2.1 In these Controller Terms:
“Additional Terms for Non-European Data Protection Legislation” means the additional terms referred to in Appendix 1, which reflect the parties’ agreement on the terms governing the processing of certain data in connection with certain Non-European Data Protection Legislation.
“Adequate Country” means:
(a) for data processed subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the EU GDPR;
(b) for data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018; and/or
(c) for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.
“Alternative Transfer Solution” means a solution, other than the Controller SCCs, that enables the lawful transfer of personal data to a third country in accordance with the European Data Protection Legislation.
“Controller Data Subject” means a data subject to whom Controller Personal Data relates.
“Controller Personal Data” means any personal data that is processed by a party under the Agreement in connection with its provision or use (as applicable) of the Controller Services.
“Controller SCCs” means, as applicable: (a) the SCCs (EU Controller-to-Controller); and/or (b) the SCCs (UK Controller-to-Controller), which are standard contractual clauses for the transfer of personal data to controllers established in third countries that do not ensure an adequate level of data protection, as described in Article 46 of the EU GDPR and UK GDPR.
“Controller Services” means the Google products or services that incorporate these Controller Terms by reference in their terms of service or other agreements, including the “Controller Services” listed at business.safety.google/services/.
“EEA” means the European Economic Area.
“End Controller” means, for each party, the ultimate controller of Controller Personal Data.
“EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“European Controller Personal Data” means Controller Personal Data of Controller Data Subjects located in the EEA or Switzerland.
“European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.
“GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
“Google” means the Google Entity that is party to the Agreement.
“Google End Controllers” means the End Controllers of Controller Personal Data processed by Google.
“Google Entity” means Google LLC (formerly known as Google Inc.), Google Ireland Limited, or any other Affiliate of Google LLC.
“Non-European Data Protection Legislation” means data protection or privacy laws in force outside the EEA, Switzerland, and the UK.
“Permitted Transfers” means the processing of Controller Personal Data in, or the transfer of Controller Personal Data to, an Adequate Country.
“Restricted Transfer(s)” means transfer(s) of Controller Personal Data that are (a) subject to the European Data Protection Legislation; and (b) not Permitted Transfers.
“SCCs (EU Controller-to-Controller)” means the European Commission’s standard contractual clauses for data controllers at business.safety.google/gdprcontrollerterms/sccs/eu-c2c.
“SCCs (UK Controller-to-Controller)” means the UK government’s standard contractual clauses for data controllers at business.safety.google/gdprcontrollerterms/sccs/uk-c2c.
“Swiss FDPA” means the Federal Data Protection Act of 19 June 1992 (Switzerland).
“Terms Effective Date” means, as applicable:
(a) 25 May 2018, if Partner clicked to accept or the parties otherwise agreed to these Controller Terms before or on such date; or
(b) the date on which Partner clicked to accept or the parties otherwise agreed to these Controller Terms, if such date is after 25 May 2018.
“UK Controller Personal Data” means Controller Personal Data of Controller Data Subjects located in the UK.
“UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
2.2 The terms “controller”, “data subject”, “personal data”, “processing” and “processor” as used in these Controller Terms have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Controller SCCs.
2.3 The words “include” and “including” mean “including but not limited to”. Any examples in these Controller Terms are illustrative and not the sole examples of a particular concept.
2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.
2.5 To the extent any translated version of these Controller Terms is inconsistent with the English version, the English version will govern.