Terms and Conditions

T&C

Data Act

Additional Terms and Conditions For Data Processing Services under the Directive (EU) 2020/1828 (Data Act)

applicable from 12.09.2025

A. General

Agreement

1. Customer and Provider agree that Provider will make available to Customer certain Services on and in accordance with the terms of this Agreement – consists of the following documents including any amendment thereof or supplement thereto, as well as all acts related to performance of the agreement(s), including without limitation its Annexes  (hereinafter collectively referred to as the ‘Agreement’):

A.  General, with Annex Definitions;

B.  Switching & Exit, with Annex Switching & Exit Plan;

C.  Termination;

2. The aforementioned documents separately and collectively form an integral part of the Agreement. Any reference to the Agreement shall be deemed to include a reference to said documents.

3. The agreement between Parties on the above supersedes and replaces any previous arrangement, understanding or agreement, whether written or oral, between the Parties with respect to the subject matter in the aforementioned documents. Any matters not covered by these Agreement will be governed by the general terms and any other applicable terms for the Client's services.

Definitions

4. The definitions used and applicable in the Agreement are set forth in the Annex Definitions, hereunder.

Miscellaneous

5. In case of any conflict or other dispute between Parties under or related to this Agreement, Parties will discuss and aim to amicably settle the matter at hand in good faith in line with Article 27 Data Act but without prejudice to any rights and remedies each Party may have.

Annex Definitions

The following definitions in this Agreement, will have the following meaning:

1. Annex means an annex, schedule or exhibit explicitly referenced in the Agreement;

2. Customer as defined in Article 2(30) Data Act: a natural or legal person that has entered into a contractual relationship with a Provider of Data Processing Services with the objective of using one or more Data Processing Services. For purposes of this Agreement, said Customer is the legal entity, person or organisation with whom Provider wishes to enter into, enters into or has entered into a legal relationship regarding providing Services by Provider, as well as related matters. There is no sectorial limitation under the Data Act, whether a Customer is part of the private, public, public-private or any other sector;

4. Data as defined in Article 2(1) Data Act. For easy reference: any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording;

5. Data Act means Regulation (EU) 2023/2854 (‘DA’);

6. Data egress charges as defined in Article 2(35) Data Act. For easy reference: data transfer fees charged to Customers for extracting their data through the network from the ICT infrastructure of the Provider of Data Processing Services to the system of a different provider or to on-premises ICT infrastructure;

7. Data Processing Service as defined in Article 2(8) Data Act. For easy reference: a digital service that is provided to a Customer and that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature that can be rapidly provisioned and released with minimal management effort or service provider interaction. For purposes of this Agreement, the said data processing services regard those provided or to be provided by Provider to Customer as agreed under the Agreement, not being Other Services;

8. Destination Provider as mentioned in Article 2(34) Data Act, means the destination provider of data processing services, whereby the Customer changes from using the Data Processing Services from Provider to using another data processing service of the same service type, or other service, offered by such different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data;

9. Digital assets defined in Article 2(32) Data Act. For easy reference: elements in digital form, including applications, for which the Customer has the right of use, independently from the contractual relationship with the Data Processing Service it intends to switch from;

10. Exportable data as defined in Article 2(38) Data Act. For easy reference: the input and output data, including metadata, directly or indirectly generated, or cogenerated, by the Customer’s use of the Data Processing Service, excluding any assets or data protected by intellectual property rights, or constituting a trade secret, of the Provider or third parties;

11. Functional Equivalence as defined in Article 2(37) Data Act. For easy reference: re-establishing on the basis of the customer’s exportable data and digital assets, a minimum level of functionality in the environment of a new data processing service of the same service type after the switching process, where the destination data processing service delivers a materially comparable outcome in response to the same input for shared features supplied to the Customer under the Agreement;

12. Interoperability as defined in Article 2(40) Data Act. For easy reference: the ability of two or more data spaces or communication networks, systems, connected products, applications, Data Processing Services or components to exchange and use data in order to perform their functions;

13. Maximum Notice Period as defined in Article 25(2)(d) Data Act, and within that meaning further defined in the part Switching and Exit, as agreed between Parties under the Agreement;

14. Mandatory Maximum Transitional Period md as defined in Article 25(2)(a) Data Act, and within that meaning further defined in the part Switching and Exit, as agreed between Parties under the Agreement;

15. Metadata as defined in Article 2(2) Data Act . For easy reference: a structured description of the contents or the use of data facilitating the discovery or use of that data;

16. Minimum Period of Data Retrieval as defined in Article 25(2)(g) Data Act, and within that meaning further defined in the part Switching and Exit, as agreed between Parties under the Agreement;

17. Non-personal Data as defined in Article 2(4) Data Act. For easy reference: data other than Personal Data;

18. On-premises ICT infrastructure as defined in Article 2(33) Data Act. For easy reference): ICT infrastructure and computing resources owned, rented or leased by the customer, located in the data centre of the customer itself and operated by the customer or by a third-party;

19. Other Services means all professional services of whatever nature to be provided by Provider to Customer under the Agreement as defined therein, that are not Data Processing Services;

20. Party or Parties means Customer or Provider, respectively Customer and Provider;

21. Personal Data as defined in Article 4, point (1), of Regulation (EU) 2016/679 (General Data Protection Regulation (‘GDPR’));

22. Plan means the switching and exit plan referred to in the part Switching and Exit, as agreed between Parties under the Agreement;

23. Processing as defined in Article 2(7) Data Act. For easy reference) being: any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or other means of making them available, alignment or combination, restriction, erasure or destruction;

24. Provider (or as also mentioned in Article 2(34) Data Act, Source Provider) means the source provider of data processing services being the legal entity with whom Customer wishes to enter into, enters into or has entered into a legal relationship regarding providing data processing services and other Services by Provider under the Agreement;

25. Same Service Type as defined in Article 2(9) Data Act. For easy reference) being: a set of Data Processing Services that share the same primary objective, data processing service model and main functionalities;

26. Services means both the Data Processing Services as well as all Other Services as agreed by Parties under the Agreement;

27. Service Fee means the fees due and owed by Customer to Provider as consideration for the provision of Services as agreed by Parties under the Agreement;

28. Switching as defined in Article 2(34) Data Act. For easy reference : the process involving the (source) Provider, a Customer of a data processing services and, where relevant, a destination provider of data processing services, whereby the customer of a data processing service changes from using one data processing service to using another data processing service of the same service type, or other service, offered by a different provider of data processing services, or to an on-premises ICT infrastructure, including through extracting, transforming and uploading the data;

29. Switching charges as defined in Article 2(36) Data Act. For easy reference: charges, other than standard service fees or early termination penalties, imposed by a provider of data processing services on a customer for the actions mandated by the Data Act for switching to the system of a different provider or to on-premises ICT infrastructure, including data egress charges.

B. Switching and Exit

1. Information

1.1. Before placing the order for the Data Processing Services, the Provider has provided the Customer with clear information about:

1.1.1 available self-service automated switching tools for such Services (“Switching Tools”) and the conditions of their use;

1.1.2 their standard service fees and, where applicable, early termination penalties;

1.1.3 the Switching Charges, including the fees for use the Switching Tools;

1.2. Annex 1 to this Part B of the Agreement includes:

1.2.1. an exhaustive specification of categories of Data and Digital Assets that can be

transferred with the use of Switching Tools, including at a minimum all Exportable Data;

1.2.2. an exhaustive specification of categories of Data specific to the internal functioning of

the Provider’s Data Processing Service that will be exempted from the obligation to

export data where there is a risk of breach of the Provider’s trade secrets.

1.2.3.information on procedures for switching and porting with the use of Switching Tools,

including methods and formats, restrictions and technical limitations, procedures,

instructions, documentation, as well when applicable, best practices, capabilities,

technical support which the Provider will make available to the Customer (especially

during testing, preparation for switching and switching), including any hotlines available

for the Customers during the switching or alternative communication channels, tests

scenarios. This information must explain how to switch all Exportable Data and Digital

Assets in a coherent and consistent way fast enough for an effective switching.

1.2.5. clear information concerning known risks to continuity in the provision of the functions

or services on the part of the source Provider;

1.3. The Provider’s on-line register with data structures and formats, relevant standards and open interoperability specifications for Data is specified in Annex 1.

2. Initiation of the switching process

2.1. The Customer must give the Provider a switching notice that it initiates the switching, observing the Notice Period. If the Customer wishes to switch only with regard to certain Services, Data or Digital Assets, it must specify that in the switching notice. 

2.2. In the switching notice the Customer must inform whether it intends:

2.2.1. to switch to a different Provider of Data Processing Services;

2.2.2. to switch to an on-premises ICT infrastructure of the Customer; or

2.2.3. not to switch but only erase their exportable Data and Digital Assets.

2.3 The Customer's switching notice must be unambiguous for the Provider to initiate action and for any associated deadlines to commence.

3. Transitional Period

3.1. When the Provider cannot respect the agreed Transitional Period of 30 days because this is not technically feasible, the Provider undertakes to:

3.1.1. notify in writing the Customer within 14 working days after receiving the notice for switching;

3.1.2. indicate an alternative Transitional Period, which must not exceed seven (7) months from the date of the Customer’s switching notice; and

3.1.3. give proper justification for the technical unfeasibility

3.2 The Customer may extend the Transitional Period once, for a period they consider more appropriate for their own purpose. In that case, the Customer must notify the Provider in writing of their intention until the end of the original Transitional Period and indicate the alternative Transitional Period.

4. Obligations of the Provider during the switching process

4.1. It is the responsibility of the original provider to extract the data and provide it to the Customer, whereas the Customer or the acquiring provider of data processing services is required to upload the data to the new environment. Consequently, the transfer and import of data into the target system are not the responsibility of the Provider.

4.2 Within the scope of its obligations under the Data Act, Provider undertakes to provide reasonable assistance to the Customer and third parties authorised by the Customer once the switching process starts and throughout its duration so that the Customer can switch within the Mandatory Transitional Period. To this effect, the Provider must, in particular:

4.2.1 Act with due care to maintain business continuity and continue to provide the functions or services under the Agreement.

4.2.2. Maintain a high level of security throughout the switching process, in particular for the security of the data during their transfer.

5. Customer’s obligations

5.1. The Customer undertakes to take all reasonable measures to achieve effective switching. The Customer undertakes to be responsible for the import and implementation of Data and Digital Assets in their own systems or in the systems of the Destination Provider. 

5.2. The Customer or third parties authorised by them, including the Destination Provider, undertake to respect the intellectual property rights of any materials provided in the switching process by the Provider as well as Provider’s trade secrets. 

5.3. In the context of data transfer, the Provider's primary obligation is to extract and make the data available to the Customer. This process may necessitate specific activities and cooperation from the Customer. To enable the Provider to fulfill its obligations, the Customer's active collaboration is required in certain instances. This may include, but is not limited to, the Customer's responsibility to provide adequate storage, access credentials, and cryptographic keys necessary for downloading the data via self-service mechanisms. Further detailed procedures and requirements for customer cooperation are available on the website specified in Annex 1.

6. Data retrieval and erasure of data

6.1. The Customer could retrieve or erase their data during the Agreed Period of Data Retrieval,which is 30 days.

6.2. At the end of the Agreed Retrieval Period, and if the switching process has been completed successfully, the Provider undertakes to erase all Exportable Data and Digital Assets generated by the Customer or related to the Customer directly, except for the Exportable Data which the Provider is obligated to store under mandatory EU or EU Member States laws.

 

7. Charges for the switching process and egress charges

The Provider reserves the right to charge the Customer switching fees within the scope permitted by the Data Act. 

8. Termination of the switching process

8.1. As soon as the Customer notifies the Provider that the switching process is successfully completed, the Provider undertakes to notify the Customer immediately of the contract’s termination. This corresponds to Clause 5.1 in the Part on Termination. If the Customer will not confirm successful switching within 30 working days from such request, it is deemed that the switching was not successful and the Agreement will not be terminated and will continue on its existing terms.

8.2. If the Customer does not want to switch but rather to erase their Exportable Data and Digital Assets as per point 3.2.3 Initiation of the switching process above, at the end of the agreed Notice Period the Provider undertakes to notify the Customer of the termination of the contract.

Annex 1 (referred to in Clause 1.2)

1. Categories of Data and Digital assets that can be transferred including at a minimum all Exportable Data: Customer’s content data (ex. document, images, videos, databases), Customer’s data processed by applications (ex. CRM data, ERP data), Customer’s logdata, Customer’s configuration files, Customer’s virtual machine images, Customer’s metadata (incl. Customer’s file metadata, Customer’s system metadata, Customer’s database metadata), Customer’s communication data, Customer’s applications, Customer’s software licences, custom scripts and automation, Customer’s data schemas and models. 

2. Categories of Data and Digital Assets specific to the internal functioning of the Provider’s data processing service, with risk of a breach of the provider’s trade secrets, which are exempted from switching : system architecture and design data, core software and platform code, security infrastructure and protocols, performance optimization and resource management data, operational and monitoring data. 

3. Data and Digital Assets protected by the intellectual property rights of Provi

der or third parties, which are exempted from switching: software and algorithms, infrastructure and system configurations, internal operational data, brand and branding assets, derived and interferred data, operational know-how.

4. Information on procedures for switching and porting with the use of switching tools:

IONOS SE https://www.ionos.de/hilfe/index.php?id=25376 

IONOS Ltd. https://www.ionos.co.uk/help/index.php?id=25376

IONOS SARL https://www.ionos.fr/assistance/index.php?id=25376

IONOS S.L.U. https://www.ionos.es/ayuda/index.php?id=25376

IONOS SE /Italy https://www.ionos.it/aiuto/index.php?id=25376

Public Cloud: https://docs.ionos.com/cloud/data-export/eu-data-act

5. Known risks to continuity in the provision of the functions or services of the Source Provider: the services can generally continue to be used during the transfer. However, the following exemplary risks in particular in connection with dependence on third-party systems and customer input cannot be ruled out: post-transfer application compatibility issues, unexpected data volume or complexity, dependency on third-party integrations, lack of clear communication or coordination.

C. Termination

Definitions

To understand the key terms used in these part of the Agreement, we recommend that you first consult the section on “Definitions”, which are applicable for the whole Agreement. The terms in this part of the Agreement starting with capital letter are defined in the section “Definitions”.

Termination

1.1 The Agreement will be considered terminated between the parties when one of the following events has occurred in full:

1.1.1 Where applicable, on the successful completion of the switching process (‘Event A’).

or;

1.1.2 At the end of the Maximum Notice Period where the Customer does not wish to

switch but to erase its exportable Data and Digital Assets on termination of the

service (‘Event B’).

Should Event A or B occur before the agreed minimum contract term expires, the Provider is entitled to retain fees already paid by customer or claim the remainder of the fees agreed for the minimum contract term in full  as an early termination fee. 

Termination of the Agreement if the switching process is successfully completed will be

further detailed and otherwise arranged for in the Clauses 3.1 and 4.1.

In any case, the Customer should inform the Provider of its successful switching as set forth in Clause 4.1.

2.1. At its discretion, Customer will involve the Destination Provider on Customer’s behalf.

Termination Process

3.1 Successful completion of the switching process set forth in Clause 1.1.1 can only occur and will be (deemed) completed, after:

3.1.1. the [Maximum] Agreed Notice period (equal to the minimum contract term, but no longer than 2 months) has expired, and

3.1.2. the Transitional Period (max. 30 days) has commenced after the Notice Period has elapsed, Clause 1.1.1 applies, and the Switching and Exit Assistance set out in that clause must be initiated and completed;

3.1.3. the Data Retrieval Period has commenced after the termination of the Transitional Period, and;

3.1.4. the data erasure has been completed successfully after the expiry of the Data Retrieval Period or after the expiry of an alternative agreed period following the successful completion of the switching process.

4.1 As soon as the Customer notifies the Provider that the switching process is successfully completed, the Provider undertakes to notify the Customer immediately of the termination of the Agreement. If the Customer does not notify the Provider about successful switching or the lack thereof, it is deemed that the switching was not successful and the Agreement will not be terminated and will continue on its existing terms.

4.2. If the Customer does not wish to switch but rather to erase its exportable data and digital assets set forth in Clause 1.1.2 termination can only occur and will be deemed completed, if:

4.2.1. the [Maximum] Agreed Notice Period has expired, and;

4.2.2. the Customer has unconditionally and clearly asked the Provider to execute the Data Erasure, and in response the Data has been successfully erased. 

4.2.3. At the end of the Agreed Notice Period the Provider undertakes to notify the Customer of the termination of the contract.