1. Introduction
These Data Processing and Security Terms, including the Appendices (these “Terms”) reflect the parties’ agreement with respect to the processing of Customer Data under the Google Cloud Platform License Agreement between Customer and Google (the "Agreement"), including with respect to Customer Personal Data in accordance with the Directive and the National Data Protection Legislation (if applicable).
2. Definitions
2.1 Capitalized terms used but not defined in these Terms will have the meaning set out in the Agreement. In these Terms:
Additional Products means products, services and applications (whether made available by Google or a third party) that are not part of the Services.
Ads means online advertisements displayed by Google through the Services to Customer or End Users (other than those requested by Customer). But for clarity, Ads do not include communications from Google to Customer that refer to or promote the Services.
Customer Personal Data means the personal data that is contained within the Customer Data.
Data Incident means any unlawful or unauthorized destruction, loss, alteration, access, use, or disclosure of Customer Personal Data that compromises the security, privacy, or confidentiality of that Customer Personal Data.
Directive means Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.
Google Group means Google and any of its Affiliates that may be used to provide the Services to Customer.
Instructions means instructions provided by Customer via the Admin Console, instructions initiated by the Customer and End Users in their use of the Services, the written instructions of the Customer specified in the Agreement (as amended or replaced) and any subsequent written instructions from the Customer to Google and acknowledged by Google.
National Data Protection Legislation means the national provisions adopted pursuant to the Directive, to implement the Directive in the country in which the Customer is established, or the Federal Data Protection Act of 19 June 1992 (Switzerland), as applicable.
Safe Harbor Privacy Principles means the U.S. Department of Commerce Safe Harbor framework requirements as set out at the following URL: http://export.gov/safeharbor/eu/eg_main_018475.asp, or any replacement framework or URL from time to time.
Security Measures has the meaning given in Section 4.1.
Subprocessors means the Google Group and Third Party Suppliers.
Third Party Request means a request from a third party for records relating to an End User’s use of the Services. Third Party Requests can be a lawful search warrant, court order, subpoena, other valid legal order, or written consent from the End User permitting the disclosure.
Third Party Suppliers means the third party suppliers engaged by the Google Group for the purposes of processing Customer Data in the context of the provision of the Services. Additional information about Third Party Suppliers is available at the following URL: https://developers.google.com/cloud/terms/third-party-suppliers, as such URL may be updated by Google from time to time. The information available at this URL is accurate as at the time of publication.
2.2 The terms “personal data”, “processing”, “data subject” “controller” and “processor” have the meanings ascribed to them in the Directive.
3. Processing of Customer Personal Data
3.1 Processor . For the purposes of the National Data Protection Legislation (to the extent applicable), with respect to Customer Personal Data: (a) the parties acknowledge and agree that Google shall be a processor and shall comply with its obligations as a processor under the Agreement, (b) where Customer is the controller with respect to certain Customer Personal Data, it shall comply with its obligations as a controller, and (c) where a third party is the controller (either alone or jointly with the Customer) with respect to certain Customer Personal Data, Customer represents and warrants to Google that it is authorized to instruct Google and otherwise act on behalf of such third party in relation to the Customer Personal Data in accordance with the Agreement.
3.2 Scope of Processing. .
a. Customer instructs Google to process Customer Personal Data for the following purposes: (i) to comply with Instructions, (ii) to provide the Services to Customer and its End Users, and (iii) to otherwise exercise Google’s rights and fulfill its obligations under the Agreement.
b. During the Term and thereafter, Google will only process Customer Personal Data in accordance with Section 3.2(a) and will not process Customer Personal Data for any other purpose. In addition, Google will not process Customer Personal Data to: (i) improve Services that are not offered to Customer (except in order to secure, and to prevent abuse of, the Services), (ii) develop new products or services (beyond the Services), or (iii) target or serve Ads.
c. Appendix 1 sets out a description of the categories of data that may fall within Customer Personal Data and of the categories of data subjects to which that data may relate.
3.3 Additional Products . Customer acknowledges that if it installs, uses, or enables Additional Products that interoperate with the Services but are not part of the Services themselves, then the Services may allow such Additional Products to access Customer Data as required for the interoperation of those Additional Products with the Services. The Agreement does not apply to the processing of data transmitted to and from such other Additional Products. Such separate Additional Products are not required to use the Services.
4. Data Security
4.1 Security Measures . Google will implement appropriate technical and organisational measures to protect Customer Data against accidental or unlawful destruction or accidental loss, alteration, or unauthorized disclosure or access (the "Security Measures"). As of the Effective Date Google has implemented the Security Measures set out in Appendix 2. Google may update or modify such Security Measures from time to time provided that (a) such updates and modifications do not result in the material degradation of the security of the Services, and (b) Google continues to adhere to such Security Measures then in effect.
4.2 Google Staff and Subprocessors . Google will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance.
4.3 Data Incidents . Google will maintain an incident response program appropriate to respond to Data Incidents. If Google has reason to believe that a Data Incident has occurred, Google will: (a) promptly investigate and take steps to remediate it, and (b) notify Customer of the Data Incident as soon as reasonably possible once Google has established the nature of the Data Incident and taken measures to secure Customer Personal Data against any imminent harm (consistent with the requirements of law enforcement authorities). Google will so notify Customer by an email sent to the email address provided by Customer in the Agreement or by direct Customer communication (e.g. by phone call or an in-person meeting). Customer is solely responsible for fulfilling any third party notification obligations.
4.4 Security Certification . During the Term, Google will maintain its ISO/IEC 27001:2005 Certification or a comparable certification for the following Services: Google App Engine, Google Compute Engine, Google Cloud Storage, Google Cloud Datastore, Google BigQuery Service and Google Cloud SQL. If Google does not comply with the terms of this Section, Customer may, as its sole and exclusive remedy, terminate the Agreement on written notice to Google.
4.5 Security Audit . During the Term, Google will maintain its Statement on Standards for Attestation Engagements (SSAE) No. 16 Type II report (or a comparable report) examining logical security controls, physical security controls, and system availability applicable to the following Services: Google App Engine, Google Compute Engine and Google Cloud Storage (“Audit Report”). Google will update the Audit Report at least every 18 months. On Customer’s written request, Google will provide Customer with a copy of the Audit Report in accordance with Google’s policy as to the distribution thereof (including that such Audit Report must be returned within 10 days of receipt and no copies of the report may be made). If Google does not comply with the terms of this Section, Customer may, as its sole and exclusive remedy, terminate the Agreement on written notice to Google. Google has included the security certification and audit obligations in Sections 4.4 and 4.5 at the request of the Customer.
5. Data Correction, Blocking, Exporting and Deletion
During the Term, Google will provide Customer with the ability to correct, block, export and delete Customer Data in a manner consistent with the functionality of the Services. Once Customer deletes Customer Data via the Services such that the Customer Data is not recoverable by Customer (the “Customer-Deleted Data”), Google will delete (or render permanently inaccessible) the Customer-Deleted Data within a maximum period of 180 days.
6. Access to Data
Google will make available to Customer the Customer Data in accordance with the terms of the Agreement in a manner consistent with the functionality of the Services, including any applicable SLA. To the extent Customer, in its use and administration of the Services, does not have the ability to amend or delete Customer Data (as required by applicable law), or migrate Customer Data to another system or service provider, Google will, at Customer’s reasonable expense, comply with any reasonable requests by Customer to assist in facilitating such actions to the extent Google is legally permitted to do so and has reasonable access to the relevant Customer Data.
7. Enterprise Data Privacy Office
Google’s Enterprise Data Privacy Office can be contacted at: [email protected] .
8. Data Transfers
8.1 Data Transfers . Subject to Section 8.2, as part of providing the Services, Google may transfer, store and process Customer Data in the United States or any other country in which Google or its agents maintain facilities.
8.2 Data Location . The Customer may, in accordance with the Service Specific Terms, select via the Services where certain Customer Data will be stored permanently, at rest.
8.3 Safe Harbor .During the Term, Google will ensure that Google Inc., will remain enrolled in the U.S Department of Commerce Safe Harbor Program (“Safe Harbor”) or will adopt an alternative compliance solution that achieves compliance with the terms of the Directive for transfers of personal data to a third country. While Google Inc. remains enrolled in Safe Harbor, Google will ensure that: (i) the scope of Google Inc.'s Safe Harbor certification includes Customer Personal Data; and (ii) the Google Group’s processing practices in respect of Customer Personal Data will remain consistent with those described in Google Inc.'s Safe Harbor certification and the Safe Harbor Privacy Principles. Google will ensure that Subprocessors are bound by written agreements that require them to provide at least the level of data protection required by the Safe Harbor Privacy Principles.
9. Subprocessors
9.1 Subprocessors . Google may engage Subprocessors to provide limited parts of the Services.
9.2 Processing Restrictions . Google will ensure that Subprocessors only access and use Customer Data in accordance with the terms of the Agreement.
9.3 Customer Consent to Subprocessing .Customer consents to Google subcontracting the processing of Customer Data to Subprocessors.
9.4 Additional Information . At the written request of the Customer, Google will provide additional information regarding Third Party Suppliers and their locations. Customer will send such requests to Google’s Enterprise Data Privacy Office at: [email protected] .
10. Third Party Requests
Customer is primarily responsible for responding to Third Party Requests. Google will, at Customer’s reasonable expense, and only to the extent allowed by law and by the terms of the Third Party Request: (a) promptly notify Customer of its receipt of a Third Party Request; (b) comply with Customer’s reasonable requests regarding its efforts to oppose a Third Party Request; and (c) if the information is solely held by Google and reasonably accessible by Google, provide Customer with the information or tools required for Customer to respond to the Third Party Request. Notwithstanding the foregoing, subsections (a), (b) and (c) above will not apply if Google determines that complying with those subsections could: (i) result in a violation of Legal Process; (ii) obstruct a governmental investigation; and/or (iii) lead to death or serious physical harm to an individual. Customer will first seek to obtain the information required to respond to Third Party Requests on its own, and will contact Google only if it cannot reasonably obtain such information.
Appendix 1: Categories of Personal Data and Data Subjects
1 Categories of Personal Data . Personal data transmitted or displayed by Customer or End Users via the Services may include user IDs, documents, images, database data, backup data, persistent and scratch disk data, and any other electronic data uploaded to or created by the Services.
2 Data Subjects . Personal data transferred or displayed via the Services may concern End Users including users of Applications and Projects, employees, contractors and the personnel of Customer and its customers, suppliers and subcontractors. Data subjects may also include individuals whose data the Customer or End Users upload to or process via the Services.
Appendix 2: Security Measures
As of the Effective Date, Google abides by the Security Measures set out in this Appendix.
1. Data Center and Network Security
(a) Data Centers.
Infrastructure . Google maintains geographically distributed data centers. Google stores all production data in physically secure data centers.
Redundancy .Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow Google to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.
Power . The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Server Operating Systems . Google servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy. Google employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.
Businesses Continuity . Google replicates data over multiple systems to help to protect against accidental destruction or loss. Google has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
(b) Networks and Transmission.
- tightly controlling the size and make-up of Google’s attack surface through preventative measures;
- employing intelligent detection controls at data entry points; and
- employing technologies that automatically remedy certain dangerous situations.
Data Transmission . Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Google transfers data via Internet standard protocols.
External Attack Surface . Google employs multiple layers of network devices and intrusion detection to protect its external attack surface. Google considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion Detection . Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Google intrusion detection involves: