Launching November 4: The Future of RGM Report 2026 👉 Get Early Access
Home / Buynomics: Article 28 - Information Obligations for Provider Switching
Updated October 2025
Available Switching Procedures:
Export Format: JSON, CSV, XML (machine-readable according to RFC 4180)
Known Limitations:
Maximum export size: 10 GB per request
Processing time: 72 hours for full export
Retention period: Data remains available for 30 days after termination
Non-exportable: System logs older than 180 days, encrypted backup data
Data Register and Standards
Current Online Register (Last updated: 28.09.2025):
|
Data Type |
Format |
Standard |
Description |
|
Customer Data |
JSON or CSV |
RFC 8259RFC 4180 |
Master data, profiles, preferences |
|
KPIs Data |
CSV |
RFC 4180 |
The KPIs data from the Buynomics SaaS platform. |
|
Configuration Data |
JSON |
RFC 7159 |
System settings |
|
Audit Logs |
JSON |
RFC 8259 |
Activity protocols (last 24 months) |
Interoperability Standards:
Data can be exported upon the customer request in the formats stated above.
Article 28 - Transparency Obligations on International Access
ICT Infrastructure Jurisdiction
Data Processing by Service Areas:
|
Service |
Jurisdiction |
Server Location |
Backup Location |
|
Main Application |
Germany (GDPR) |
Frankfurt am Main, Germany |
Dublin, Ireland |
|
Database |
Germany (GDPR) |
Frankfurt am Main, Germany |
Dublin, Ireland |
|
Customer chat & help center |
EU (GDPR) |
EU |
EU |
|
Application Activity Logs |
US (US-EU Data Privacy Framework) |
US |
US |
Protection Measures Against Governmental Access
Technical Protection Measures:
Encryption at rest: AES-256 encryption of all customer data
Key Management: Encryption keys managed and audited through centralized and cloud-native Key Management System (KMS).
Encryption in transit: Transport Layer Security (TLS 1.2 or higher) encryption of all data exchanges
Geographic Restrictions:
No data is transferred to, or hosted in, third countries without explicit legal basis and GDPR-compliant safeguards
Organizational Measures:
Data processing agreements in accordance with the GDPR with customers and subcontractors. Please find the DPA in the following link under Schedule 2: https://www.buynomics.com/terms-and-conditions-2025
Contact and Procedures
Data Protection Officer (DPO)
Contact: Andreas Bethke
E-Mail: ext-dsb@b3-datenschutz.de
Support
E-Mail: info@buynomics.com
Service Desk Portal:https://buynomics.atlassian.net/servicedesk/customer/portal/4
Notice Period: Maximum 2 months
Postal Address: Rudolfplatz 3, 50674 Cologne, Germany
Complaints and Legal Protection
Internal Complaints: info@buynomics.com
Federal Supervision: Federal Network Agency (Bundesnetzagentur, Data Act Enforcement)
Supervisor authorities:
Name: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Address: Kavalleriestraße 2-4, 40213 Düsseldorf
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
