Compliance with the Data Act

Last updated: November 4, 2025

Compliance with EU Regulation 2023/2854 (the Data Act) is a key element of Vercom S.A.'s transparency. This page fulfills the requirements of Art. 28(1) of the regulation, providing information on the jurisdiction over the infrastructure and on measures to protect data from access by non-EU authorities.

Jurisdiction and Data Location

Vercom S.A.'s ICT infrastructure is subject to European Union law and the jurisdiction of Polish courts. Customer data is processed exclusively within the European Economic Area (EEA) by trusted providers:

Provider Name

Data Processing Location

Beyond Solutions sp. z o. o.

Poland

NTT Global Data Centers EMEA GmbH

Germany

Cyber Folks S.A.

Poland

Amazon Web Services EMEA SARL

Germany and Ireland

Cloudflare Inc.

EEA*

*In the case of Cloudflare Inc., which is a CDN provider, the exact processing location cannot be specified. However, Vercom S.A. has entered into a Data Localization Suite agreement that restricts processing to the EEA.

Protection Against Third-Party Access

Vercom S.A. has implemented multi-layered measures to protect data from unauthorized access.

Organizational Measures: A formal "Policy on Sharing Data with Third Parties" has been implemented at Vercom. According to it, every request for data disclosure from non-EU authorities undergoes a detailed legal assessment. The customer is informed of the request (if permitted by law), and any potential disclosure is limited to the absolute minimum.
Technical Measures: Data protection is supported by advanced technical measures, such as encryption (AES-256 for data at rest, TLS 1.2 in transit), security event monitoring systems (SIEM/SOAR), and strict access control (MFA, key management).
Contractual Measures: Vercom's agreements with infrastructure providers include clauses that restrict data processing to the EU territory and oblige them to provide information about data access requests.

Customer Autonomy and No Vendor Lock-in

A key principle at Vercom is customer autonomy. Contracts do not contain artificial barriers, such as non-standard notice periods or penalty clauses for termination. We allow the free use of competing providers' services (multi-vendor strategy) and provide full flexibility in managing technology architecture.

Interoperability and Data Access

Our web application and API are designed with interoperability in mind. We provide the capability to export data (within the scope available for the given solution) in standard, commonly used formats (including JSON, CSV, XML). The exported data retains its relational structure, ensuring its lossless transfer to other systems.

Vercom S.A.'s implementation of the Data Act principles is part of our strategy to build a secure and open data market, based on trust and a responsible approach to technology.

PreviousData Processing Agreement (DPA)NextDocument Templates

Last updated 1 day ago