraph c) of this paragraph, personal data may be transferred to a debt collection company or to the National Debt Register.

8. The Administrator, unless it is necessary (e.g. decision of law enforcement authorities), does not intend to transfer personal data to a third country or an international organization.

9. Personal data will be stored by:

a) In the case of implementation of the ordered service: for the entire period of service provision.

b) In the case of a general enquiry or a request for quotation: for a period of five years from the date of receipt of the enquiry.

10. The User has the right to:

a) Request access to your personal data, its rectification, deletion or restriction of processing, to object to the processing, as well as the right to transfer data.

b) Lodging a complaint with the supervisory authority.

11. Providing data is voluntary and is not a statutory or contractual requirement, but:

a) Failure to provide them will prevent the Administrator from providing the Services – in the case indicated in point 2 letter a) of this paragraph.

b) Failure to provide them will prevent the Administrator from answering the question asked – in the case indicated in point 6 letter b) of this paragraph.

12. Personal data will not be used for automated decision-making, including profiling, as referred to in Article 22 paragraphs 1 and 4 of the GDPR [2].

§14

Cookie Policy

1. The Website may use cookie text files that are saved by the server on the User's computer.

2. Cookies are not used to collect personal data.

3. Cookies are not used to install or uninstall any computer program, they do not interfere with the integrity of the system or the User's data.

4. The Administrator reserves the right to use the services of third parties (e.g. Google Analytics) to develop statistics regarding the use of the Service pages. The Administrator declares that no identifying data will be made available to these entities.

5. Cookies used by the Service are consistent with those described on the website:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

6. In accordance with the applicable provisions of the Act of 16 July 2004 - Telecommunications Law (Journal of Laws No. 171, item 1800, as amended), the User has the right to decide on the access of cookies to their computer by selecting them in their browser window. Browser manufacturers provide instructions on their websites that allow for managing cookies.

7. The data obtained will not be used to identify users of the website and will be used solely to enable the use of the website, for statistical purposes, to measure traffic on the website and to properly direct messages, without the possibility of linking them to the User of the website and will not be used for any other purposes.

§15

Exclusion of liability of the Service Provider

1. In accordance with the provisions of Art. 12 and 13 of the Act [1], the Service Provider, while providing the Services described in §3 points: 2, 3, 4, shall not be liable for the content of the transmitted data and shall not be liable for the storage of data, because:

a) is not the initiator of the data transfer,

b) does not select the recipient of the data transfer,

c) does not select or modify the information contained in the message,

d) does not modify the data,

e) uses recognised IT techniques commonly used in this type of activity, defining the technical parameters of access to data and their updating, and,

f) does not interfere with the use of information technology techniques recognised and normally used in this type of activity for collecting information on the use of collected data.

2. The Service Provider declares that for the purposes of settling queries and billing, as well as to ensure the correct operation of the Services provided, it stores the data sent together with the content of the query.

§16

Final provisions

1. Any natural person acting under the authorization of the User, including the User himself, shall bear full liability under the law towards his principal.

2. Anyone who performs operations in the ksefapi.pl system is responsible for the consequences of their actions.

3. The ksefapi.pl portal would like to inform that all events and User actions are recorded in system event logs and are systematically analyzed to detect any type of abuse. Detected attempted attacks and actions to the detriment of the portal or other Users will be immediately reported along with the necessary data to the appropriate law enforcement authorities.

4. Complaints and requests are accepted electronically to the following e-mail address: kontakt@ksefapi.pl.

5. Any technical inconveniences and reservations related to the operation of the service should be reported to the System Administrator at the following e-mail address: kontakt@ksefapi.pl.

6. In matters not regulated in these Regulations, the provisions of the Act [1] and the Civil Code shall apply in particular. In the event of a lack of agreement, disputes shall be resolved by a common court having jurisdiction over the seat of the owner of the Service.

The Regulations enter into force on 1 May 2024.