EU Data Act

INFORMATION ON DATA EXPORT OPTIONS AND PROVIDER SWITCHING PROCESS

This page provides information required pursuant to Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (“Data Act”) concerning:

  • procedures and methods for switching to another data processing service provider and data transfer,
  • data structures, formats and interoperability specifications in which exportable data is made available,
  • categories of data and digital assets that may be transferred during a provider switch,
  • jurisdictions applicable to the ICT infrastructure used for data processing, and
  • measures adopted to prevent unlawful international access by public authorities to non-personal data stored in the EU.

The rights described in this annex apply if and to the extent the System is provided as a data processing service within the meaning of Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (“Data Act”). To the extent the provision of the System does not meet the definition of a data processing service under the Data Act, these rights shall not arise for the Customer.

1. AVAILABLE METHODS OF PROVIDER SWITCHING AND DATA TRANSFER

Contractors using Reenio may switch to another data processing service provider or migrate to their own on-premise ICT infrastructure. The following method is available: Assisted export and migration support. Upon request, GARVIS Solutions s.r.o. may provide migration assistance to the extent described in this document.

2. TECHNICAL AND OTHER KNOWN LIMITATIONS

Although we strive to ensure that provider switching and data portability are as smooth as possible, the following limitations may apply:

  • Service-specific structures and semantics – certain data (e.g., internal telemetry, internal models or proprietary logic) is closely tied to the Reenio platform and is not designed for export or use outside our environment. Such data may not be considered “exportable data” under applicable legal regulations and is therefore excluded from standard exports.
  • Dependencies on third-party services – if you use integrations with third-party tools, the data stored in such tools may be subject to their own export, format or API availability limitations. Reenio cannot guarantee portability of data processed exclusively within such third-party environments.
  • Performance and capacity limits – large-volume or frequent bulk exports may be subject to limits (rate limits), scheduling or batch processing in order to maintain the stability and performance of the Service for all customers.
  • Contractor related configuration and target environment – successful import into the target environment (another provider or on-premise system) depends on the technical capabilities, configuration and data model of such environment. Reenio does not control and is not responsible for limitations on the part of the target system.

3. CATEGORIES OF EXPORTABLE DATA AND DIGITAL ASSETS, DATA STRUCTURES AND FORMATS

The framework of automatically available data defines the current state of the API, including description of the structure:

  • https://manual.reenio.cz/cs/napoveda/integrace-a-aplikace/api
  • https://reenio.cz/api-docs/index.html

When providing comprehensive data, the language version (localisation within the system administration – one dataset may exist in multiple language copies) must be taken into account. The export always relates to a specific entity – entity registered under an ID number.

3.1 Always available online in administration (Export format: Excel)

  • Reservations
  • Customers
  • Payments and bills

3.2 Upon request in the form of a data package in JSON format (according to DB structure):

Customers

  • Customer data (incl. link to users)
  • Assigned tags
  • Custom customer data fields
  • Credit movements
  • GDPR consents granted
  • Communication history

Users

  • User data (without password)

Reservations

  • Reservation data
  • Custom form data
  • Related payments/refunds
  • Feedback questionnaire data

Resources

  • Location data
  • Service data
  • Employee data
  • Resource data (combination of location, service, employee)

Gift vouchers and codes

  • Voucher data
  • Voucher groups
  • Voucher codes and their redemption/history
  • Voucher sale offers
  • Voucher sales and related payments
  • Custom form data

Events

  • Individual event data including price settings
  • Link to “seat map” template incl. internal map description
  • Links to related objects (resources, custom messages, confirmation design, etc.)

Templates

  • Event template definitions
  • Seat map definitions incl. internal description
  • Reservation confirmation template definition incl. internal description
  • Voucher design template definition incl. internal description

Configuration

  • Entity data
  • User data and roles/permissions
  • Booking page settings (appearance, navigation, operating parameters)
  • Content information (terms and conditions, point-of-sale info, booking page info, email texts)
  • Time settings, localisation, email addresses
  • Payment settings parameters (billing data, payment process parameters, VAT, cash register, credit offers)
  • Notification settings (for customers, administrators, employees)
  • GDPR parameters incl. definition of consents

Days off / time blocking

  • Definition of blocked time periods

Payments

  • Payment data (payment gateway, payment terminal, transfer, cash register)
  • Related accounting documents
  • Link to payment reason (reservation, voucher, credit)

Custom messages

  • Custom message definitions (by type)
  • Custom message group definitions

Forms

  • Custom reservation form definitions
  • Custom voucher sales form definitions
  • Feedback questionnaire forms (linked to custom messages)

Storage

  • Data of individual stored files – link to customer, reservation, etc.
  • ZIP package of actual storage content

Reenio Connect

  • Data of historically created PINs

Registers

  • Tag data
  • VAT rates
  • Price variants

3.3 Categories of data that cannot be exported

  • Configuration of third-party integrations (analytics, smart emailing, alternative login, Google Calendar, Gmail, calendar sync, payment gateways etc.) – specific parameters and information with security risks and direct technical integration dependency on the Reenio system.
  • Administration environment configuration (calendar settings, filters, user calendars, etc.) – operational parameters used to tailor the administration working environment. These data are not usable outside Reenio.
  • System embedding configuration for websites – implementation dependencies relating to integration of Reenio at a technical level. These data are not usable outside Reenio.
  • Operational parameters and Reenio system data (subscription packages, subscription and credit purchase history, SMS parameters, additional functionality parameters such as storage, credit consumption history, etc.) – not usable outside Reenio.
  • Historical admin user activity logs – directly linked to the internal application structure and internal design; restricted for security reasons.
  • Templates for out-of-slot reservations – settings intended to improve administrative workflow efficiency; useless outside Reenio.
  • Configuration for Reenio Connect integration – specific technical integration dependencies with external hardware.
  • Data related to custom solutions and functionality for specific customers – direct dependency on external solutions (e.g., turnstiles) governed by separate agreements.

4. ICT INFRASTRUCTURE AND RELEVANT JURISDICTIONS

Data is stored in a database in the MS Azure cloud within the EU (Microsoft Azure: North Europe – Ireland), including continuous backups. These are also automatically stored in a redundant data centre in West Europe – Netherlands. The relevant jurisdiction in relation to the primary cloud infrastructure is the Republic of Ireland.

5. MEASURES AGAINST UNLAWFUL INTERNATIONAL ACCESS BY PUBLIC AUTHORITIES

Reenio (GARVIS Solutions s.r.o.) is committed to ensuring that any international access by public authorities to non-personal data stored in the EU occurs in compliance with applicable EU and Member State law. We have implemented a combination of technical, organisational and contractual measures to prevent or challenge access requests that would be contrary to EU or national law.

Technical measures include, inter alia:

  • Logical and physical separation of environments – data stored in the EU is hosted in EU data centres and logically separated from other environments.
  • Access control and principle of least privilege – access to production systems is strictly controlled, logged and limited to authorised personnel based on their role and necessity.
  • Encryption – data is protected both in transit and at rest using industry-standard encryption mechanisms, to the extent permitted by the relevant infrastructure and services.

These measures reduce the risk of foreign public authorities obtaining direct access to data through infrastructure providers without the use of appropriate legal channels.

Organisational and contractual measures include:

  • Provider contractual commitments – we require our cloud and infrastructure providers to comply with applicable EU law and, to the extent permitted by law, to notify us of any legally binding requests from public authorities for access to data. Standard Contractual Clauses (SCC) are also agreed between us and the infrastructure provider where relevant.
  • Internal procedures for handling requests – if Reenio receives a request from a public authority outside the EU/EEA for access to data stored in the EU, it will carefully assess the legal basis of such request, verify its compatibility with EU and applicable national law, and challenge or oppose the request where we*