DATA ACT POLICY Supplement to Existing Customer Agreements Effective Date: 12 September 2025 This Policy takes effect from the date the EU Data Act (Regulation (EU) 2023/2854) became applicable. It clarifies and implements obligations that have been in force since that date.
1 PURPOSE AND SCOPE This Data Act Policy (“Policy”) supplements and forms part of all existing agreements between Carcare Systems Europe AB (“Provider”) and its customers (“Customer”) concerning the use of the Provider’s services (“Service”). The purpose of this Policy is to ensure compliance with the EU Data Act (Regulation (EU) 2023/2854) and related data protection legislation. It governs the rights and obligations of both parties regarding access to and use of data generated through the Customer’s use of the Service (“Generated Data”). This Policy applies automatically to all existing and future Customers as of the Effective Date and shall prevail in the event of any inconsistency with prior contractual terms relating to data access or ownership.
2 DEFINITION OF GENERATED DATA “Generated Data” means any data created, captured, or otherwise processed through the Customer’s use of the Service, excluding any data input directly by the Customer or any personal data unrelated to the Service’s operation.
3 CUSTOMER ACCESS RIGHTS In accordance with the EU Data Act, the Customer has the right to: Access and obtain a copy of the Generated Data relating to its use of the Service; Receive such data in a structured, commonly used, and machine-readable format; Request that the Provider transmit such data to a third party designated by the Customer, where technically feasible and legally permissible. Requests for access may be submitted to the contact provided in Section 7, and the Provider shall respond within a reasonable time and in accordance with applicable law.
4 PROVIDER’S RIGHTS AND USE OF DATA The Provider retains ownership of Generated Data insofar as it does not constitute personal data or trade secrets belonging to the Customer. The Provider may collect, process, and analyse Generated Data for its own legitimate business purposes, including but not limited to: Service performance, improvement, and innovation; Statistical analysis and research; Development of new products or features; Marketing and commercial use, including sharing or licensing aggregated or anonymized data with third parties. The Provider shall ensure that any data shared externally is aggregated and/or anonymized such that no Customer or end user can reasonably be identified.
5 DATA PROTECTION AND CONFIDENTIALITY All processing of personal data shall continue to be governed by the Provider’s Data Processing Agreement (“DPA”) and applicable data protection laws. Nothing in this Policy limits the Customer’s rights under the GDPR or other applicable privacy regulations.
6 POLICY UPDATES AND BINDING EFFECT This Policy forms an integral part of the Customer’s existing agreement with the Provider and reflects obligations that have been in effect since 12 September 2025 under the EU Data Act. Continued use of the Service constitutes acknowledgment and acceptance of this Policy. If the Customer does not agree to the updated terms, it may terminate the Service in accordance with its existing contractual rights.
7 CONTACT For questions or requests under this Policy, please contact: Lars Eriksson Email: [email protected] Address: Rådhusgatan 44, 831 34, Östersund, Sweden
