diff --git a/src/Controller/Front/PersonalDataController.php b/src/Controller/Front/PersonalDataController.php
new file mode 100644
index 0000000000..c9913d1e08
--- /dev/null
+++ b/src/Controller/Front/PersonalDataController.php
@@ -0,0 +1,81 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shopsys\FrameworkBundle\Controller\Front;
+
+use Shopsys\FrameworkBundle\Component\Domain\Domain;
+use Shopsys\FrameworkBundle\Component\HttpFoundation\XmlResponse;
+use Shopsys\FrameworkBundle\Model\Customer\User\CustomerUserFacade;
+use Shopsys\FrameworkBundle\Model\Newsletter\NewsletterFacade;
+use Shopsys\FrameworkBundle\Model\Order\OrderFacade;
+use Shopsys\FrameworkBundle\Model\PersonalData\PersonalDataAccessRequest;
+use Shopsys\FrameworkBundle\Model\PersonalData\PersonalDataAccessRequestFacade;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class PersonalDataController extends AbstractController
+{
+    /**
+     * @param \Shopsys\FrameworkBundle\Component\Domain\Domain $domain
+     * @param \Shopsys\FrameworkBundle\Model\Customer\User\CustomerUserFacade $customerUserFacade
+     * @param \Shopsys\FrameworkBundle\Model\Order\OrderFacade $orderFacade
+     * @param \Shopsys\FrameworkBundle\Model\Newsletter\NewsletterFacade $newsletterFacade
+     * @param \Shopsys\FrameworkBundle\Model\PersonalData\PersonalDataAccessRequestFacade $personalDataAccessRequestFacade
+     * @param \Shopsys\FrameworkBundle\Component\HttpFoundation\XmlResponse $xmlResponse
+     */
+    public function __construct(
+        protected readonly Domain $domain,
+        protected readonly CustomerUserFacade $customerUserFacade,
+        protected readonly OrderFacade $orderFacade,
+        protected readonly NewsletterFacade $newsletterFacade,
+        protected readonly PersonalDataAccessRequestFacade $personalDataAccessRequestFacade,
+        protected readonly XmlResponse $xmlResponse,
+    ) {
+    }
+
+    /**
+     * @param string $hash
+     * @return \Symfony\Component\HttpFoundation\Response
+     */
+    public function exportXmlAction(string $hash): Response
+    {
+        $personalDataAccessRequest = $this->personalDataAccessRequestFacade->findByHashAndDomainId(
+            $hash,
+            $this->domain->getId(),
+        );
+
+        if (
+            $personalDataAccessRequest !== null
+            && $personalDataAccessRequest->getType() === PersonalDataAccessRequest::TYPE_EXPORT
+        ) {
+            $customerUser = $this->customerUserFacade->findCustomerUserByEmailAndDomain(
+                $personalDataAccessRequest->getEmail(),
+                $this->domain->getId(),
+            );
+
+            $orders = $this->orderFacade->getOrderListForEmailByDomainId(
+                $personalDataAccessRequest->getEmail(),
+                $this->domain->getId(),
+            );
+
+            $newsletterSubscriber = $this->newsletterFacade->findNewsletterSubscriberByEmailAndDomainId(
+                $personalDataAccessRequest->getEmail(),
+                $this->domain->getId(),
+            );
+
+            $xmlContent = $this->render('@ShopsysFramework/Front/Content/PersonalData/export.xml.twig', [
+                'customerUser' => $customerUser,
+                'newsletterSubscriber' => $newsletterSubscriber,
+                'orders' => $orders,
+            ])->getContent();
+
+            $fileName = $personalDataAccessRequest->getEmail() . '.xml';
+
+            return $this->xmlResponse->getXmlResponse($fileName, $xmlContent);
+        }
+
+        throw new NotFoundHttpException();
+    }
+}
diff --git a/src/Model/Customer/User/CustomerUserFacade.php b/src/Model/Customer/User/CustomerUserFacade.php
index 65e162f14e..91c7ef40de 100644
--- a/src/Model/Customer/User/CustomerUserFacade.php
+++ b/src/Model/Customer/User/CustomerUserFacade.php
@@ -165,6 +165,7 @@ public function edit(
         ?DeliveryAddress $deliveryAddress = null,
     ) {
         $customerUser = $this->getCustomerUserById($customerUserId);
+        $customerUserOriginalRoles = $customerUser->getRoles();
 
         if (
             $customerUserUpdateData->deliveryAddressData
@@ -199,6 +200,10 @@ public function edit(
             $this->newsletterFacade->deleteSubscribedEmailIfExists($customerUser->getEmail(), $customerUser->getDomainId());
         }
 
+        if ($this->areRolesChanged($customerUser->getRoles(), $customerUserOriginalRoles)) {
+            $this->customerUserRefreshTokenChainFacade->removeAllCustomerUserRefreshTokenChains($customerUser);
+        }
+
         return $customerUser;
     }
 
@@ -465,4 +470,14 @@ public function isLastSecurityChangeOlderThan(string $customerUserUuid, DateTime
     {
         return $this->customerUserRepository->isLastSecurityChangeOlderThan($customerUserUuid, $referenceDateTime);
     }
+
+    /**
+     * @param string[] $customerUserCurrentRoles
+     * @param string[] $customerUserOriginalRoles
+     * @return bool
+     */
+    protected function areRolesChanged(array $customerUserCurrentRoles, array $customerUserOriginalRoles): bool
+    {
+        return array_diff($customerUserCurrentRoles, $customerUserOriginalRoles) !== [] || array_diff($customerUserOriginalRoles, $customerUserCurrentRoles) !== [];
+    }
 }
diff --git a/src/Model/Customer/User/Role/CustomerUserRole.php b/src/Model/Customer/User/Role/CustomerUserRole.php
index 5c8c7db6bb..7f3bfb5f15 100644
--- a/src/Model/Customer/User/Role/CustomerUserRole.php
+++ b/src/Model/Customer/User/Role/CustomerUserRole.php
@@ -9,6 +9,7 @@ class CustomerUserRole
     public const ROLE_API_LOGGED_CUSTOMER = 'ROLE_API_LOGGED_CUSTOMER';
     public const ROLE_API_ALL = 'ROLE_API_ALL';
     public const ROLE_API_CUSTOMER_SELF_MANAGE = 'ROLE_API_CUSTOMER_SELF_MANAGE';
+    public const ROLE_API_CUSTOMER_SEES_PRICES = 'ROLE_API_CUSTOMER_SEES_PRICES';
 
     /**
      * @return array<string, string>
@@ -18,6 +19,7 @@ public function getAvailableRoles(): array
         return [
             t('B2B data and user management') => self::ROLE_API_ALL,
             t('Customer self manage') => self::ROLE_API_CUSTOMER_SELF_MANAGE,
+            t('Customer sees prices') => self::ROLE_API_CUSTOMER_SEES_PRICES,
         ];
     }
 }
diff --git a/src/Model/Customer/User/Role/CustomerUserRoleProvider.php b/src/Model/Customer/User/Role/CustomerUserRoleProvider.php
new file mode 100644
index 0000000000..05b5603241
--- /dev/null
+++ b/src/Model/Customer/User/Role/CustomerUserRoleProvider.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shopsys\FrameworkBundle\Model\Customer\User\Role;
+
+use Shopsys\FrameworkBundle\Model\Customer\User\CustomerUser;
+use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
+
+class CustomerUserRoleProvider
+{
+    /**
+     * @param \Symfony\Component\Security\Core\Role\RoleHierarchyInterface $roleHierarchy
+     */
+    public function __construct(
+        protected readonly RoleHierarchyInterface $roleHierarchy,
+    ) {
+    }
+
+    /**
+     * @param \Shopsys\FrameworkBundle\Model\Customer\User\CustomerUser $customerUser
+     * @return string[]
+     */
+    public function getRolesForCustomerUser(CustomerUser $customerUser): array
+    {
+        $roles = $this->roleHierarchy->getReachableRoleNames($customerUser->getRoles());
+
+        return array_unique($roles);
+    }
+
+    /**
+     * @param \Shopsys\FrameworkBundle\Model\Customer\User\CustomerUser $customerUser
+     * @return bool
+     */
+    public function canSeePrices(CustomerUser $customerUser): bool
+    {
+        $roles = $this->getRolesForCustomerUser($customerUser);
+
+        return in_array(CustomerUserRole::ROLE_API_CUSTOMER_SEES_PRICES, $roles, true);
+    }
+}
diff --git a/src/Resources/translations/messages.cs.po b/src/Resources/translations/messages.cs.po
index d4ca04c94a..03d3f81632 100644
--- a/src/Resources/translations/messages.cs.po
+++ b/src/Resources/translations/messages.cs.po
@@ -979,6 +979,9 @@ msgstr "Jméno zákazníka"
 msgid "Customer phone number"
 msgstr "Telefonní číslo zákazníka"
 
+msgid "Customer sees prices"
+msgstr "Zákazník vidí ceny"
+
 msgid "Customer self manage"
 msgstr "Spravovat své údaje"
 
diff --git a/src/Resources/translations/messages.en.po b/src/Resources/translations/messages.en.po
index 9bd1add867..aa878ccc64 100644
--- a/src/Resources/translations/messages.en.po
+++ b/src/Resources/translations/messages.en.po
@@ -979,6 +979,9 @@ msgstr ""
 msgid "Customer phone number"
 msgstr ""
 
+msgid "Customer sees prices"
+msgstr ""
+
 msgid "Customer self manage"
 msgstr ""
 
diff --git a/src/Resources/views/Front/Content/PersonalData/adress.xml.twig b/src/Resources/views/Front/Content/PersonalData/adress.xml.twig
new file mode 100644
index 0000000000..dad7bb0e88
--- /dev/null
+++ b/src/Resources/views/Front/Content/PersonalData/adress.xml.twig
@@ -0,0 +1,21 @@
+<customer_addresses>
+    {% set billingAddress = customerUser.customer.billingAddress %}
+    <address>
+        <address_type>billing</address_type>
+        <street><![CDATA[{{ billingAddress.street }}]]></street>
+        <city><![CDATA[{{ billingAddress.city }}]]></city>
+        <postal_code><![CDATA[{{ billingAddress.postCode }}]]></postal_code>
+        <country_code><![CDATA[{{ billingAddress.country.code|default('') }}]]></country_code>
+    </address>
+    {% if customerUser.customer.deliveryAddresses is not null %}
+        {% for deliveryAddress in customerUser.customer.deliveryAddresses %}
+            <address>
+                <address_type>shipping</address_type>
+                {% if deliveryAddress.street is not null %}<street><![CDATA[{{ deliveryAddress.street }}]]></street>{% endif %}
+                {% if deliveryAddress.city is not null %}<city><![CDATA[{{ deliveryAddress.city }}]]></city>{% endif %}
+                {% if deliveryAddress.postCode is not null %}<postal_code><![CDATA[{{ deliveryAddress.postCode }}]]></postal_code>{% endif %}
+                {% if deliveryAddress.country is not null %}<country_code><![CDATA[{{ deliveryAddress.country.code }}]]></country_code>{% endif %}
+            </address>
+        {% endfor %}
+    {% endif %}
+</customer_addresses>
diff --git a/src/Resources/views/Front/Content/PersonalData/export.xml.twig b/src/Resources/views/Front/Content/PersonalData/export.xml.twig
new file mode 100644
index 0000000000..82e0a0f256
--- /dev/null
+++ b/src/Resources/views/Front/Content/PersonalData/export.xml.twig
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<customers>
+    <customer>
+
+        {% if customerUser is not null %}
+            <customer_name>
+                <firstname><![CDATA[{{ customerUser.firstName }}]]></firstname>
+                <lastname><![CDATA[{{ customerUser.lastName }}]]></lastname>
+                <phone><![CDATA[{{ customerUser.telephone }}]]></phone>
+                <email><![CDATA[{{ customerUser.email }}]]></email>
+            </customer_name>
+
+            {% if customerUser.customer.billingAdress is defined or customerUser.customer.deliveryAddresses is defined %}
+                {% include '@ShopsysFramework/Front/Content/PersonalData/adress.xml.twig' with {'customerUser' : customerUser} %}
+            {% endif %}
+
+            {% if customerUser.customer.billingAddress is defined and customerUser.customer.billingAddress.companyCustomer %}
+                {% set billingAddress = customerUser.customer.billingAddress %}
+                <customer_company>
+                    {% if billingAddress.companyName is not null %}
+                        <company_name><![CDATA[{{ billingAddress.companyName }}]]></company_name>
+                    {% endif %}
+                    {% if billingAddress.companyNumber is not null %}
+                        <company_registration_number><![CDATA[{{ billingAddress.companyNumber }}]]></company_registration_number>
+                    {% endif %}
+                    {% if billingAddress.companyTaxNumber is not null %}
+                        <company_vat_registration_number><![CDATA[{{ billingAddress.companyTaxNumber }}]]></company_vat_registration_number>
+                    {% endif %}
+                </customer_company>
+            {% endif %}
+        {% endif %}
+
+        <other_information>
+            <newsletter_subscription>{% if newsletterSubscriber is null %}0{% else %}1{% endif %}</newsletter_subscription>
+        </other_information>
+
+        {% if orders|length > 0 %}
+            {% include('@ShopsysFramework/Front/Content/PersonalData/orders.xml.twig' ) with {'orders': orders} %}
+        {% endif %}
+
+    </customer>
+</customers>
diff --git a/src/Resources/views/Front/Content/PersonalData/orders.xml.twig b/src/Resources/views/Front/Content/PersonalData/orders.xml.twig
new file mode 100644
index 0000000000..c8e0552f9e
--- /dev/null
+++ b/src/Resources/views/Front/Content/PersonalData/orders.xml.twig
@@ -0,0 +1,104 @@
+<customer_orders>
+    {% for order in orders %}
+        {% set customerUser = order.customerUser %}
+        <order>
+            <variable_symbol>{{ order.number }}</variable_symbol>
+            <order_create_date>{{ order.createdAt|date('c') }}</order_create_date>
+            <order_canceled>{% if order.isCancelled %}1{% else %}0{% endif %}</order_canceled>
+            <order_addresses>
+                <address>
+                    <address_type>billing</address_type>
+                    <street><![CDATA[{{ order.street }}]]></street>
+                    <city><![CDATA[{{ order.city }}]]></city>
+                    <postal_code><![CDATA[{{ order.postCode }}]]></postal_code>
+                    <country_code><![CDATA[{{ order.country.code }}]]></country_code>
+
+                    {% if order.companyName is not null %}
+                        <company>
+                            {% if order.companyName is not null %}
+                                <company_name><![CDATA[{{ order.companyName }}]]></company_name>
+                            {% endif %}
+                            {% if order.companyNumber is not null %}
+                                <company_registration_number><![CDATA[{{ order.companyNumber }}]]></company_registration_number>
+                            {% endif %}
+                            {% if order.companyTaxNumber is not null %}
+                                <company_vat_registration_number><![CDATA[{{ order.companyTaxNumber }}]]></company_vat_registration_number>
+                            {% endif %}
+                        </company>
+                    {% endif %}
+
+                    <contact_name>
+                        {% if order.firstName is not null %}
+                            <firstname><![CDATA[{{ order.firstName }}]]></firstname>
+                        {% endif %}
+                        {% if order.lastName is not null %}
+                            <lastname><![CDATA[{{ order.lastName }}]]></lastname>
+                        {% endif %}
+                        {% if order.companyName is not null %}
+                            <company_name><![CDATA[{{ order.companyName }}]]></company_name>
+                        {% endif %}
+                    </contact_name>
+                </address>
+
+                {% if order.deliveryAddressSameAsBillingAddress == false %}
+                    <address>
+                        <address_type>shipping</address_type>
+                        <contact_name>
+                            {% if order.deliveryFirstName is not null %}
+                                <firstname><![CDATA[{{ order.deliveryFirstName }}]]></firstname>
+                            {% endif %}
+                            {% if order.deliveryLastName is not null %}
+                                <lastname><![CDATA[{{ order.deliveryLastName }}]]></lastname>
+                            {% endif %}
+                        </contact_name>
+
+                        {% if order.deliveryCompanyName is not null %}
+                            <company>
+                                <company_name><![CDATA[{{ order.deliveryCompanyName }}]]></company_name>
+                            </company>
+                        {% endif %}
+
+                        {% if order.deliveryStreet is not null %}
+                            <street><![CDATA[{{ order.deliveryStreet }}]]></street>
+                        {% endif %}
+                        {% if order.deliveryCity is not null %}
+                            <city><![CDATA[{{ order.deliveryCity }}]]></city>
+                        {% endif %}
+                        {% if order.deliveryPostCode is not null %}
+                            <postal_code><![CDATA[{{ order.deliveryPostcode }}]]></postal_code>
+                        {% endif %}
+                        {% if order.deliveryCountry is not null %}
+                            <country_code><![CDATA[{{ order.deliveryCountry.code }}]]></country_code>
+                        {% endif %}
+                    </address>
+                {% endif %}
+
+            </order_addresses>
+
+            <order_items>
+                {% for item in order.items %}
+                    <item>
+                        <item_name><![CDATA[{{ item.name }}]]></item_name>
+                        <item_quantity>{{ item.quantity }}</item_quantity>
+                        <item_unit><![CDATA[{{ item.unitName|default('') }}]]></item_unit>
+                        {% if not item.unitPriceWithoutVat.isZero %}
+                            <item_unit_price_without_vat>{{ item.unitPriceWithoutVat|moneyFormat|hidePrice(customerUser) }}</item_unit_price_without_vat>
+                        {% endif %}
+                        {% if not item.unitPriceWithVat.isZero %}
+                            <item_unit_price_with_vat>{{ item.unitPriceWithVat|moneyFormat|hidePrice(customerUser) }}</item_unit_price_with_vat>
+                        {% endif %}
+                        {% if order.currency.code %}
+                            <item_currency_code><![CDATA[{{ order.currency.code }}]]></item_currency_code>
+                        {% endif %}
+                    </item>
+                {% endfor %}
+            </order_items>
+
+            <order_other_data>
+                <order_status>{{ order.status.name }}</order_status>
+                <phone><![CDATA[{{ order.telephone }}]]></phone>
+                <email><![CDATA[{{ order.email }}]]></email>
+            </order_other_data>
+        </order>
+    {% endfor %}
+</customer_orders>
diff --git a/src/Resources/views/Mail/Order/products.html.twig b/src/Resources/views/Mail/Order/products.html.twig
index 8a5dcd278c..5500009742 100644
--- a/src/Resources/views/Mail/Order/products.html.twig
+++ b/src/Resources/views/Mail/Order/products.html.twig
@@ -9,8 +9,8 @@
         <tr>
             <td style="font-weight: bold;">{{ item.name }}</td>
             <td style="text-align: right;">{{ item.quantity|formatNumber(orderLocale) }} {{ item.unitName }}</td>
-            <td style="text-align: right;">{{ item.unitPriceWithVat|priceTextWithCurrencyByCurrencyIdAndLocale(order.currency.id, orderLocale) }}</td>
-            <td style="text-align: right;">{{ orderItemTotalPricesById[item.id].priceWithVat|priceTextWithCurrencyByCurrencyIdAndLocale(order.currency.id, orderLocale) }}</td>
+            <td style="text-align: right;">{{ item.unitPriceWithVat|priceTextWithCurrencyByCurrencyIdAndLocale(order.currency.id, orderLocale)|hidePrice(order.customerUser) }}</td>
+            <td style="text-align: right;">{{ orderItemTotalPricesById[item.id].priceWithVat|priceTextWithCurrencyByCurrencyIdAndLocale(order.currency.id, orderLocale)|hidePrice(order.customerUser) }}</td>
         </tr>
     {% endfor %}
 </table>
diff --git a/src/Twig/HiddenPriceExtension.php b/src/Twig/HiddenPriceExtension.php
new file mode 100644
index 0000000000..f73f426ab2
--- /dev/null
+++ b/src/Twig/HiddenPriceExtension.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Shopsys\FrameworkBundle\Twig;
+
+use Shopsys\FrameworkBundle\Model\Customer\User\CustomerUser;
+use Shopsys\FrameworkBundle\Model\Customer\User\Role\CustomerUserRoleProvider;
+use Shopsys\FrontendApiBundle\Component\Price\MoneyFormatterHelper;
+use Twig\Extension\AbstractExtension;
+use Twig\TwigFilter;
+
+class HiddenPriceExtension extends AbstractExtension
+{
+    /**
+     * @param \Shopsys\FrameworkBundle\Model\Customer\User\Role\CustomerUserRoleProvider $customerUserRoleProvider
+     */
+    public function __construct(
+        protected readonly CustomerUserRoleProvider $customerUserRoleProvider,
+    ) {
+    }
+
+    /**
+     * @return array
+     */
+    public function getFilters(): array
+    {
+        return [
+            new TwigFilter(
+                'hidePrice',
+                $this->hidePriceFilter(...),
+            ),
+        ];
+    }
+
+    /**
+     * @param string $price
+     * @param \Shopsys\FrameworkBundle\Model\Customer\User\CustomerUser|null $customerUser
+     * @return string
+     */
+    public function hidePriceFilter(string $price, ?CustomerUser $customerUser): string
+    {
+        if ($customerUser !== null && !$this->customerUserRoleProvider->canSeePrices($customerUser)) {
+            return MoneyFormatterHelper::HIDDEN_FORMAT;
+        }
+
+        return $price;
+    }
+}