Data Act Compliance
Information on the EU Data Act
Protecting data and ensuring its transparent use are key priorities for MARKT-PILOT. In line with the EU Data Act, this page provides the information required under Articles 26 and 28. This includes our obligations related to potential provider changes as well as transparency regarding international data access.
Our goal is to give you clarity and security in handling your data at all times.
As a data-processing company, MARKT-PILOT makes the following information available to customers upon request:
- Details on the available procedures for switching providers and transferring content to the data-processing service, including information about available transfer methods and formats, as well as any known restrictions or technical limitations.
- A reference to a current online register of data-processing service providers, listing all data structures and formats along with the relevant standards and open interoperability specifications in which exportable data is available.
Article 26 - Information Obligations for Provider Switching
Provider Changes and Data Portability
Available transfer procedures:
Upon request, customers can receive an individual manual export of their data and export both their research results and pricing processes. MARKT-PILOT can provide these results in JSON or XML format. MARKT-PILOT ensures that customers receive the requested data within two weeks for a full export. Data remains available for up to 90 days after the termination of a contractual relationship.
Data Register and Standards
Current online register (last updated: September 25, 2025):
|
Data Type |
Format |
Standard |
Description |
|
Customer Data |
JSON |
RFC 7159 |
Master data, profiles, preferences |
|
Transaction Data |
CSV |
RFC 4180 |
All business transactions since the start of the contract |
|
Audit Logs |
JSON |
RFC 5424 |
Activity logs (last 24 months) |
Article 28 – Transparency Obligations Regarding International Access
Jurisdiction of the ICT Infrastructure
Data processing by service area:
|
Service |
Jurisdiction |
Server Location |
Backup Location |
|
Main Application |
Germany (GDPR) |
Frankfurt am Main, Germany |
Stuttgart, Germany |
|
Database Cluster |
Germany (GDPR) |
Frankfurt am Main, Germany |
Berlin, Frankfurt am Main, Germany |
|
CDN/Cache |
EU (GDPR) |
Multi-Region, Global |
– |
|
Analytics |
EU (GDPR) |
EU |
– |
|
Backup Services |
Germany (GDPR) |
Stuttgart, Germany |
Düsseldorf, Germany |
Protective Measures Against Government Access
Technical Safeguards:
- Encryption: AES-128 end-to-end encryption of all customer data.
- Key Management: Keys and certificate management are handled independently by MARKT-PILOT.
- Geographic Restriction: No servers are operated outside the EU/EEA.
Organizational Measures:
- Data processing agreements in accordance with the GDPR with customers and subcontractors.
Certifications: ISO 27001
The data protection officer of the controller is:
DataCo GmbH
Dachauer Straße 65
80335 München
Deutschland
+49 89 7400 45840
www.dataguard.de
Contact and Procedure
Contact details of the Data Protection Officer (DPO):
Philipp Rotthaus
DataCo GmbH (DataGuard)
protthaus@consulting.dataguard.de