a. List of parties
Data exporter(s):
Name: Customer
Address: As specified in the Agreement.
Contact person’s name, position and contact details: Contact details for the data exporter are specified in the Agreement. Details about the data exporter’s data protection officer (or, where the data exporter has not appointed a data protection officer, another appropriate point of contact) are available to the data importer in the form of the Notification Email Address.
Activities relevant to the data transferred under these Clauses: The data importer provides the Processor Services to the data exporter in accordance with the Agreement.
Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows:
In respect of the transfer of Customer Personal Data pursuant to the EU GDPR and/or the Swiss FDPA in accordance with Appendix 3A of the Data Processing Terms:
(a) on 27 October 2021, where the effective date of the Agreement is before 27 September 2021; or
(b) otherwise, on the effective date of the Agreement.
In respect of the transfer of Customer Personal Data pursuant to the UK GDPR in accordance with Appendix 3A of the Data Processing Terms:
(a) on 22 September 2022, where the effective date of the Agreement is on or before 21 September 2022; or
(b) otherwise, on the effective date of the Agreement.
Role (controller/processor): controller
Data importer(s):
Name: Google
Address: As specified in the Agreement.
Contact person’s name, position and contact details: Contact details for the data importer are specified in the Agreement. The data importer’s data protection team can be contacted as described in the Data Processing Terms.
Activities relevant to the data transferred under these Clauses: The data importer provides the Processor Services to the data exporter in accordance with the Agreement.
Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows:
In respect of the transfer of Customer Personal Data pursuant to the EU GDPR and/or the Swiss FDPA in accordance with Appendix 3A of the Data Processing Terms:
(a) on 27 October 2021, where the effective date of the Agreement is before 27 September 2021; or
(b) otherwise, on the effective date of the Agreement.
In respect of the transfer of Customer Personal Data pursuant to the UK GDPR in accordance with Appendix 3A of the Data Processing Terms:
(a) on 22 September 2022, where the effective date of the Agreement is on or before 21 September 2022; or
(b) otherwise, on the effective date of the Agreement.
Role (controller/processor): processor
b. Description of transfer
Categories of data subjects whose personal data is transferred
The personal data transferred concern the following categories of data subjects:
-
data subjects about whom Google collects personal data in its provision of the Processor Services; and/or
-
data subjects about whom personal data is transferred to Google in connection with the Processor Services by, at the direction of, or on behalf of Customer.
Depending on the nature of the Processor Services, these data subjects may include individuals: (a) to whom online advertising has been, or will be, directed; (b) who have visited specific websites or applications in respect of which Google provides the Processor Services; and/or (c) who are customers or users of Customer’s products or services.
Categories of personal data transferred
Customer Personal Data may include the types of personal data described at business.safety.google/adsservices.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Not applicable.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Customer Personal Data may be transferred on a continuous basis until it is deleted in accordance with the terms of the Data Processing Terms.
Nature of the processing
The personal data transferred will be subject to the following basic processing activities: as applicable to the Processor Services and the instructions of the data exporter, collecting, recording, organising, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying personal data for the purpose of providing the Processor Services and any related technical support to the data exporter in accordance with the Data Processing Terms.
Purpose(s) of the data transfer and further processing
The data importer will process Customer Personal Data to provide the Processor Services and related technical support in accordance with the Agreement.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
For the duration of the Agreement until deletion in accordance with the provisions of the Data Processing Terms.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
As above.
c. Competent supervisory authority
Identify the competent supervisory authority/ies in accordance with Clause 13
The Irish Supervisory Authority - The Data Protection Commission, unless the data exporter notifies the data importer of an alternative competent supervisory authority from time to time in accordance with Appendix 3A of the Data Processing Terms.