Switching, Exit, Termination, Security & Business Continuity Clauses

For the purposes of this Addendum, the terms set out below have the meaning indicated. For anything not expressly defined, the terms have the meaning assigned to them by the Data Act or, failing that, by the Agreement. The definitions of Regulation (EU) 2016/679 (the “GDPR”) remain applicable as relevant.

Digital Assets: means the elements in digital format, including applications, in respect of which the Customer has a right of use independent of the contractual relationship with the Data Processing Service from which it intends to carry out the Switching, pursuant to Article 2(32) of the Data Act.

Data: means any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audiovisual recording, pursuant to Article 2(1) of the Data Act.

Exportable Data: means the input and output data, including metadata, generated directly or indirectly, or co-generated, by the Customer’s use of the Data Processing Service, excluding the assets or data protected by intellectual property rights or constituting trade secrets of the Provider or of third parties, pursuant to Article 2(38) of the Data Act.

On-Premises ICT Infrastructure: means the ICT infrastructure and computing resources owned, rented or leased by the Customer, located in the Customer’s own data center and managed by the Customer or by a third party on its behalf, pursuant to Article 2(33) of the Data Act.

Parties: means jointly the Provider and the Customer; the term “Party” means each of them individually.

Notice Period: means the period of two (2) months, running from the Provider’s receipt of the switching notice sent by the Customer, during which the Agreement continues to produce its effects pending the start of the Transitional Period.

Data Retrieval Period: means the period of thirty (30) calendar days, running from the end of the Transitional Period, during which the Customer may retrieve its Exportable Data and Digital Assets, pursuant to Article 25(2)(g) of the Data Act.

Transitional Period: means the period, equal to thirty (30) calendar days, during which the Switching process must be completed, running from the end of the Notice Period.

Destination Provider: means the destination provider of data processing services, other than Compri S.r.l., upon the Customer’s transition from the use of the Provider’s Data Processing Services to the use of another data processing service of the Same Service Type.

Data Processing Service: means a digital service provided to the Customer that enables ubiquitous and on-demand network access to a shared pool of configurable, scalable and elastic computing resources of a centralised, distributed or highly distributed nature, that can be rapidly provisioned and released with minimal management effort or service-provider interaction, pursuant to Article 2(8) of the Data Act.

Same Service Type: means a set of Data Processing Services that share the same primary objective, the same data processing service model and the same main functionalities, pursuant to Article 2(9) of the Data Act.

Switching: means the process involving the Provider, the customer of a data processing service and, where relevant, a Destination Provider, by which the Customer changes from the use of one data processing service to the use of another service of the Same Service Type or a different service offered by a different provider, or to an On-Premises ICT Infrastructure, including through extraction, transformation and loading of the Data, pursuant to Article 2(34) of the Data Act.

Switching Charges: means the charges, other than the standard Service Fees or early termination penalties, applied by the Provider to the Customer for the actions required by the Data Act for the purposes of Switching to the system of a different provider or to an On-Premises ICT Infrastructure.

2.1 Annex A to this Addendum contains an exhaustive specification of all the categories of Data and Digital Assets that may be subject to export during the Switching process, as well as of the categories of data specific to the internal functioning of the Provider’s Data Processing Service that are exempted from the export obligation pursuant to Article 30(6) of the Data Act.

3.1 To the extent and within the limits provided for by Chapter VI of the Data Act, the Customer has the right to request the Switching from the Provider.

3.2 The Customer communicates to the Provider its intention to proceed by means of a specific written switching notice, transmitted also by appropriate electronic means, by which it initiates the process in compliance with the Notice Period. Should the Customer intend to carry out the Switching only with regard to certain services, Data or Digital Assets, it must specify this in the Switching notice.

3.3 In the Switching notice, the Customer communicates whether it intends to: (a) move to a different provider of Data Processing Services, in which case providing the necessary details of the Destination Provider; (b) move to its own On-Premises ICT Infrastructure; (c) not carry out the Switching and proceed solely with the deletion of its Exportable Data and Digital Assets.

3.4 The Provider confirms to the Customer receipt of the Switching Notice within three (3) working days, using the same communication channel adopted by the Customer.

4.1 The Switching process is completed within the Transitional Period, of a duration equal to thirty (30) calendar days running from the end of the Notice Period.

4.2 Should compliance with the standard Transitional Period referred to in clause 4.1 not be technically feasible, the Provider notifies the Customer of the technical impossibility in writing, also by appropriate electronic means, within fourteen (14) working days of receipt of the Switching Notice, and indicates an alternative Transitional Period, which may not exceed seven (7) months from the date of the Switching Notice. The Provider provides adequate justification of the technical impossibility and ensures continuity of the Service during the alternative Transitional Period. The Customer confirms receipt of the extension notice within three (3) working days.

4.3 Irrespective of any technical extension referred to in clause 4.2, the Customer has the right to extend the Transitional Period once only, for the period that the Customer itself considers most appropriate for its purposes. In that case, the Customer notifies the Provider in writing, also by appropriate electronic means, of its intention before the end of the original Transitional Period, indicating the alternative Transitional Period. The Provider confirms receipt of that extension notice within three (3) working days.

5.1 The Provider provides reasonable assistance to the Customer and to the third parties authorised by the Customer as soon as the Switching process begins and throughout its duration, so that the Customer can carry out the Switching within the Transitional Period. To this end, the Provider in particular:

• (a) provides the capabilities, the adequate information (including the documentation necessary to complete the Switching) and the technical support required for the effective execution of the process. Should problems be detected, the Provider and the Customer analyse the causes in good faith and agree on the solutions;
• (b) acts with due diligence to maintain operational continuity and to continue providing the functions or services provided for in the Agreement;
• (c) provides clear information on the known risks to continuity in the provision of the Source Provider’s functions or services;
• (d) maintains a high level of security throughout the duration of the Switching process, in line with the provisions of clause 10 below.

5.2 The Provider supports the Customer’s exit strategy with reference to the contracted services, providing all relevant information.

6.1 The Customer takes all reasonable measures to achieve an effective Switching. The Customer is responsible for the importation and implementation of the Data and Digital Assets into its own systems or into the systems of the Destination Provider.

6.2 The Customer, or the third parties authorised by it — including the Destination Provider — respect the intellectual property rights of any material provided in the Switching process by the Provider, as well as the Provider’s trade secrets. The Customer provides access and, if necessary, sub-licenses the use of such materials to third parties or to the Destination Provider exclusively to the extent necessary to complete the Switching process by the end of the agreed Transitional Period (including any alternative Transitional Period), in compliance with the confidentiality undertakings and the intellectual property rights granted by the Provider.

6.3 The Parties, including the Destination Provider where relevant, cooperate in good faith pursuant to Article 27 of the Data Act, in order to make the Switching process effective, enable the timely transfer of the Data and maintain the continuity of the services.

7.1 The Customer may retrieve or delete its Exportable Data and Digital Assets during the Data Retrieval Period, of a duration equal to thirty (30) calendar days running from the end of the Transitional Period (including any alternative Transitional Period). The Parties may agree in writing on a longer period.

7.2 At the end of the Data Retrieval Period, and where the Switching process has been successfully completed, the Provider deletes all Exportable Data and Digital Assets generated by the Customer or directly attributable to the Customer, and confirms the deletion to the Customer, with the exception of the Exportable Data that the Provider is obliged to retain under European Union or national law.

8.1 The Provider does not apply to the Customer any Switching Charge in relation to the Switching process.

9.1 Pursuant to Article 25(2)(c) of the Data Act, the Agreement is deemed to be automatically terminated, without the need for any act of the Parties, upon the occurrence of one of the following events:

• (a) the Customer notifies the Provider of the successful completion of the Switching process;
• (b) the Notice Period expires, where the Customer has notified the Provider — pursuant to clause 3.3, point (c) of this Addendum — of its intention not to carry out the Switching but solely to delete its Exportable Data and Digital Assets.

9.2 Following the occurrence of one of the events referred to in clause 9.1 above, the Provider confirms in writing to the Customer the termination of the Agreement within three (3) working days. Such confirmation by the Provider has informational value: it is understood that the Agreement is terminated by operation of law upon the occurrence of the event.

9.3 Should the Customer not communicate to the Provider the successful or unsuccessful completion of the Switching process, and the Provider has well-founded reasons to believe that the Switching has been successfully completed, the Provider may request confirmation to that effect from the Customer. In the absence of confirmation from the Customer within thirty (30) working days of the request, the Switching is deemed to have failed and the Agreement continues on the existing terms, in accordance with the principle of good faith. In that case, the Parties analyse the causes of the failure in good faith and agree on the measures necessary for the completion of the process.

10.1 The Provider maintains a high level of security throughout the duration of the Switching process and during the Data Retrieval Period, in line with the technical and organisational measures agreed in the Agreement, including the Service Level Agreements (SLAs), the Provider’s internal security policies and the provisions applicable to the processing of personal data.

10.2 The Provider notifies the Customer, without undue delay and in any event within 48 hours of becoming aware of the event, of any significant security incident occurring during the Switching process or during the Data Retrieval Period that may have consequences for the confidentiality, integrity or availability of the Customer’s Data and Digital Assets.

10.3 The Provider adopts the reasonable technical, organisational and contractual measures to prevent unauthorised international or inter-governmental access to the Customer’s Data stored in the European Union, where such access would conflict with Union law or with the national law of a Member State. The Provider notifies the Customer, without undue delay, of any request received from authorities of third countries concerning the Customer’s Data or Digital Assets, save as may be prohibited by mandatory rules.

11.1 Should the termination of the Agreement occur before the natural expiry of the initially agreed term of the Agreement, the Customer pays the Provider an early termination penalty calculated as the sum of the following elements:

• (a) the accrued fees relating to the current annuity (understood as the period of twelve (12) consecutive months in which the termination date falls, calculated from the date of signing of the Agreement or of the last renewal), if not yet fully paid;
• (b) an amount equal to 70% (seventy per cent) of the residual value of the Agreement, calculated as the sum of the annual fees that would have accrued from the date of termination until the natural expiry of the initially agreed term.

11.2 The termination penalty referred to in clause 11.1 above does not constitute a Switching Charge within the meaning of Article 29 of the Data Act and is qualified as an early termination penalty within the meaning of Article 29(4) of the Data Act, in that it is related to the Provider’s initial investment and not to the Switching process.

11.3 The fees accrued up to the date of termination remain due. No refund is due for fees already paid for the period prior to termination.

12.1 Should the Customer request the Switching only for part of the services provided under the Agreement, the Agreement is deemed terminated solely with reference to the services subject to Switching and continues on the existing terms for the other services.

12.2 The Parties sign any supplementary documentation necessary to reflect the change in the scope of the services, it being understood that the economic and operational conditions of the residual services may not be unilaterally amended by the Provider as a consequence of the partial Switching.

13.1 For anything not expressly governed by this Addendum, the provisions of the Agreement remain applicable. In the event of conflict with the Agreement, the provisions of this Addendum prevail, limited to the matters governed herein.

13.2 This Addendum is governed by Italian law. The Court of Milan has exclusive jurisdiction over any dispute arising from its interpretation, performance or validity, without prejudice to any mandatory jurisdictional rules of law.

13.3 The Parties may agree amendments to this Addendum only in writing and signed by both of them.

Reference: clauses 2.1 and 2.2 of the Addendum (Articles 25(2)(e) and 25(2)(f) of the Data Act)

Section 1 — Categories of Exportable Data

The following categories of Data and Digital Assets are fully subject to porting during the Switching process:

• Input data: all data and content uploaded or entered by the customer into the service.
• Output data: the data produced by the service as a result of use by the customer.
• Metadata: those associated with the customer’s data, generated directly/indirectly or co-generated by use (not the provider’s internal management metadata: see below).
• Data derived and co-generated from the customer’s activity, provided they are not protected by exclusive rights or by trade secrets of the provider / of third parties.
• Customer’s digital assets: applications, configurations and elements in digital format over which the customer holds a right of use independent of the contractual relationship with Compri. This also includes the applications/assets that can be migrated to another provider or on-premise.

Section 2 — Categories exempted for trade secrets / IP

The following categories of data specific to the internal functioning of the Provider’s Data Processing Service are exempted from the export obligation, in that their disclosure would entail a risk of breach of trade secrets or intellectual property rights of the Provider or of third parties, it being understood that such exemptions may not prevent or delay the Switching process:

• Data specific to the internal functioning of the Compri service — excluded only where there is a risk of breach of the provider’s trade secrets, and provided that such exclusions do not hinder or delay the switching process.
• Assets or data protected by intellectual property rights of the provider or of third parties.
• Assets or data that constitute a trade secret of the provider or of third parties.