A. List of parties
Data exporter(s):
Name: Google
Address: As specified in the Agreement.
Contact person’s name, position and contact details: Contact details for the data exporter are specified in the Agreement. The data exporter’s data protection team can be contacted as described in the Agreement and Information Protection Addendum (as applicable).
Activities relevant to the data transferred under these Clauses: The data exporter makes contracts with the data importer to receive Services in accordance with the Agreement.
Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows:
In respect of the transfer of Customer Personal Data pursuant to the EU GDPR and/or the Swiss FDPA in accordance with Section 10.2 (Restricted European Transfers) of the Data Processing Terms: (a) on 27 October 2021, where the effective date of the Agreement is before 27 September 2021; or (b) otherwise, on the effective date of the Agreement.
In respect of the transfer of Customer Personal Data pursuant to the UK GDPR in accordance with Section 10.2 (Restricted European Transfers) of the Data Processing Terms: (a)on 22 September 2022, where the effective date of the Agreement is on or before 21 September 2022; or (b)otherwise, on the effective date of the Agreement.
Data importer(s):
Name: You / Processor / Service Provider
Address: As specified in the Agreement.
Contact person’s name, position and contact details: Contact details for the data importer have been provided to the data exporter as described in the Agreement. The data importer’s data protection team can be contacted as described in the Agreement and Information Protection Addendum (as applicable).
Activities relevant to the data transferred under these Clauses: The data importer provides Services in accordance with the Agreement.
Signature and date: The parties agree that execution of the Agreement by the data exporter and the data importer shall constitute execution of these Clauses by both parties as follows:
In respect of the transfer of Customer Personal Data pursuant to the EU GDPR and/or the Swiss FDPA in accordance with Section 10.2 (Restricted European Transfers) of the Data Processing Terms: (a) on 27 October 2021, where the effective date of the Agreement is before 27 September 2021; or (b)otherwise, on the effective date of the Agreement. In respect of the transfer of Customer Personal Data pursuant to the UK GDPR in accordance with Section 10.2 (Restricted European Transfers) of the Data Processing Terms: (a) on 27 September 2022, where the effective date of the Agreement is on or before 26 September 2022; or (b) otherwise, on the effective date of the Agreement.
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
The personal data transferred concern the following categories of data subjects:
-
data subjects about whom the parties process personal data in the provision of the Services under the Agreement; and/or
-
data subjects about whom personal data is transferred to or from Google in connection with the Services provided by the data importer by, at the direction of, or on behalf of the data exporter.
Categories of personal data transferred
Personal data including information relating to individuals provided to the data importer via the Services by (or at the direction of) the data exporter or as otherwise described in the Agreement or Information Protection Addendum.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Personal data may include special categories of personal data (as defined in the GDPR). This may include, for example: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Personal data may be transferred in accordance with the terms of the Agreement or Information Protection Addendum.
Nature of the processing
The data importer will process personal data to provide the Services in accordance with the Agreement or Information Protection Addendum.
Purpose(s) of the data transfer and further processing
The data importer will process personal data to provide, secure and monitor the Services in accordance with the Agreement or Information Protection Addendum.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
For the duration of the Agreement until deletion in accordance with the provisions of the Information Protection Addendum or Agreement (as applicable).
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
As above.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
To the extent the data exporter is in Ireland, or is located outside the EEA, the Irish Data Protection Commission. Where the data exporter is located in a member state other than Ireland, the supervisory authority of the member state in which the data exporter is located shall be the competent supervisory authority.