2.1 In these Controller Terms:
“Additional Terms for Non-European Data Protection Legislation” means the additional terms referred to in Appendix 1, which reflect the parties’ agreement on the terms governing the processing of certain data in connection with certain Non-European Data Protection Legislation.
“Adequate Country” means:
(a) for data processed subject to the EU GDPR: the EEA, or a country or territory recognized as ensuring adequate data protection under the EU GDPR
(b) for data processed subject to the UK GDPR: the UK, or a country or territory recognized as ensuring adequate data protection under the UK GDPR and the Data Protection Act 2018; and/or
(c) for data processed subject to the Swiss FDPA: Switzerland, or a country or territory that is (i) included in the list of the states whose legislation ensures adequate data protection as published by the Swiss Federal Data Protection and Information Commissioner, or (ii) recognized as ensuring adequate data protection by the Swiss Federal Council under the Swiss FDPA,
in each case, other than on the basis of an optional data protection framework.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.
“Alternative Transfer Solution” means a solution, other than the Controller SCCs, that enables the lawful transfer of personal data to a third country in accordance with the European Data Protection Legislation, for example a data protection framework recognized as ensuring that participating local entities provide adequate protection..
“Controller Data Subject” means a data subject to whom Controller Personal Data relates.
“Controller Personal Data” means any personal data that is processed by a party under the Agreement in connection with its provision or use (as applicable) of the Controller Services.
“Controller SCCs” means the terms at https://business.safety.google/gdprcontrollerterms/sccs/eu-c2c/.
“Controller Services” means the Google products or services that incorporate these Controller Terms by reference in their terms of service or other agreements, including the “Controller Services” listed at business.safety.google/services/.
“EEA” means the European Economic Area.
“End Controller” means, for each party, the ultimate controller of Controller Personal Data.
“EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“European Controller Personal Data” means Controller Personal Data of Controller Data Subjects located in the EEA or Switzerland.
“European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.
“European Laws” means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Controller Personal Data); and (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Controller Personal Data).
“GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
“Google” means the Google Entity that is party to the Agreement.
“Google End Controllers” means the End Controllers of Controller Personal Data processed by Google.
“Google Entity” means Google LLC (formerly known as Google Inc.), Google Ireland Limited, or any other Affiliate of Google LLC.
“Non-European Data Protection Legislation” means data protection or privacy laws in force outside the EEA, Switzerland, and the UK.
“Permitted European Transfers” means the processing of Controller Personal Data in, or the transfer of Controller Personal Data to, an Adequate Country.
“Restricted European Transfer(s)” means transfer(s) of Controller Personal Data that are (a) subject to the European Data Protection Legislation; and (b) not Permitted European Transfers
“Swiss FDPA” means the Federal Data Protection Act of 19 June 1992 (Switzerland).
“Terms Effective Date” means, as applicable:
(a) 25 May 2018, if Partner clicked to accept or the parties otherwise agreed to these Controller Terms before or on such date; or
(b) the date on which Partner clicked to accept or the parties otherwise agreed to these Controller Terms, if such date is after 25 May 2018.
“UK Controller Personal Data” means Controller Personal Data of Controller Data Subjects located in the UK.
“UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
2.2 The terms “controller”, “data subject”, “personal data”, “processing” and “processor” as used in these Controller Terms have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Controller SCCs.
2.3 The words “include” and “including” mean “including but not limited to”. Any examples in these Controller Terms are illustrative and not the sole examples of a particular concept.
2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.
2.5 To the extent any translated version of these Controller Terms is inconsistent with the English version, the English version will govern.