[{"data":1,"prerenderedAt":316},["ShallowReactive",2],{"eu-data-act-documentation-[object Object]-published":3},{"name":4,"created_at":5,"published_at":6,"updated_at":7,"id":8,"uuid":9,"content":10,"slug":304,"full_slug":304,"sort_by_date":13,"position":305,"tag_list":306,"is_startpage":28,"parent_id":307,"meta_data":13,"group_id":308,"first_published_at":6,"release_id":13,"lang":309,"path":13,"alternates":310,"default_full_slug":304,"translated_slugs":311},"EU Data Act Documentation ","2026-04-02T11:04:58.239Z","2026-04-02T11:10:23.284Z","2026-04-02T11:10:23.301Z",161539269695537,"3debe8d6-2202-44f5-a7be-830ef9da2362",{"_uid":11,"image":12,"metatags":17,"component":20,"components":21,"additional_seo":300,"footer_cta_text_alt":301},"ea4af974-da63-42a0-8f8d-5f70cfceac70",{"id":13,"alt":13,"name":14,"focus":13,"title":13,"source":13,"filename":14,"copyright":13,"fieldtype":15,"meta_data":16},null,"","asset",{},{"_uid":18,"title":4,"plugin":19,"og_image":14,"og_title":4,"description":14,"twitter_image":14,"twitter_title":14,"og_description":14,"twitter_description":14},"8b8df43f-1d2f-4b6d-8095-3fcab37461d6","seo_metatags","page",[22,30],{"_uid":23,"image":24,"component":29},"979939f4-b782-4fcd-b947-26784957f480",{"id":25,"alt":14,"name":14,"focus":14,"title":14,"source":14,"filename":26,"copyright":14,"fieldtype":15,"meta_data":27,"is_external_url":28},161539610328632,"https://a.storyblok.com/f/297658/5376x3584/a8a2d5ede9/eu-data-act-documentation.jpeg",{},false,"c-hero",{"_uid":31,"title":4,"content":32,"subtitle":14,"component":299},"d5c2fa2c-2a5e-42b5-8b53-f0c21cddf25e",[33],{"_uid":34,"is_big":28,"content":35,"component":298},"130eb300-0483-4595-8ad8-6e08f8d4f950",{"type":36,"content":37},"doc",[38,45,51,56,58,68,73,78,83,88,93,103,108,110,118,185,193,230,232,239],{"type":39,"attrs":40,"content":41},"paragraph",{"textAlign":13},[42],{"text":43,"type":44},"To the extent applicable, Prewave GmbH provides the following information:","text",{"type":39,"attrs":46,"content":48},{"textAlign":47},"justify",[49],{"text":50,"type":44},"The ICT infrastructure deployed by Prewave for data processing is located in the European Union, i.e. in Austria and Belgium, and therefore underlies these jurisdictions.",{"type":39,"attrs":52,"content":53},{"textAlign":47},[54],{"text":55,"type":44},"Prewave will take all adequate technical, organisational and legal measures in order to prevent international and third-country governmental access and transfer of non-personal data held in the Union where such transfer or access would create a conflict with Union law or with the national law of the relevant Member State.",{"type":39,"attrs":57},{"textAlign":13},{"type":59,"attrs":60,"content":62},"heading",{"level":61,"textAlign":47},2,[63],{"text":64,"type":44,"marks":65},"Legal measures",[66],{"type":67},"bold",{"type":39,"attrs":69,"content":70},{"textAlign":47},[71],{"text":72,"type":44},"Any decision or judgment of a third-country court or tribunal and any decision of a third-country administrative authority requiring Prewave to transfer or give access to non-personal data falling within the scope of the EU Data Act held in the Union shall be followed by Prewave only if it is based on an international agreement recognising the decision, such as a mutual legal assistance treaty, in force between the requesting third country and the Union, or any such agreement between the requesting third country and a Member State. ",{"type":39,"attrs":74,"content":75},{"textAlign":47},[76],{"text":77,"type":44},"Should such an international agreement not be in force for the concerned decision or judgement, Prewave will only transfer any data if the conditions of Art 32 Para 2 EU Data Act are met. Prewave will duly assess any requests for a transfer of data.",{"type":39,"attrs":79,"content":80},{"textAlign":47},[81],{"text":82,"type":44},"Prewave will inform Customer about the existence of a request of a third-country authority to access its data before complying with that request to the extent legally permissible. ",{"type":39,"attrs":84,"content":85},{"textAlign":47},[86],{"text":87,"type":44},"Should Prewave be required to provide any international government with data, Prewave shall in response to such request only provide the minimum amount of data permissible.",{"type":39,"attrs":89,"content":90},{"textAlign":47},[91],{"text":92,"type":44},"The subprocessors of Prewave also underlie the EU Data Act.",{"type":59,"attrs":94,"content":96},{"level":95,"textAlign":13},3,[97,99],{"type":98},"hard_break",{"text":100,"type":44,"marks":101},"Technical and organisational measures",[102],{"type":67},{"type":39,"attrs":104,"content":105},{"textAlign":47},[106],{"text":107,"type":44},"The following technical and organisational measures are implemented by Prewave GmbH in order to prevent unlawful international governmental access or transfers and represent the most relevant measures but do not serve as an exhaustive list. The measures are continuously improved by Prewave according to feasibility and state of the art. Prewave will provide Customer with any additional information if reasonably requested.",{"type":39,"attrs":109},{"textAlign":13},{"type":59,"attrs":111,"content":113},{"level":112,"textAlign":47},4,[114],{"text":115,"type":44,"marks":116},"Confidentiality:",[117],{"type":67},{"type":119,"content":120},"bullet_list",[121,129,136,143,150,157,164,171,178],{"type":122,"content":123},"list_item",[124],{"type":39,"attrs":125,"content":126},{"textAlign":47},[127],{"text":128,"type":44},"Physical Access Control",{"type":122,"content":130},[131],{"type":39,"attrs":132,"content":133},{"textAlign":47},[134],{"text":135,"type":44},"Data centers are TISAX and ISO27001 certified",{"type":122,"content":137},[138],{"type":39,"attrs":139,"content":140},{"textAlign":47},[141],{"text":142,"type":44},"Security zone concept",{"type":122,"content":144},[145],{"type":39,"attrs":146,"content":147},{"textAlign":47},[148],{"text":149,"type":44},"Information security policies and procedures",{"type":122,"content":151},[152],{"type":39,"attrs":153,"content":154},{"textAlign":47},[155],{"text":156,"type":44},"Logical Access Control (strong login procedures, log of activities etc.)",{"type":122,"content":158},[159],{"type":39,"attrs":160,"content":161},{"textAlign":47},[162],{"text":163,"type":44},"Firewalls",{"type":122,"content":165},[166],{"type":39,"attrs":167,"content":168},{"textAlign":47},[169],{"text":170,"type":44},"Encryption",{"type":122,"content":172},[173],{"type":39,"attrs":174,"content":175},{"textAlign":47},[176],{"text":177,"type":44},"Role based access control",{"type":122,"content":179},[180],{"type":39,"attrs":181,"content":182},{"textAlign":47},[183],{"text":184,"type":44},"Access Control Policy",{"type":59,"attrs":186,"content":187},{"level":112,"textAlign":13},[188,189],{"type":98},{"text":190,"type":44,"marks":191},"Authorization Control:",[192],{"type":67},{"type":119,"content":194},[195,202,209,216,223],{"type":122,"content":196},[197],{"type":39,"attrs":198,"content":199},{"textAlign":47},[200],{"text":201,"type":44},"Encrypted access to systems when accessed remotely",{"type":122,"content":203},[204],{"type":39,"attrs":205,"content":206},{"textAlign":47},[207],{"text":208,"type":44},"SSL encryption",{"type":122,"content":210},[211],{"type":39,"attrs":212,"content":213},{"textAlign":47},[214],{"text":215,"type":44},"Information Security Policy",{"type":122,"content":217},[218],{"type":39,"attrs":219,"content":220},{"textAlign":47},[221],{"text":222,"type":44},"Management of user rights by administrators",{"type":122,"content":224},[225],{"type":39,"attrs":226,"content":227},{"textAlign":47},[228],{"text":229,"type":44},"Penetration tests",{"type":39,"attrs":231},{"textAlign":13},{"type":59,"attrs":233,"content":234},{"level":112,"textAlign":13},[235],{"text":236,"type":44,"marks":237},"Transfer Control",[238],{"type":67},{"type":119,"content":240},[241,248,255,262,269,276,283,290],{"type":122,"content":242},[243],{"type":39,"attrs":244,"content":245},{"textAlign":13},[246],{"text":247,"type":44},"Transport encryption (use of secure protocols such as HTTPS and SFTP)",{"type":122,"content":249},[250],{"type":39,"attrs":251,"content":252},{"textAlign":13},[253],{"text":254,"type":44},"Encryption of data carriers",{"type":122,"content":256},[257],{"type":39,"attrs":258,"content":259},{"textAlign":13},[260],{"text":261,"type":44},"Logging of accesses and retrievals",{"type":122,"content":263},[264],{"type":39,"attrs":265,"content":266},{"textAlign":13},[267],{"text":268,"type":44},"Security awareness training",{"type":122,"content":270},[271],{"type":39,"attrs":272,"content":273},{"textAlign":13},[274],{"text":275,"type":44},"Asset inventory",{"type":122,"content":277},[278],{"type":39,"attrs":279,"content":280},{"textAlign":13},[281],{"text":282,"type":44},"Mobile Device Policy",{"type":122,"content":284},[285],{"type":39,"attrs":286,"content":287},{"textAlign":13},[288],{"text":289,"type":44},"Frequent audits",{"type":122,"content":291},[292],{"type":39,"attrs":293,"content":294},{"textAlign":13},[295,297],{"text":296,"type":44},"Verified adherence to relevant security reassurance certification schemes",{"type":98},"c-text","m-section",[],{"type":36,"content":302},[303],{"type":39},"eu-data-act-documentation",-240,[],0,"0f199682-57d5-494e-b424-090f7a4fa510","default",[],[312,314],{"path":304,"name":13,"lang":313,"published":13},"fr",{"path":304,"name":13,"lang":315,"published":13},"de",1775205584278]