2.1 In these Data Processing Terms:
“Additional Product” means a product, service or application provided by Google or a third party that: (a) is not part of the Processor Services; and (b) is accessible for use within the user interface of the Processor Services or is otherwise integrated with the Processor Services.
“Additional Terms for Non-European Data Protection Legislation” means the additional terms referred to in Appendix 3, which reflect the parties’ agreement on the terms governing the processing of certain data in connection with certain Non-European Data Protection Legislation.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.
“Customer Personal Data” means personal data that is processed by Google on behalf of Customer in Google’s provision of the Processor Services.
“Data Incident” means a breach of Google’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Google. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
“Data Subject Tool” means a tool (if any) made available by a Google Entity to data subjects that enables Google to respond directly and in a standardised manner to certain requests from data subjects in relation to Customer Personal Data (for example, online advertising settings or an opt-out browser plugin).
“EEA” means the European Economic Area.
“EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
“European or National Laws” means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and/or (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).
“GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
“Google” means the Google Entity that is party to the Agreement.
“Google Affiliate Subprocessors” has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).
“Google Entity” means Google LLC (formerly known as Google Inc.), Google Ireland Limited or any other Affiliate of Google LLC.
“ISO 27001 Certification” means ISO/IEC 27001:2013 certification or a comparable certification for the Processor Services.
“Model Contract Clauses” means the terms at https://business.safety.google/adsprocessorterms/sccs, which are standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the EU GDPR.
“Non-European Data Protection Legislation” means data protection or privacy laws in force outside the EEA, Switzerland and the UK.
“Notification Email Address” means the email address (if any) designated by Customer, via the user interface of the Processor Services or such other means provided by Google, to receive certain notifications from Google relating to these Data Processing Terms.
“Processor Services” means the applicable services listed at business.safety.google/adsservices.
“Security Documentation” means the certificate issued for the ISO 27001 Certification and any other security certifications or documentation that Google may make available in respect of the Processor Services.
“Security Measures” has the meaning given in Section 7.1.1 (Google’s Security Measures).
“Subprocessors” means third parties authorised under these Data Processing Terms to have logical access to and process Customer Personal Data in order to provide parts of the Processor Services and any related technical support.
“Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR.
“Term” means the period from the Terms Effective Date until the end of Google’s provision of the Processor Services under the Agreement.
“Terms Effective Date” means, as applicable:
(a) 25 May 2018, if Customer clicked to accept or the parties otherwise agreed to these Data Processing Terms before or on such date; or
(b) the date on which Customer clicked to accept or the parties otherwise agreed to these Data Processing Terms, if such date is after 25 May 2018.
“Third Party Subprocessors” has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).
“UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, if in force.
2.2 The terms “controller”, “data subject”, “personal data”, “processing” and “processor” as used in these Data Processing Terms have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Model Contract Clauses.
2.3 The words “include” and “including” mean “including but not limited to”. Any examples in these Data Processing Terms are illustrative and not the sole examples of a particular concept.
2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.
2.5 If these Data Processing Terms are translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will govern.