1.1 Subject to the following general conditions (the "General Conditions") Datrix S.p.A. (hereinafter the "Supplier" or "Datrix") will provide the final user (hereinafter the "Customer"), with the services (the "Services"), as well as a limited, non-exclusive and non-transferable license (the "License") for the use of an online web solution, called RamApp (hereafter also the "Platform" or "Solution"), which is a Datrix web application that provides a user-friendly solution allowing researchers from various backgrounds to easily and successfully explore hyperspectral data, with a focus on Raman imaging. The Services and the Platform will be made available by the Supplier on ramapp.io (hereinafter the " Site"), according to the terms, quantities and fees (if any) that will be agreed through the Site and accepted by the Customer. The provision of the Services and the License will be governed by these General Conditions and by the Form (the "Form" and, together with the General Conditions, also defined "Agreement" or "Contract"); in the event of a conflict between the provisions of the General Conditions and the provisions contained in the Form, the latter (Form) shall prevail.
2.1 The Supplier will provide the Services and the Platform to the Customer on the basis of the quantities and terms indicated in this document that will be accepted by the Customer through the Site.
2.2 The Customer will accept the Agreement by flagging the relevant boxes through the subscription process.
2.3 It is understood between the Parties that the obligation that Datrix assumes under the Agreement is an obligation of means and not of results. Datrix, therefore, only guarantees the fulfillment of the Services and the supply of the Platform and that such Services will be provided in a workmanlike manner and the Platform will operate regularly, but not also that a specific result can derive from them. Therefore, no responsibility will be incurred by Datrix for any losses, damages or minor gains that the Customer may suffer or not achieve as a result of the execution of the Agreement.
3.1 The Customer will have access to the Platform through authorization and authentication credentials that will be communicated by the Supplier and will be used by the Customer under his own responsibility.
3.2 Access to and use of the Platform by the Customer must comply with the provisions established by the Agreement. The Customer acknowledges and agrees that the Supplier may, at its own discretion and without prior notice, suspend the use of the Platform and deactivate the Client's account, if the Platform is not used in compliance with the provisions of the Agreement.
3.3 The Customer declares and recognizes, as of now, also assuming full responsibility, that all keys to access their own systems and / or owned by third parties, information, content, data, texts, images provided to Datrix in execution of the Agreement and to be used through the use of the Platform, are in its legitimate and full availability and do not infringe any copyright, trademark, patent or other rights of third parties deriving from law, contract or use. The Customer, therefore, shall exempt and hold harmless the Supplier from any action by third parties or, in any case, responsibility related to the correctness and accuracy of the information and data transmitted to Datrix in execution of this Agreement.
3.4 The Supplier will not be responsible for the storage of data and information transmitted by the Customer and/or uploaded or used through the Platform. Therefore, the Customer must provide, under his own responsibility and care, the storage and the back-up in relation to the information transmitted and provided by the Supplier in execution of the Agreement.
3.5 Datrix is the sole and exclusive owner of all rights and interests connected to the Platform and any intellectual property directly or indirectly connected or connected to it, including any developments therein.
4.1 Every single Form will also contain the fees (if any) that the Customer shall pay to the Supplier for the supply of the Services and the use of the Platform (the "Price").
5.1. The Agreement will enter into force on the date the Form is signed by the Customer, and will remain effective until the deadline indicated in the Form, except in any case the right of Datrix to terminate it with 60 days notice.
6.1. The data and information made available and transmitted to the Customer by the Supplier through the use of the Platform are information and data which, in principle, do not include and do not involve processing of personal data pursuant to applicable law.
6.4 In relation to the data, information and materials transmitted to the Supplier by the Customer, the Customer shall keep indemnified the Supplier from any and all responsibility deriving from the inclusion in the data base, in execution of the Contract, of the data made available by the Customer, in relation to their correct collection and processing in accordance with the Privacy Law.
6.5 Without prejudice to the foregoing, in cases where the Supplier acts as Data Processor, the Customer will appoint the Supplier as Processor pursuant to art. 28 of EU Regulation 2016/679.
7.1 TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, DATRIX WILL NOT BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES (INCLUDING LOST DATA, SAVINGS, PROFITS OR REVENUES) ARISING FROM OR RELATED TO THE USE OF THE SOFTWARE AND, INGENERAL, FROM THIS AGREEMENT. DATRIX'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, WILL BE LIMITED TO AND WILL IN NO EVENT EXCEED THE AMOUNT ACTUALLY PAID BY CUSTOMER TO DATRIX UNDER THIS AGREEMENT FOR THE SPECIFIC ITEM THAT IS THE SUBJECT MATTER OF, OR IS DIRECTLY RELATED TO, THE CAUSE OF ACTION. NO ACTION, REGARDLESS OF FORM, ARISING OUT OF OR RELATING TO THIS AGREEMENT MAY BE BROUGHT BY CUSTOMER MORE THAN ONE YEAR AFTER THE CAUSE OF ACTION ACCRUED.
7.2 DATRIX DOES NOT MAKE ANY REPRESENTATION OR WARRANTIES OF ANY KIND, WITH RESPECT TO THE PLATFORM, SOLUTION, SOFTWARE, DOCUMENTATION, SERVICES AND DATA PROVIDED UNDER THIS AGREEMENT. DATRIX FURTHER EXPRESSLY DISCLAIMS THE WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE OR USE. IN PARTICULAR, IT IS EXPRESSLY DISCOURAGED THE USE OF THE SOLUTION FOR MEDICAL PRACTICES OR PURPOSES, AS THE SOLUTION SHOULD ONLY BE USED FOR ACADEMIC PURPOSES AND RESEARCHES. DATRIX MAKES NO WARRANTY THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR/BUG FREE.
7.3 Under no circumstances will Datrix be held responsible for the contents of any data, information or material received by the Customer, which will be used "as is", AND ALL REPRESENTATIONS, WARRANTIES, TERMS AND CONDITIONS, ORAL OR WRITTEN, EXPRESS OR IMPLIED (WHETHER BY LAW, STATUTE OR OTHERWISE), IN RELATION TO THE RIGHTFULNESS, COMPLETENESS AND ACCURACY OF DATA, INFORMATION AND RESULTS ARISING FROM THE USE OF THE PLATFORM ARE HEREBY EXCLUDED AND DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY THE APPLICABLE LAW.
7.4 The Customer undertakes to hold harmless from all losses, damages, liabilities, costs, charges and expenses, including any legal fees that may be incurred or suffered by the Supplier, as a consequence of any failure to meet the obligations assumed by the Customer with the signing of this Agreement and in any case connected to the transmission of information and data pursuant to the Agreement.
7.5 The Supplier will not be held responsible in any way for the malfunctioning of the Platform deriving from the responsibilities of telephone line, electrical and network operators, due to failures, overloads, interruptions, third party system suppliers, etc. Likewise, the Supplier can not be held responsible in any way for failing to fulfill its obligations arising from causes outside the sphere of its foreseeable control or due to force majeure.
7.6 Customer's exclusive remedy, and Datrix's sole liability, for defects and malfunctioning which are the responsibility of Datrix, will be, at Datrix's option: (i) to correct the defect within a reasonable time so that it conforms to the warranty; (ii) to replace the non-conforming solution with another software / solution of substantially similar functionality; or (iii) if neither (i) or (ii) is commercially feasible, permit Customer to terminate the license and the Agreement and refund the license fees actually paid for the remaining contractual period.
8.1 The Supplier commits to the Customer to grant in its favor a non-exclusive and non-transferable license related to the Platform, for a limited period of time under the present Agreement and with the express exclusion of any economic exploitation and marketing.
8.2 More specifically, the license granted includes:
right of use:
The License is granted to the Customer for a fixed term, being connected and ancillary to the purposes of the Agreement. Therefore, the License will automatically terminate upon the expiration or termination of this Agreement for any reason.
In any case of termination, in advance or not, of this Agreement, in addition, the Customer must immediately cease using the Platform.
8.3 Customer acknowledges that the Solution and its structure, organization, platform and source code constitute and contain valuable trade secrets of Datrix. Accordingly, Customer shall not: (i) reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code for the Software, or allow any third party to do the foregoing; (ii) modify, adapt, alter, translate or create derivative works from the Solution or Documentation; (iii) sublicense, rent, loan, lease, sell, or otherwise transfer all or part of the Solution or documentation to any third party except as expressly permitted under this Agreement; (iv) allow any non-authorized third party to access or use the Solution or the documentation; (v) disable, modify or circumvent the license management system provided with the Solution; (vi) remove, alter, or obscure any proprietary notices, labels, or marks from the Solution or documentation; (vii) disclose results or data or output arising from the use of the Solution without Datrix’s prior written consent; (viii) disclose, display, or permit access to or use of the Solution or documentation by persons other than authorized users using the software within the scope of the license acquired by Customer; or (ix) otherwise disclose, use or copy the Solution or documentation except as expressly permitted under this Agreement. Customer agrees to notify Datrix immediately of any unauthorized access to or use of the Software.
8.4 The Solution, platforms, documentation and all worldwide intellectual property rights therein, are and remain the sole and exclusive property of Datrix. Nothing in this Agreement will be deemed to convey to Customer any title, ownership, or other intellectual property rights in or related to the Solution or documentation or data, and Customer agrees not to assert any such rights. Without prejudice to the foregoing, it being understood between the parties that all data and information (such as hyperspectral data and other technical data) used by the Customer through the Platform and which pre-exist the Agreement or that are the result of the processing of such data through the Platform, will be and remain the property of the Customer.
8.5 Therefore, Customer expressly agrees that:
8.6 The Platform, related materials and any documentation are provided by Datrix "as is". Their use is at the sole risk of the Customer and the Customer acknowledges as of now to be solely responsible for any damage to its equipment or for loss of data resulting from the use of the Platform.
Datrix guarantees that the Platform provided carries out the functions described in the Agreement and in the related technical documentation, where available, provided that the Platform is used in compliance with this Agreement.
8.7 Customer will promptly notify the Platform's anomalies to Datrix, which must receive all the documents and information necessary or required for the identification and correction of anomalies. In any case, the warranty is excluded if the Customer does not notify the identified malfunctions within a maximum of 15 days, or in the event that the Customer makes changes to the Platform without the prior written consent of Datrix or make unauthorized use.
8.8 Datrix shall, at its own expense and subject to the terms of this Agreement indemnify, defend and hold Customer harmless from and against any claim(s) brought against Customer by a third party alleging that the Solution or any portion thereof as supplied under this Agreement and used within the scope of the licenses granted to Customer infringes any copyrights or patents, or violates any trade secrets; provided that Customer gives Datrix: (i) prompt written notice of such claim; (ii) assistance and information reasonably requested by Datrix; and (iii) the sole authority to defend and settle such claim.
9.1 The Supplier, pursuant to art. 1456 of the Italian Civil Code, may terminate at any time and with immediate effect the Agreement or the single Form, by means of a simple written communication declaring to avail itself of this clause, in case of delay in payment of more than 30 days from the date of expiry of the invoice, without prejudice to the right to request any default interest, pursuant to Legislative Decree 231/02, and subsequent amendments.
9.2 In any case, each of the Parties may terminate this Agreement if the other Party is in breach of its contractual obligations and has not remedied them within 30 (thirty) days following receipt of a written communication from the diligent Party that specifies and describes the non-fulfillment, pursuant to art. 1454 c.c.
The Agreement is governed by Italian law. The Parties agree that any dispute should arise between them in relation to the interpretation, execution, resolution of the same will be the exclusive jurisdiction of the Court of Milan.
11.1 The information that the Parties will exchange during the execution of this Agreement are to be considered confidential ("Confidential Information"), therefore not disclosable for any reason to third parties, unless expressly consented by the other party or by legal obligation. The Parties also undertake to carry out any activity aimed at preventing that the Confidential Information may in some way be acquired by third parties. The Confidential Information of a Party will not include the information that
(i) are or become in the public domain without the intervention or omission of the other Party;
(ii) were in the legitimate availability of the other Party prior to disclosure and were not obtained by the other Party directly or indirectly from the revealing Party;
(iii) are legitimately revealed to the other Party by a third party without limitation on disclosure; or
(iv) are developed by the other Party without the use or without reference to the Confidential Information.
The obligation of confidentiality will not apply in the event that disclosure of Confidential Information is required by law or following a valid order issued by a judicial authority or other governmental authority; however, it is understood that the Party that conforms to such order must first notify the other Party and must also endeavor to obtain a precautionary measure so that the Confidential Information thus disclosed will be used exclusively for the purposes for which the aforementioned order has been issued.
11.2 Any authorization or waiver granted or to be granted by one Party to another shall not affect the subsequent exercise by the latter of its full rights under the Agreement.
11.3 Any communication, approval, instruction or other written communication, foreseen by the Agreement, is valid if made by delivery to the other Party or by e-mail or registered letter, to the addresses indicated in the Form, as regards the Customer, and to the e-mail address indicated below, as regards the Supplier:
Foro Buonaparte, 71
20121 – Milan (Italy)
11.4 Any nullity, invalidity or ineffectiveness of one or more clauses of the Agreement will not extend to the remaining clauses and the Parties undertake to replace any null or ineffective clause with another valid and effective clause, of content similar to the replaced clause.
11.5 The Supplier shall have the right to transfer or otherwise assign the rights and obligations contained in this Agreement; the Customer will have the right to assign and in any case transfer the rights and obligations contained in this Agreement only by virtue of the Supplier's prior written consent.
11.6 The Agreement constitutes the entire contractual regulation between the Parties in relation to the scope referred to in the Form, and therefore fully replaces and substitutes any previous or separate agreement, written or oral, between the Parties in relation to its subject.
according to Articles 13 and 14 of EU Regulation 2016/679
Datrix S.p.A. has always valued the protection of personal data of its customers and users.
Through this document ("Policy"), we intend to renew our commitment to ensure that the processing of personal data by any means is carried out in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 ("GDPR" or "Regulation") and other applicable rules on the protection of personal data.
The term personal data refers to the definition contained in Article 4.1 of the Regulation, i.e. "any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the "Personal Data").
The Regulation provides that, before processing – which means "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction" (the "Processing") – Personal Data, it is necessary that the person to whom such Personal Data belongs is informed of the reasons for which such data is requested and how it will be used.
For this reason, this Policy – based on the principle of transparency and all the elements required by Article 13 of the Regulation – aims to provide you with all the useful and necessary information so that you can give your Personal Data in a conscious and informed way.
The company that will process your Personal Data for the purposes referred to in this Policy and that, therefore, will be the data controller, i.e. "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is Datrix S.p.A., with registered office in Foro Buonaparte no. 71, 20121 – Milan (Italy) (the "Controller" or “Datrix”).
To facilitate relations between you, as the Data Subject, and the Controller, Datrix S.p.A. has appointed a Data Protection Officer (“DPO”), according to Article 37 of the Regulation.
The DPO is SAPG Legal Tech S.r.l.
The DPO, under and for Article 39 of the Regulation, is called upon to perform, among others, the following activities:
To allow navigation on and registration to the website ramapp.io (the "Website") gather your Personal Data as well as navigation data (including through cookies), following the policies in the relative CMP that appear on the Websites when you first access them.
You can change your preferences on navigation cookies at any time by following this link.
The Controller will conduct the Processing of your Personal Data to allow you to:
To allow the Controller to carry out the Processing it will be necessary to provide Personal Data marked as "mandatory".
Such Processing will be lawful under Article 6.1, letter b) of the Regulations.
Suppose you fail to provide even one of the marked data. In that case, it will not be possible to process your Personal Data and, consequently, it will not be possible to respond to your requests and benefit from the services (provided through the Websites) for which you are required to provide Personal Data.
The Personal Data that will be requested from you for the pursuit of the above purposes will be those indicated in the registration and contact form, i.e., by way of example and without limitation: name, surname, e-mail address, telephone numbers of mobile users.
No Personal Data belonging to the particular categories referred to in Article 9 of the Regulations are processed.
In addition to the above purposes, your Personal Data may be processed to provide you with a better service and to promote products and services of your interest supplied and promoted by Datrix.
Concerning these purposes (including direct marketing), under Article 6.1 letter f) of the Regulation and Article 130 paragraph 4 of the Italian Privacy Code (so-called "soft spam exception"), Datrix may carry out this activity based on their legitimate interest, regardless of your explicit consent and in any case up to your opposition or limitation (in accordance with the provisions of Section F, letter f). d) and f) of the Policy) to such Processing, as better explained in Recital 47 of the Regulation, in which it is "considered legitimate interest of the data controller to process personal data for direct marketing purposes".
The choice mentioned above it is possible as a result of the assessments made by the Controller regarding the potential prevalence of your interests, rights and fundamental freedoms that require the protection of Personal Data over your legitimate interest in sending direct marketing communications.
Moreover, you may legitimately oppose the receipt of promotional communications at any time, without prejudice in any way to the Processing for other purposes.
Your Personal Data may be disclosed to specific entities the considered recipients of such Personal Data. Article 4, point 9) of the Regulation, defines as the recipient of a Personal Data "the natural or legal person, public authority, service or other body receiving communication of personal data, whether or not a third party" (the "Recipients").
Where required by law or to prevent or repress the commission of a crime, your Personal Data may be communicated to public bodies or judicial authorities without them being defined as Recipients. According to Article 4.9 of the Regulation, "public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered Recipients".
One of the principles applicable to the Processing of your Personal Data concerns the limitation of the period of storage, regulated by Article 5.1 letter e) of the Regulation which states that "Personal Data are stored in a form that allows the identification of the Data Subject for a time not exceeding the achievement of the purposes for which they are processed; Personal Data may be stored for longer periods provided that they are processed exclusively for purposes of archiving in the public interest, for scientific or historical research or statistical purposes, under Article 89, paragraph 1, without prejudice to the implementation of appropriate technical and organizational measures required by these Regulations to protect the rights and freedoms of the Data Subject".
In light of this principle, your Personal Data will be processed by Datrix only to the extent necessary for the pursuit of the purpose set out in Section C of this Policy.
In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Regulations, i.e. until the termination of the contractual relationship between you and the Controller, without prejudice to a further period of storage that may be imposed by law as also provided for in Recital 65 of the Regulations.
Concerning the Processing carried out to achieve the other purposes set out in this Policy, Datrix may legitimately process your Personal Data until you communicate, in one of the ways set out in the Information Notice, your desire to limit or oppose the Processing. Any such limitation or opposition will, in fact, require Datrix to stop processing your Personal Data for such purpose.
As provided for by Article 15 of the Regulations, you may access your Personal Data, request its correction and updating, if incomplete or incorrect, request its deletion if it has been collected in violation of a law or regulation, and oppose its Processing for legitimate and specific reasons.
In particular, here below, you will find all the rights that you may exercise, at any time, against the Controller.
RIGHT OF ACCESS
You will have the right, according to Article 15.1 of the Regulations, to obtain confirmation from the Controller as to whether or not your Personal Data is being processed and, if so, to get access to such Personal Data and the following information: a) the purposes of the Processing; b) the categories of Personal Data in question; c) the Recipients or categories of Recipients to whom your Personal Data has been or will be communicated, in particular if Recipients from third countries or international organizations; d) when possible, the period of retention of the Personal Data envisaged or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the Data Subject to ask the Controller to correct or delete Personal Data or to limit the Processing of Personal Data concerning him/her or to object to their Processing; f) the right to lodge a complaint with a supervisory authority; g) if Personal Data are not collected from the Data Subject, all available information on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such Processing for the Data Subject.
RIGHT OF RECTIFICATION
You will be able to obtain, under Article 16 of the Regulations, the rectification of your Personal Data that is inaccurate. Taking into account the purposes of the Processing, you will also be able to obtain the integration of your Personal Data that is incomplete, even by providing an additional statement.
RIGHT TO CANCELLATION
You may obtain, under Article 17.1 of the Regulations, the deletion of your Personal Data without unjustified delay and the Controller will be obliged to delete your Personal Data if there are even one of the following reasons:
In some cases, as provided for by Article 17.3 of the Regulation, the Controller is entitled not to delete your Personal Data if their Processing is necessary.
For example, for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest, for archiving in the public interest, for scientific or historical research or statistical purposes, for the ascertainment, exercise or defense of a right in court.
RIGHT TO LIMITATION OF PROCESSING
You will be able to obtain the limitation of the Processing, according to the Article 18 of the Regulations, in case one of the following hypotheses applies:
In case of limitation of the Processing, your Personal Data will be processed, except for storage, only with your consent or to ascertain, exercise or defend a right in court or to protect the rights of another natural or legal person or for reasons of public interest. We will inform you, in any event, before such limitation is lifted.
RIGHT TO DATA PORTABILITY
You may, at any time, request and receive, under Article 20.1 of the Regulations, all your Personal Data processed by the Controller in a structured, commonly used and readable format or request its transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by giving us written authorization.
RIGHT OF OPPOSITION
According to Article 21.2 of the Regulations and as also reiterated in Recital 70, you may object, at any time, to the Processing of your Personal Data if it is processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
Without prejudice to your right to appeal in any other administrative or judicial venue, if you believe that the Processing of your Personal Data conducted by the Controller violates the Regulations and applicable law, you may complain at the competent Data Protection Authority.
To exercise all your rights as identified above, you shall contact Datrix by sending an e-mail to email@example.com.
Please note that, at any time, you may also contact Datrix DPO in the manner provided in Section B of this Policy.
Your Personal Data will be processed by Datrix within the territory of the European Union.
Should it be necessary, for technical and operational reasons, to make use of subjects located outside the European Union, we hereby inform you that such subjects will be appointed as Data Processors according to and for the purposes of Article 28 of the Regulation and the transfer of your Personal Data to such subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation.
Therefore, all necessary precautions will be taken to ensure the fullest protection of your Personal Data, based on: (a) decisions of adequacy of the recipient third countries expressed by the European Commission; (b) adequate guarantees expressed by the recipient third party pursuant to Article 46 of the Regulation; (c) the adoption of binding corporate rules, so-called binding corporate rules; (d) the adoption of standard contractual clauses approved by the European Commission.
In any case, you may request further details from Datrix if your Personal Data has been processed outside the European Union by requesting evidence of the specific guarantees adopted.
The subscribing company (hereinafter the "Data Controller"), as the data controller of the personal data acquired, managed and stored on ramapp.io, in accordance with the principles expressed by the EU Regulation 2016/679 (the "GDPR");
In view of the foregoing, which constitutes an integral and essential part of this act of designation, the Data Controller appoints, pursuant to Article 28 of the GDPR, the Supplier as data processor.
In the performance of the services referred to in the Contract, the Supplier shall:
The Supplier shall, at the option of the Data Controller, erase or return all personal data after the provision of the services relating to the Contract has ended, including existing copies, unless Union or Member State law provides for data retention.