DATA ACT Addendum

1. Background and purpose

This “Addendum” is entered into between Customer and Supplier, also collectively referred to as the “Parties”, and individually as a “Party”. The Addendum supplements the agreement and/or order form between the Parties, as updated from time to time (the “Agreement”). 

The Addendum is intended to implement the contractual obligations arising under the Data Act, with particular emphasis on the requirements set forth in article 25 of the Data Act, which states the rights of the customer and the obligations of the provider of data processing services in relation to switching between providers of such services or, where applicable, to an on-premises ICT infrastructure, shall be clearly set out in a written contract.

2. Structure

The Addendum consists of this cover page and the general terms set out below.

3. Effective date of the Addendum

The Addendum comes into effect 30 days after Customer has received notification from Supplier about the Addendum as an addition to the Agreement, provided the Customer has not objected to this. If Customer objects to the Addendum entering into effect, the Parties shall in good faith seek to eliminate the grounds for the objection in order for the Addendum to come into effect.

General Terms

1. General

1.1. This Addendum constitutes an integral part of the Agreement. Unless otherwise expressly stated in this Addendum, the Agreement remains unchanged. The Parties agree that the Supplier will not be subjected to obligations more burdensome than those reasonably inferred from the Data Act. Accordingly, the Addendum is not to be interpreted to impose requirements on the Supplier that deviate from the reasonable interpretation of the Data Act.

1.2. In case of any inconsistency or conflict between this Addendum and the Agreement, this Addendum prevails, unless expressively stated otherwise.

1.3. Capitalised terms used in this Addendum have the meanings given to them in the definition section below or as otherwise set out in the Addendum.

2. Definitions

2.1. Capitalised terms used in this Addendum have the meanings given to them below or as otherwise set out in the Addendum:
“(the) Data Act” means Regulation EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828. The Data Act is to be interpreted and supplemented by the regulatory and implementing technical standards that have been formally adopted by the European Commission.
“Services” means the services provided by the Supplier under the Agreement.

2.2. Terms not defined in this Addendum will have the meanings given to them in the Data Act.

3. Switching of supplier

3.1. Supplier provides Customer with all the necessary information on available procedures for switching and transferring data and digital assets in Annex A.

3.2. Subject to a notice period of two (2) months, the Customer is entitled to (i) switch to another data processing service offered by a different supplier than Supplier, in which case the Customer shall provide the necessary details of that provider, (ii) switch to an on-premises ICT infrastructure, or (iii) have its exportable data and digital assets erased.

3.3. Supplier shall accommodate Customer’s aforementioned request without undue delay and in any event within a transitional period of thirty (30) calendar days, to be initiated after the notice period of two (2) months. If the Customer wishes to switch only specific Services, data or digital assets, this must be clearly specified in the notice. The Agreement shall remain applicable during the transitional period.

3.4. If Supplier cannot respect the transitional period of thirty (30) calendar days referred to in the preceding paragraph because this is not technically feasible, Supplier shall notify Customer within fourteen (14) working days after the request, and shall justify the technical unfeasibility and indicate an alternative transitional period, which shall not exceed seven (7) months.

3.5. Customer may, by notifying Supplier before or within five (5) days after the end of the notice period, extend the aforementioned transitional period once for a period that the Customer considers more appropriate for its own purposes.

3.6. During the transitional period, Supplier shall make sure to:
(a) provide reasonable assistance to the Customer and third parties authorised by the Customer in the switching process;
(b) act with due care to maintain business continuity, and continue the provision of the Services;
(c) provide clear information concerning known risks to continuity in the provision of the data processing services on the part of the Supplier;
(d) ensure that, in accordance with all applicable laws, a high level of security is maintained throughout the switching process, in particular the security of the data during their transfer and the continued security of the data during a retrieval period of 30 (thirty) calendar days, starting after the end of the transitional period specified in section 3.3 of this Addendum.

3.7. Supplier shall support Customer’s exit strategy relevant to the Services, including by providing all relevant information. Customer undertakes to take all reasonable measures to achieve effective switching. Customer is responsible for the import and implementation of data and digital assets in its own systems or in the systems of the destination provider. Furthermore, Customer is responsible for providing Supplier with all the necessary information to enable Supplier to fulfill its aforementioned obligations.

3.8. The Supplier guarantees full erasure of all exportable data and digital assets generated directly by the customer, or relating to the customer directly, six (6) months after the retrieval period mentioned in section 3.6 (d), unless retention of the exportable data and digital assets is required by applicable law, regulation and/or regulatory body, provided the switching process has been completed successfully.

3.9. The following table contains exhaustive lists of (A) all categories of exportable data and digital assets that can be transferred during the switching process in accordance with this Addendum and (B) all categories of data specific to the functioning of the Services that are exempted from the previous list:

Exhaustive list A

Exhaustive list B

Merchant Product Data: Product names, descriptions, SKUs, prices, VAT rates, categories, images

Internal system logs and debugging information

End-Customer Data: Customer names, emails, addresses, phone numbers, purchase history

Proprietary algorithms and recommendation engines

Order Data: Order IDs, line items, quantities, prices, status, payment method, shipping details

Service infrastructure metrics and performance data

Stock Data: Stock levels, stock type

Security monitoring and threat detection logs

Newsletter Subscribers: Email addresses, names

Internal API keys and service credentials

News/Blog Content: Articles, descriptions, images

Session data and temporary cache

Merchant Configuration: Product categories, VAT settings

Provider’s source code and proprietary business logic

Campaign Data: Active campaigns, discount codes, gift cards

Custom frontend code

Shipping Settings: Title, descriptions, prices, weight levels

Product recommendation rules

Theme/Design: CMS pages and areas, custom CSS

Marketing and analytics data (third-party service)

4. Switching Charges

4.1. If Customer requests Supplier to switch in accordance with section 3 of this Addendum, Supplier will only be entitled to charge Customer for the switching process if the request is made before 12 January 2027. These charges shall not exceed the costs incurred by Supplier that are directly related to the switching process.

4.2. Customer confirms that, before entering into the Addendum, it has been informed clearly by Supplier on the standard service fees and the early termination penalties that might be imposed (section 5.2 below), as well as on the switching charges that might be imposed.

5. Termination

5.1. The Agreement shall be considered terminated and the Customer shall be notified of this termination (i) upon the successful completion of the retrieval period, or (ii) at the end of the notice period mentioned under section 3.3 of this Addendum, where Customer does not wish to switch, but to erase its exportable data and digital assets upon termination of the Agreement.

5.2. If the Agreement specifies a minimum contract term or fixed duration, and termination resulting from the Customer’s exercise of switching rights under the Data Act occurs prior to the expiry of such term, such early termination shall (i) proceed as outlined in the Data Act and/or this Addendum, and (ii) cause the Customer to owe to the Supplier all amounts that would have been payable under the Agreement had the specified minimum contract term or fixed duration been completed.

5.3. For the avoidance of doubt, all amounts payable as described under section 5.2 above are distinct from, and shall not include, switching charges as defined or regulated under section 5 of this Addendum and/or the Data Act.

6. Miscellaneous

6.1. Severability
If any term or provision of the Addendum is held by a competent court or authority to be void, illegal, or unenforceable, the validity or enforceability of the remainder of the Addendum will not be affected unless such enforcement would be clearly unreasonable. The Parties commit to negotiate in good faith with the aim of replacing any terms deemed void, illegal, or unenforceable with a legal, valid, and enforceable provision that, seen in the context of this Addendum as a whole, achieves as closely as possible the intention of the Parties under this Addendum.

6.2. Amendments
Supplier reserves the right to amend this Addendum, in accordance with the Data Act, to reflect changes in regulatory guidance and interpretations. Supplier will notify the Customer as soon as possible (and in any case no later than 30 days) before any such amendments will take effect. Amendments are considered accepted if Customer has not explicitly rejected such amendment in writing in a substantiated manner within 30 days of Supplier’s notification. In case Customer rejects any such amendment, Parties will discuss and aim to settle the matter at hand in good faith. Any other amendments must be made in writing and will be subject to the explicit prior mutual consent.

ANNEX A

1. Available Procedures for Switching and Transferring Data and Digital Assets

Currently Supported Export Methods:

  • Admin Dashboard Export: One-click export for products, customers, newsletter recipients and orders.
  • API – JSON-RPC 2.0: Available for all data listed in section 3.9

2. Supported data formats and interoperability standards

Currently Supported Data Formats:

  • Admin Dashboard Export: CSV, XLX, XLXS
  • API – JSON-RPC 2.0: JSON


Interoperability Standards:

  • CSV files follow RFC 4180 standard with semicolon delimiters
  • JSON follows RFC 8259 standard
  • Character encoding: UTF-8
  • Date formats: ISO 8601 (YYYY-MM-DD)
  • Compatible with common e-commerce platform import formats

3. Known restrictions and technical limitations

Current Technical Limitations and Restrictions:

  • Custom business logic – Proprietary algorithms and platform-specific automation workflows are excluded from export as they constitute the provider’s intellectual property and trade secrets.
  • Custom frontend code – Frontend implementations developed by the provider as a professional service for individual merchants are excluded from export as they constitute work product owned by the provider under the service agreement.
  • Product recommendation rules – Recommendation engine configurations utilize proprietary platform architecture and algorithms that cannot be functionally replicated through data export alone.
  • End-customer passwords – Password data cannot be exported as passwords are stored using one-way cryptographic hashing with proprietary salt methods. Disclosure of hashing methodology would compromise platform security.