2.1 In these Data Processing Terms:
“Additional Product” means a product, service or application provided by Google or a third party that: (a) is not part of the Processor Services; and (b) is accessible for use within the user interface of the Processor Services or is otherwise integrated with the Processor Services.
“Additional Terms” means the additional terms referred to in Appendix 3, which reflect the parties’ agreement on the terms governing the processing of Customer Personal Data in connection with certain Applicable Data Protection Legislation.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.
“Applicable Data Protection Legislation” means, as applicable to the processing of Customer Personal Data, any national, federal, EU, state, provincial or other privacy, data security or data protection law or regulation including European Data Protection Legislation, the LGPD and US State Privacy Laws.
“Customer Personal Data” means personal data that is processed by Google on behalf of Customer in Google’s provision of the Processor Services.
“Data Incident” means a breach of Google’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Google. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
“Data Subject Tool” means a tool (if any) made available by a Google Entity to data subjects that enables Google to respond directly and in a standardised manner to certain requests from data subjects in relation to Customer Personal Data (for example, online advertising settings or an opt-out browser plugin).
“EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.
“GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
“Google” means the Google Entity that is party to the Agreement.
“Google Entity” means Google LLC, Google Ireland Limited or any other Affiliate of Google LLC.
“Instructions” has the meaning given in Section 5.2 (Customer’s Instructions).
“ISO 27001 Certification” means ISO/IEC 27001:2013 certification or a comparable certification for the Processor Services.
“LGPD” means the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais).
“New Subprocessor” has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).
“Notification Email Address” means the email address designated by Customer, via the user interface of the Processor Services or such other means provided by Google, to receive certain notifications from Google relating to these Data Processing Terms.
“Processor Services” means the applicable services listed at business.safety.google/adsservices.
“Security Documentation” means the certificate issued for the ISO 27001 Certification and any other security certifications or documentation that Google may make available in respect of the Processor Services.
“Security Measures” has the meaning given in Section 7.1.1 (Google’s Security Measures).
“Subprocessors” means third parties authorised under these Data Processing Terms to have logical access to and process Customer Personal Data in order to provide parts of the Processor Services and any related technical support.
“Swiss FDPA” means, as applicable, the Federal Data Protection Act of 19 June 1992 (Switzerland) (with the Ordinance to the Federal Data Protection Act of 14 June 1993), or the revised Federal Data Protection Act of 25 September 2020 (with the Ordinance to the Federal Data Protection Act of 31 August 2022).
“Term” means the period from the Terms Effective Date until the end of Google’s provision of the Processor Services under the Agreement.
“Terms Effective Date” means the date on which Customer clicked to accept or the parties otherwise agreed to these Data Processing Terms.
“UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
“US State Privacy Laws” means, as applicable: (i) the California Consumer Privacy Act of 2018 (including as amended by the California Privacy Rights Act of 2020), together with all implementing regulations (“CCPA”); (ii) Virginia’s Consumer Data Protection Act, Va. Code Ann. § 59.1-571 et seq.; and (iii) the Colorado Privacy Act, Colo. Rev. Stat. § 6-1-1301 et seq.; (iv) Connecticut’s Act Concerning Data Privacy and Online Monitoring, Pub. Act No. 22015; and (v) the Utah Consumer Privacy Act, Utah Code Ann. § 13-61-101 et seq.
2.2 The terms “controller”, “data subject”, “personal data”, “processing” and “processor” as used in these Data Processing Terms have the meanings given by either (a) Applicable Data Protection Legislation; or (b) absent any such meaning or law, the GDPR.
2.3 The words “include” and “including” mean “including but not limited to”. Any examples in these Data Processing Terms are illustrative and not the sole examples of a particular concept.
2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.
2.5 To the extent any translated version of these Data Processing Terms is inconsistent with the English version, the English version will govern.