Article 9 – Access to data

  1. Providers of online intermediation services shall include in their terms and conditions a description of the technical and contractual access, or absence thereof, of business users to any personal data or other data, or both, which business users or consumers provide for the use of the online intermediation services concerned or which are generated through the provision of those services.
  2. Through the description referred to in paragraph 1, providers of online intermediation services shall adequately inform business users in particular of the following:
    1. whether the provider of online intermediation services has access to personal data or other data, or both, which business users or consumers provide for the use of those services or which are generated through the provision of those services, and if so, to which categories of such data and under what conditions;
    2. whether a business user has access to personal data or other data, or both, provided by that business user in connection to the business user’s use of the online intermediation services concerned or generated through the provision of those services to that business user and the consumers of the business user’s goods or services, and if so, to which categories of such data and under what conditions;
    3. in addition to point (b), whether a business user has access to personal data or other data, or both, including in aggregated form, provided by or generated through the provision of the online intermediation services to all of the business users and consumers thereof, and if so, to which categories of such data and under what conditions; and
    4. whether any data under point (a) is provided to third parties, along with, where the provision of such data to third parties is not necessary for the proper functioning of the online intermediation services, information specifying the purpose of such data sharing, as well as possibilities for business users to opt out from that data sharing.
  3. This Article shall be without prejudice to the application of Regulation (EU) 2016/679, Directive (EU) 2016/680 and Directive 2002/58/EC.