Terms for the Provision and Use of Product and Related Service Data (“Data”) to Third Parties pursuant to Art. 2 (14) of the Data Act (EU) 2023/2854 (“Data Act”) by MAN Truck & Bus SE as Data Holder pursuant to Art. 2 (13) of the Data Act
Within the scope of the asserted data access right pursuant to Art. 5 (1) of the Data Act, the following modalities apply between the third party (as any natural or legal person who is neither a data holder nor a user) and MAN Truck & Bus SE (“MAN”) as the data holder:
- Terms of Use
The terms of the Data Act apply to the provision and use of data; in particular, its definitions. The classification of the data under the Data Act is the responsibility of the data holder and may be adjusted in accordance with legal requirements.
With regard to the data requested under the Data Act, these may in certain cases also constitute personal data, especially in connection with the vehicle identification number.
The third party therefore confirms that: - they are entitled under the Data Act to receive the requested data;
- a valid request from a user or a party acting on behalf of a user pursuant to Art. 5.1 of the Data Act exists to provide the data to the third party; the third party undertakes to provide all necessary information and corresponding documents to prove this classification upon request by the data holder;
- they have not unduly impeded the exercise of the user’s choices or rights, including by offering choices in a non-neutral manner, or by coercing, deceiving, or manipulating the user, or by undermining or impairing the user’s autonomy, decision-making ability, or freedom of choice – including via a digital user interface or part thereof;
- they have entered into a contract regarding the use of the data with the third party;
- they waive any existing right of access to logger data;
- the affected persons (especially drivers) have been comprehensively informed about the data processing by MAN and that the information obligation towards MAN has been fulfilled;
- they themselves meet the data protection requirements with regard to the requested data vis-à-vis the affected persons. This includes, in particular, that there is a sufficient legal basis for further processing of the data and that the affected persons have been transparently informed about the processing;
- they are not a company or part of an affiliated company that has been designated as a gatekeeper pursuant to Art. 3 of Regulation (EU) 2022/1925 (cf. Art. 5.3 DA).
In case the above confirmations are incorrect, and the third party could have recognized this by exercising due diligence, or if they have at least negligently failed to comply with the underlying obligations, they undertake to indemnify MAN against all resulting fines or claims for damages or to hold MAN harmless.
The third party also confirms that they will use the data only in accordance with legal provisions (in particular the Data Act and GDPR) and the contractual agreements made with the user and, if applicable, with MAN. In particular, the third party is prohibited from using or disclosing the data if such processing would impair the safety requirements of the connected product as defined in Union or national law and could thereby lead to serious adverse effects on the health or safety of natural persons. The third party is also prohibited from using the data to develop a connected product that competes with the connected product from which the data originates, or from disclosing or using the data with this intent to any third party not subject to this agreement, in order to gain insights into the financial situation, assets, and production methods of MAN. - Provision Obligations
The data holder assures to provide the data to the third party to the best of their knowledge and capabilities. The third party expressly waives all warranties regarding the quality, characteristics, and quantity of the data as well as its suitability for any particular purpose. - Protection of Trade Secrets
All information classified by the data holder as trade secrets must be treated as strictly confidential and used exclusively for the purposes agreed with the user. The classification is indicated by appropriate marking within the provided data. The third party undertakes to treat all such marked data as strictly confidential, in particular to deny unauthorized persons access to the data in order to maintain confidentiality, and to use it exclusively within the scope of fulfilling their data access right. The obligation of confidentiality applies indefinitely, as long as the respective knowledge is not generally known or accessible.
This also includes the obligation to implement all technical and organizational measures specified by the data holder that are determined in the event of data being provided under a confidentiality agreement.
The user is aware that the data holder may refuse or suspend the transfer of data classified as trade secrets if the required measures are not agreed to or if the user fails to implement any agreed measures or if the confidentiality of the trade secrets is violated.
If the third party culpably violates any of the confidentiality obligations regulated in this agreement, they are obliged to pay an appropriate contractual penalty, the amount of which is determined by the data holder at their reasonable discretion and may be reviewed by the competent court in case of dispute. The assertion of further claims for damages remains unaffected. The contractual penalty will not be offset against any claim for damages.
Within two (2) weeks of receiving a written request from MAN, the third party will provide MAN with all information reasonably and necessarily required to verify the use, non-use, and safeguarding of data by the third party in accordance with this contract.
MAN is entitled, for the same purposes and at its own discretion, to conduct audits of all facilities, systems, and documents of the third party at its own expense and at any time, but not more than once per calendar year. Such audits are to be scheduled during regular business hours and in coordination with the third party, who must provide all necessary support and cooperation for a successful audit. Upon a sufficiently justified request by the third party, the audits will be conducted by independent auditors, without MAN having a right of access to the third party’s protected trade secrets.
In the event of a threatened or actual breach of confidentiality obligations, the data holder is entitled to seek injunctive relief. The third party acknowledges that even the threat or occurrence of a breach may cause irreparable harm that cannot be compensated by monetary damages alone. - Liability
The data holder shall be liable without limitation for damages resulting from intentional or grossly negligent breaches of duty by the data holder or by one of its legal representatives or vicarious agents.
In the case of simple or slightly negligent breaches of duty by the data holder or a legal representative or vicarious agent, the data holder shall only be liable for damages resulting from injury to life, body, or health. For negligently caused property and financial damages, the data holder and its vicarious agents shall only be liable for breaches of essential contractual obligations, but limited in amount to the foreseeable and contract-typical damages at the time of contract conclusion; essential contractual obligations are those whose fulfilment characterizes the contract and on which the customer may rely. - Final Provisions
Force majeure (“Force Majeure” means any event or events (or the combination of events) which significantly and sustainably negatively affect a party’s ability to fulfil its obligations (in particular embargo and export control) under this contract, where such event arises from or is attributable to actions, events, omissions, or accidents that are reasonably beyond the control of the respective party) releases the affected party from fulfilling the contractual obligation affected thereby for the duration of its existence and for a reasonable period to eliminate its effects, to the extent that performance is prevented by force majeure.
The third party also confirms that they will neither directly nor indirectly provide, export, or re-export goods, software and/or technology delivered under or in connection with this data provision to the Russian Federation and/or the Republic of Belarus or for use in the Russian Federation and/or the Republic of Belarus. The same applies to the sale, licensing, or other transfer of intellectual property rights or trade secrets as well as the granting of access or reuse rights to material or information protected by intellectual property rights or as trade secrets.
The third party shall promptly inform the data holder of any issues in applying the aforementioned restrictions, including any relevant activities by third parties that could undermine the purpose of the restrictions described in the previous paragraph. The third party shall provide the data holder with information regarding compliance with the aforementioned provision, export, and re-export obligations within two weeks of a unilateral request.
If the third party is a merchant, a legal entity under public law, or a special fund under public law, the exclusive place of jurisdiction for all disputes arising from the contractual relationship between the third party and the data holder shall be Munich, Germany. The same place of jurisdiction shall apply if the third party has no general place of jurisdiction within Germany or if they are sued and relocate their residence or habitual place of abode outside of Germany after the conclusion of the contract or if their residence or habitual place of abode is unknown at the time the action is brought.
German law shall apply to all disputes arising from or in connection with the contractual relationship between the third party and the data holder, to the exclusion of the United Nations Convention on Contracts for the International Sale of Goods (CISG). The application of mandatory provisions that restrict the choice of law remains unaffected.