Supermetrics and its applicability with the key contractual provisions of the EU Digital Operational Resilience Act

Supermetrics and the EU Digital Operational Resilience Act (“DORA”)

Key Contractual Provisions under DORA

Article 30 of DORA sets out the key contractual provisions required for all ICT third party providers. Article 30.2 sets out those which are applicable to all ICT third party providers, whereas 30.3 sets out additional requirements for critical or essential ICT third party providers.

A critical or essential ICT third party provider is one which provides essential technology services to financial entities whose large-scale failure could destabilize the entire financial system.

Supermetrics is a data integration and marketing intelligence platform that helps marketers make AI-powered decisions by connecting data, analyzing results with agents, and orchestrating actions across their marketing stack. Supermetrics also automates the process of moving marketing data from various sources (like Facebook Ads, Google Ads, or Shopify) into reporting and analytics tools (like Google Sheets, Excel, Looker Studio, or BigQuery).

In short: it eliminates the need for manual "copy-pasting" or CSV exporting by acting as a bridge between marketing platforms and reporting tools.

Although Supermetrics does provide an ICT service, this service does not fall under the definition of critical or essential ICT third party provider .

As such only the contractual provisions in Article 30.2 of DORA are relevant in relation to the provision of the Supermetrics service.

Supermetrics Agreements

Supermetrics typically enters into an Order Form with a customer which sets out the commercial elements of the deal i.e. the service description, usage limitations and price. The Order Form is governed by the Supermetrics Terms of Service which sets out the general rights and obligations between the Parties and a Data Processing Agreement at Annex 1.

The Order Form and the Terms of Service together form the entire agreement between the parties for the purposes of the provision of the Supermetrics service.

Key Contractual Provisions and Supermetrics Agreements

As previously mentioned only Article 30.2 of DORA is relevant for the purposes of the Supermetrics service. The Order Form and Terms of Service together already contain the key contractual provisions under Article 30.2. As such an additional DORA specific addendum is not required in order for financial entities to purchase or continue to use the Supermetrics service.

Supermetrics has set out each of the requirements of Article 30.2 DORA and the corresponding contractual provisions in our agreements below to assist customers in demonstrating that the agreement adheres to DORA:

30(2) The contractual arrangements on the use of ICT services shall include at least the following elements :

(a) a clear and complete description of all functions and ICT services to be provided by the ICT third-party service provider, indicating whether subcontracting of an ICT service supporting a critical or important function, or material parts thereof, is permitted and, when that is the case, the conditions applying to such subcontracting;

Supermetrics corresponding contractual provision : This is set out in the service description on page 1 of the Order Form.

Provisions relating to subcontracting of an ICT service supporting a critical or important function are not relevant as the Supermetrics service does not provide or support a critical or important function.

(b) the locations, namely the regions or countries, where the contracted or subcontracted functions and ICT services are to be provided and where data is to be processed, including the storage location, and the requirement for the ICT third-party service provider to notify the financial entity in advance if it envisages changing such locations;

Supermetrics corresponding contractual provision : This is set out in section 8.2 of the Data Processing Agreement (Annex 1 of the Terms of Service). Please also see our Subprocessor List (available at www.supermetrics.com/subprocessors)

(c) provisions on availability, authenticity, integrity and confidentiality in relation to the protection of data, including personal data;

Supermetrics corresponding contractual provision : This is set out in the Data Processing Agreement generally (Annex 1 of the Terms of Service). Please note there are also confidentiality obligations at section 13 of the Terms of Service which applies to all confidential information (including personal data).

(d) provisions on ensuring access, recovery and return in an easily accessible format of personal and non-personal data processed by the financial entity in the event of the insolvency, resolution or discontinuation of the business operations of the ICT third-party service provider, or in the event of the termination of the contractual arrangements;

Supermetrics corresponding contractual provision : This is set out in section 10.1 of the Data Processing Agreement (Annex 1 of the Terms of Service).

(e) service level descriptions, including updates and revisions thereof;

Supermetrics corresponding contractual provision : This is set out in the Service Level Annex of the Order Form where requested to be included.

(f) the obligation of the ICT third-party service provider to provide assistance to the financial entity at no additional cost, or at a cost that is determined ex-ante, when an ICT incident that is related to the ICT service provided to the financial entity occurs;

Supermetrics corresponding contractual provision : This is set out in section 6 generally of the Data Processing Agreement (Annex 1 of the Terms of Service).

(g) the obligation of the ICT third-party service provider to fully cooperate with the competent authorities and the resolution authorities of the financial entity, including persons appointed by them;

Supermetrics corresponding contractual provision : This is set out in section 7.3 of the Data Processing Agreement (Annex 1 of the Terms of Service).

(h) termination rights and related minimum notice periods for the termination of the contractual arrangements, in accordance with the expectations of competent authorities and resolution authorities;

Supermetrics corresponding contractual provision : This is set out in section 9 generally of the Terms of Service.

(i) the conditions for the participation of ICT third-party service providers in the financial entities’ ICT security awareness programmes and digital operational resilience training in accordance with Article 13(6).

Supermetrics corresponding contractual provision : As per Article 13(6) this is only required where appropriate. Supermetrics does not agree that it is appropriate for our employees to participate in customer’s ICT security awareness programmes. Supermetrics conducts its own security awareness programmes.

Please reach out to your Supermetrics Account Executive or Customer Success Manager if you have any questions about the above.

Connect

Manage

Analyze

Activate

Introducing Supermetrics AI

Company

Industry

Team

Use case

Build on Supermetrics

Stay updated

Events

Learn and discover

Support

The Marketing Data Report 2025

About

Careers