Submitting request for a economic operator and facility identifier code by a third party.

The description is for a third party operator wishing to apply for the facility identifier codes on behalf of the operator of the first retail outlet

Under EU Directive 2014/40/EU and Regulation 2018/574, businesses participating in the tobacco trade will be required from 20 May 2019 to obtain identification codes allowing for detailed reporting of tobacco trade incidents.

Descriptions of the tobacco tracking system and detailed requirements and instructions related to this process can be found in EU Regulation 2018/574, which can be found at https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32018R0574&from=GA.

Please read this Regulation in detail before registering.

In order to obtain the operator and facility identification code (as defined in EU Regulation 2018/574), applications must be submitted to the national identifier issuer of your choice. In Poland, pursuant to the Ordinance of the Minister of Finance (ORDINANCE OF THE MINISTER OF FINANCE of 5 April 2019 on the designation of the entity issuing identifiers) of 9 April 2019, PWPW S.A. has been selected the issuer of identifiers. For handling applications related to the issuance of identification codes and identifiers, PWPW S.A. provides a test ID ISSUER website at the following address (https://www.idissuer.pl).

The entity responsible for the registration of retail outlets is always their owner, i.e. the operator of the retail outlet. However, the EU regulation allows for some flexibility. Requests for codes may be made by retail operators (e.g. owners of retail chains) or by a third party (e.g. distributors supplying tobacco products to retailers). According to the Regulation, these parties must reach an agreement with each other and jointly determine who will carry out the registration.

The operator of the first retail outlet must give their full consent to the third party registration, which must provide the operator with all registration information, including all assigned codes.

This document defines the activities for the registration of retail outlets by a third party economic operator.

In order to efficiently submit requests registering the entire network of facilities, we propose that the operator registering retail outlets on behalf of their operator should establish a hierarchy of persons responsible for selected groups of facilities. This allocation will clarify and facilitate the registration of all facilities and ensure the responsibility of individuals to handle the retail outlets allocated to them.

This structure may be one- or multi-level depending on the number of retail outlets served.

1. Example with one level of user hierarchy

One-level user hierarchy
One-level user hierarchy

The designated administrator first registers the user structure, then the created users register the facilities.

Requests submitted
Business Process Requests submitted by the operator of the first retail outlets in a structure with a one-user level

Actions for the administrator:

1. To register a user by creating an account in the ID ISSUER system (User registration). This account will be used to manage other users and their authorizations. This account will also show all registered retailer operators, their own operator, all facilities set up in their registered user hierarchy, and all users set up in their organisation's hierarchy.

2. To select and grant oneself the authorization to request codes for operators, facilities and user administration (First login and authorization selection).

3. To request for an identifier code for their own economic operator who is a third party operator in this case (Request for an operator code).

4. In addition, a request or requests for an identifier code for an operator of retail outlets (Request for an operator code), on whose behalf the retail outlet will be registered should be submitted. In the case of the registration of retail outlets for multiple retail operators, requests for an operator should be registered for each retail operator. (Optionally, this step can also be done by subusers).

5. To create subusers and grant them authorizations to register facilities. Within assigning authorizations to data, grant them authorizations to the operator registered in point 4. - the relevant economic operator operating retail outlets (Creating a subuser). If it is intended to register a third party's own facilities, care should be taken to ensure that any user is allocated the authorization to his own business entity registered in point 3 so that he can register facilities belonging to the third party.

Actions performed by subusers created by the administrator:

1. To activate the account, after receiving information about account registration (Activating the subuser account).

2. To request successively the facility identifier codes for each facility within the responsibility of the user concerned (Request for facility code).

2. Example with multi-level user hierarchy

Multi-level user hierarchy
Multi-level user hierarchy

The designated administrator first registers the subuser structure. Created administrators register successive subadministrators. The last level of subadministrators register users registering facilities. The created users register facilities. Users registering facilities can be created at any level of this structure depending on their specific needs. There are also no restrictions on administrators created to register facilities.

Requests submitted
Business Process Requests submitted by the operator of the first retail outlets in a structure with a multi-user level

Actions for the main administrator:

1. To register a user by creating an account in the ID ISSUER system (User registration). This account will be used to manage other users and their authorizations. This account will also show all registered retailer operators, their own operator, all facilities set up in their registered user hierarchy, and all users set up in their organisation's hierarchy.

2. To select and grant oneself the authorization to request codes for operators, facilities and user administration (First login and authorization selection).

3. To request for an identifier code for their own economic operator who is a third party operator in this case (Request for an operator code).

4. In addition, a request or requests for an identifier code for an operator of retail outlets (Request for an operator code) on whose behalf the retail outlet will be registered should be submitted. In the case of the registration of retail outlets for multiple retail operators, requests for an operator should be registered for each retail operator. (Optionally, this step can also be done by subusers).

5. To create the first level of subusers and grant them authorizations to register facilities. Within granting authorizations to data, grant them authorizations to the operator registered in point 4. - economic operator of retail outlets (Creating a subadministrator account). If it is intended to register a third party's own facilities, care should be taken to ensure that any administrator is granted the authorization to the own business entity registered in point 3 so that he can forward authorization to register facilities belonging to the third party to another user.

6. Optionally, you can also create subusers and grant them the authorization to register facilities. Within granting authorizations to data, they should be granted authorizations to the operator registered in point 4. - economic operator of retail outlets (Creating a subuser). Optionally to action from point 5, if it is intended to register a third party's own facilities, care should be taken to ensure that any user is granted the authorization to their own business entity registered in point 3 so that he can register facilities belonging to the third party.

Actions performed by subadministrators:

1. To activate the account, after receiving information about account registration (Activating the subuser account).

2. To create subusers, granting them the authorization to register facilities and the registered operator (Creating subusers). When creating the administrator structure itself, this step can be skipped and the next step can be performed.

3. To create next level of subadministrators, granting them the authorization to register facilities and the registered operator. Administrators should also be granted the authorization of Administration of users (Creating a subadministrator account). This step can be performed depending on the needs and plans related to the creation of user hierarchies.

Actions performed by subusers created by the administrator:

1. To activate the account, after receiving information about account registration (Activating the subuser account).

2. . To request successively the facility identifier codes for each facility within the responsibility of the user concerned (Request for facility code).

Note. There is no limit to how many levels of user hierarchy can be created.

3. Delegating the operation of registered retail outlets to other users.

The above registered retail outlet operator and the whole set of facilities registered on its behalf may only be managed by users who are authorized to use the relevant data.

Since the registration was carried out by a third party, only users created by the administrators of the third party may apply for modifications to these facilities as well as for the possible deregistration of the retailer's facility.

In the ID ISSUER system, however, it is possible to delegate the authorizations to such management to other users. This allows a third party to delegate the further management of facility data to other users, e.g. the operator of a retail outlet directly linked to a specific retail outlet.

Such user should be set up in accordance with the instructions Creating a subuser.

The created user must activate his new account in accordance with the instructions Subuser account activation.

A new user can already request a modification of the data of a facility to which they have been granted authorization.

Note. For security reasons, it is not possible to grant authorization for the operation of facilities to users registering themselves outside a structure created within a third party. Granting authorizations is the responsibility of the operator creating the subuser. Before granting authorizations to data, it is necessary to carefully verify to whom these authorizations will be granted. Once the data have been transferred, the transmitting party will not be prevented from viewing or handling the data.