EU Data Act Contract Clauses for "connected products" and "related services"

Further information about your rights pursuant to the EU Data Act (Regulation (EU) 2023/2854) and how KM complies with the legislation can be found here.

1.1    These clauses apply to the service(s) identified as a "connected product" and/or "related service" as defined in Regulation (EU) 2023/2854 (the “Data Act”) in the relevant quotation/offer (the "Product"). 

1.2    The data covered by this agreement (the "Data") consists of any readily available product data or related service(s) data listed in the relevant quotation/offer, with a description of the type or nature, estimated volume, collection frequency, storage location and duration of retention of the Data. KM may change the specifications of the Data if necessary for security reasons or if otherwise objectively justified for the general conduct of business of KM. KM must in such cases notify the Customer and indicate the reason for the change and the estimated duration of the change. 

1.3    KM shall be free to access, collect, store, aggregate, analyze or otherwise use the Data for the following purposes: a) providing services related to the Product; (b) monitoring, preventing, detecting, and fixing issues related to the operation of the Product and services related to the Product; (c) improving and developing the Product and services related to the Product; and (d) creating benchmarking and statistical analysis, provided that the Data is first anonymized. Any improvements, developments, and derivative works shall be owned by KM. KM’s data sharing and use rights as specified herein shall also extend to KM affiliated entities (subsidiaries, parent companies, sister companies as defined by the applicable law) and third parties when such third party assists KM in achieving the before-mentioned purposes.

1.4    Where the Customer (regardless of whether acting as (1) a user of the Product pursuant to the Data Act or as (2) a distributor, reseller or similar intermediary) contractually transfers ownership of the Product, or grants any temporary right to use the Product, to a subsequent user or customer (each a “Subsequent User”), the Customer must:
(a)    Enter into a written contract with the Subsequent User that (a) grants KM, as a third party beneficiary, rights equivalent to those set out in this section; and (b) requires the Subsequent User to impose the obligations set out in this section on any further subsequent user, and
(b)    Provide the Subsequent User with the information available in the relevant appendix to the Agreement.

The rights of KM to use Data generated prior to the transfer will not be affected by a transfer.

1.5    KM shall make the Data available to the Customer or a third party designated by the Customer upon request, free of charge and at least the same quality as it is available to KM. The request shall be conveyed to KM in the format specified by KM. The Data shall be made available in a comprehensive, structured, commonly used and machine-readable format. Further information regarding this is provided in the relevant quotation/offer. 

1.6    Where the use of the Product may result in Data being combined with the trade secrets of KM or other relevant third party, the Customer and KM shall try to agree on necessary measures prior to any Data retrieval to preserve the confidentiality of such trade secrets. If no agreement is reached on the necessary measures, or if the Customer fails to implement the agreed measures or otherwise undermines the confidentiality of trade secrets, KM may withhold or suspend sharing of Data identified as trade secrets. KM will duly substantiate the decision and provide it in writing to the Customer without undue delay, and notify the competent authority designated pursuant to Article 37 of the Data Act. Where KM is the trade secret holder and demonstrates that disclosure of trade secrets is highly likely to cause serious economic damage despite the measures taken by the Customer, KM may refuse, on a case by case basis, a request for access to the specific Data. Such demonstration shall be duly substantiated on the basis of objective elements, including the enforceability of trade secret protection in third countries, the nature and level of confidentiality of the requested data, and the uniqueness and novelty of the connected product, and shall be provided in writing to the User without undue delay. KM shall notify the the competent authority designated under Article 37 of the Data Act of the refusal.

1.7    KM undertakes to apply adequate technical and organizational measures to ensure the confidentiality, integrity and availability of the Data.

1.8    Any third party designated by the Customer to receive access to the Data shall accept the standard terms for such access, under fair, reasonable and non-discriminatory terms and with a reasonable compensation determined by KM.

1.9    If the Customer has any additional questions on how we handle Data, the Customer may contact us at . The Customer may also at any time lodge a complaint with the competent authority where the Customer believes that there has been an infringement with the provisions of the Data Act.

1.10    Customer undertakes not to engage in the following:
•    use of the Data to develop a connected product that competes with the Product, nor share the Data with a third party with that intent;
•    use of the Data to derive insights about the economic situation, assets and production methods of KM;
•    use coercive means to obtain access to Data or, for that purpose, abuse gaps in KM's technical infrastructure which is designed to protect the Data;
•    share the Data with a third-party considered as a gatekeeper under article 3 of Regulation (EU) 2022/1925;
•    use the Data they receive for any purposes that infringe EU law or applicable national law.
The Customer shall ensure that any third parties they share the Data with, indirectly or directly, comply with the same obligations.

1.11    Customer and KM agree to restrict processing, which could undermine security requirements for the Product resulting in a serious adverse effect on the health, safety or security of natural persons. KM declares to the User that the competent authority designated under Article 37 of the Data Act has been duly notified of any of these restrictions that result in a refusal to share the Data.