1. A data user shall only be eligible to access customer data pursuant to Article 5(1) if that data user is subject to prior authorisation by a competent authority as a financial institution or is a financial information service provider pursuant to Article 14.
2. A data user shall only access customer data made available under Article 5(1) for the purposes and under the conditions for which the customer has granted its permission. A data user shall delete customer data when it is no longer necessary for the purposes for which the permission has been granted by a customer.
3. A customer may withdraw the permission it has granted to a data user. When processing is necessary for the performance of a contract, a customer may withdraw the permission it has granted to make customer data available to a data user according to the contractual obligations to which it is subject.
4. To ensure the effective management of customer data, a data user shall:
(a) not process any customer data for purp
…