commencer

DATA ACT Addendum

  1. Background and purpose

This “Addendum” is entered into between Customer and Supplier, also collectively referred to as the “Parties”, and individually as a “Party”. The Addendum supplements the agreement, as updated from time to time (the “Agreement”). 

The Addendum is intended to implement the contractual obligations arising under the Data Act, with particular emphasis on the requirements set forth in article 25 of the Data Act, which states the rights of the customer and the obligations of the provider of data processing services in relation to switching between providers of such services or, where applicable, to an on-premises ICT infrastructure, shall be clearly set out in a written contract.

  1. Structure

The Addendum consists of this cover page and the general terms set out below.

  1. Effective date of the Addendum

The Addendum comes into effect 30 days after Customer has received notification from Supplier about the Addendum as an addition to the Agreement, provided the Customer has not objected to this. If Customer objects to the Addendum entering into effect, the Parties shall in good faith seek to eliminate the grounds for the objection in order for the Addendum to come into effect. 

General Terms

 

  1. General

    1. This Addendum constitutes an integral part of the Agreement. Unless otherwise expressly stated in this Addendum, the Agreement remains unchanged. The Parties agree that the Supplier will not be subjected to obligations more burdensome than those reasonably inferred from the Data Act. Accordingly, the Addendum is not to be interpreted to impose requirements on the Supplier that deviate from the reasonable interpretation of the Data Act.
    2. In case of any inconsistency or conflict between this Addendum and the Agreement, this Addendum prevails, unless expressively stated otherwise.
    3. Capitalised terms used in this Addendum have the meanings given to them in the definition section below or as otherwise set out in the Addendum.

  1. Definitions

    1. Capitalised terms used in this Addendum have the meanings given to them below or as otherwise set out in the Addendum:
      “(the) Data Act” means Regulation EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828. The Data Act is to be interpreted and supplemented by the regulatory and implementing technical standards that have been formally adopted by the European Commission.
      Services” means the services provided by the Supplier under the Agreement.
    2. Terms not defined in this Addendum will have the meanings given to them in the Data Act.

  1. Switching of supplier

    1. Supplier provides Customer with all the necessary information on available procedures for switching and transferring data and digital assets in Annex A.
    2. Subject to a notice period of two (2) months, the Customer is entitled to (i) switch to another data processing service offered by a different supplier than Supplier, in which case the Customer shall provide the necessary details of that provider, (ii) switch to an on-premises ICT infrastructure, or (iii) have its exportable data and digital assets erased.
    3. Supplier shall accommodate Customer’s aforementioned request without undue delay and in any event within a transitional period of thirty (30) calendar days, to be initiated after the notice period of two (2) months. If the Customer wishes to switch only specific Services, data or digital assets, this must be clearly specified in the notice. The Agreement shall remain applicable during the transitional period.
    4. If Supplier cannot respect the transitional period of thirty (30) calendar days referred to in the preceding paragraph because this is not technically feasible, Supplier shall notify Customer within fourteen (14) working days after the request, and shall justify the technical unfeasibility and indicate an alternative transitional period, which shall not exceed seven (7) months.
    5. Customer may, by notifying Supplier before or within five (5) days after the end of the notice period, extend the aforementioned transitional period once for a period that the Customer considers more appropriate for its own purposes.
    6. During the transitional period, Supplier shall make sure to:
    7. provide reasonable assistance to the Customer and third parties authorised by the Customer in the switching process;
    8. act with due care to maintain business continuity, and continue the provision of the Services;
      1. provide clear information concerning known risks to continuity in the provision of the data processing services on the part of the Supplier;
      2. ensure that, in accordance with all applicable laws, a high level of security is maintained throughout the switching process, in particular the security of the data during their transfer and the continued security of the data during a retrieval period of 30 (thirty) calendar days, starting after the end of the transitional period specified in section 3.3 of this Addendum.
      3. Supplier shall support Customer’s exit strategy relevant to the Services, including by providing all relevant information. Customer undertakes to take all reasonable measures to achieve effective switching. Customer is responsible for the import and implementation of data and digital assets in its own systems or in the systems of the destination provider. Furthermore, Customer is responsible for providing Supplier with all the necessary information to enable Supplier to fulfill its aforementioned obligations.
      4. The Supplier guarantees full erasure of all exportable data and digital assets generated directly by the customer, or relating to the customer directly, [three (3) months] after the retrieval period mentioned in section 3.6 (d), unless retention of the exportable data and digital assets is required by applicable law, regulation and/or regulatory body, provided the switching process has been completed successfully.
      5. Supplier will provide exportable data and digital assets in structured, commonly used, machine-readable formats (JSON and XML) to enable portability.
      6. The following table contains exhaustive lists of (A) all categories of exportable data and digital assets that can be transferred during the switching process in accordance with this Addendum and (B) all categories of data specific to the functioning of the Services that are exempted from the previous list:

Exhaustive list A

Exhaustive list B

Order data, including:

- Order number
- Order date and time
- Discount codes
- Comments
- Payment and payment gateway information
- Tax rates
- Order lines
- Debtor information
- Shipping information

 

Transaction history

Payment gateways

 

Marketing data (third-party through Google)

Payment gateways

Analytics (third-party through Google)

Shipping methods

Design settings, including:

- Images
- Footer
- Colour codes

Discount codes

Uploaded documents, including:

- Terms and conditions
- Cookie and privacy statements

Newsletter subscribers

Logs and audit trails

Categories (pages)

 

Articles, including:

- URLs
- CDN URLs to images
- Stock

 

Article lists

 

Store information, including:

- Store name
- Store primary domain
- Description
- Currency
- Language settings

 

Tax (region) settings

 

Customer account data, including:

- First and last name
- Email address
- Date of birth
- Address information
- Tax number
- Company
- Gender
- IBAN

 

  1. Switching Charges

    1. If Customer requests Supplier to switch in accordance with section 3 of this Addendum, Supplier will only be entitled to charge Customer for the switching process if the request is made before 12 January 2027. These charges shall not exceed the costs incurred by Supplier that are directly related to the switching process.
    2. Customer confirms that, before entering into the Addendum, it has been informed clearly by Supplier on the standard service fees and the early termination penalties that might be imposed (section 5.2 below), as well as on the switching charges that might be imposed. 

  1. Termination

    1. The Agreement shall be considered terminated and the Customer shall be notified of this termination (i) upon the successful completion of the retrieval period, or (ii) at the end of the notice period mentioned under section 3.3 of this Addendum, where Customer does not wish to switch, but to erase its exportable data and digital assets upon termination of the Agreement.
    2. If the Agreement specifies a minimum contract term or fixed duration, and termination resulting from the Customer's exercise of switching rights under the Data Act occurs prior to the expiry of such term, such early termination shall (i) proceed as outlined in the Data Act and/or this Addendum, and (ii) cause the Customer to owe to the Supplier all amounts that would have been payable under the Agreement had the specified minimum contract term or fixed duration been completed.
    3. For the avoidance of doubt, all amounts payable as described under section 5.2 above are distinct from, and shall not include, switching charges as defined or regulated under section 5 of this Addendum and/or the Data Act.

  1. Miscellaneous

    1. Severability
      If any term or provision of the Addendum is held by a competent court or authority to be void, illegal, or unenforceable, the validity or enforceability of the remainder of the Addendum will not be affected unless such enforcement would be clearly unreasonable. The Parties commit to negotiate in good faith with the aim of replacing any terms deemed void, illegal, or unenforceable with a legal, valid, and enforceable provision that, seen in the context of this Addendum as a whole, achieves as closely as possible the intention of the Parties under this Addendum.
    2. Amendments
      Supplier reserves the right to amend this Addendum, in accordance with the Data Act, to reflect changes in regulatory guidance and interpretations. Supplier will notify the Customer as soon as possible (and in any case no later than 30 days) before any such amendments will take effect. Amendments are considered accepted if Customer has not explicitly rejected such amendment in writing in a substantiated manner within 30 days of Supplier’s notification. In case Customer rejects any such amendment, Parties will discuss and aim to settle the matter at hand in good faith. Any other amendments must be made in writing and will be subject to the explicit prior mutual consent.

ANNEX A

 

  1. Switching and Transfer Procedures

The Customer may request a switch in accordance with Section 3 of the Addendum. The following options are available:

  • Full account export : All exportable data and digital assets can be retrieved by the Customer in bulk, either via the Supplier’s API and/or via downloadable exports in the backoffice.
  • Partial export: The Customer may specify categories of data (e.g., orders, customers, articles) to be exported.

All exportable data will be provided in structured, commonly used, machine-readable formats (CSV, and JSON, or XML). The Supplier will provide reasonable assistance during the transition period to ensure continuity.

  1. Known Restrictions and Technical Limitations

The following restrictions and limitations currently apply:

  • File size / pagination: Large datasets may be split across multiple export files or paginated API responses.
  • API rate limits: Data retrieved through the API is subject to standard authentication and request throttling rules to protect system stability (100 requests per minute, per token).
  • External integrations: Marketing and analytics data processed by third-party services (e.g. Google Analytics, Google Merchant Center, payment gateways) are not stored by the Supplier and cannot be exported.
  • Design dependencies: Storefront design elements may reference external content delivery networks (CDNs); exports will include references (URLs) but not underlying CDN infrastructure.
  • Technical feasibility: If the Supplier determines that a specific transfer method is not technically feasible within the standard 30-day transitional period, the Supplier will notify the Customer within 14 working days and propose an alternative timeline in accordance with Section 3.3 of the Addendum.

  1. International Data Access Safeguards

The Supplier applies technical and organizational measures to prevent unlawful access to Customer data by non-EU/EEA authorities or international organizations. These measures are aligned with the principles outlined in the Visma Trust Centre.

In particular:

  • Data residency: Customer data is stored within the EU/EEA, unless otherwise explicitly agreed.
  • Access control: Access to Customer data is strictly limited to authorized personnel with a business need, and access is continuously monitored.
  • Government access requests: If the Supplier receives a legally binding request for access from a public authority outside the EU/EEA, the Supplier will:
    • challenge the request if there are legal grounds,
    • notify the Customer (unless legally prohibited),
    • and only disclose the minimum amount of data necessary to comply with the request.
  • Subprocessors: The Supplier carefully vets all subprocessors and ensures contractual commitments to EU data protection standards, including safeguards against unlawful international transfers.
  • Security measures: Encryption, logging, and monitoring are applied to ensure confidentiality, integrity, and availability of Customer data throughout its lifecycle.

For further details, the Supplier maintains an up-to-date overview of these safeguards at: https://www.visma.com/trust-centre

  1. Contact and Support