A. List of parties
Data exporter(s):
For each data exporter below:
Contact person’s name, position and contact details: The data exporter can be contacted via the address specified below. The data exporter’s data protection team can be contacted at [email protected] (and/or via such other means as the data exporter may provide from time to time).
Activities relevant to the data transferred under these Clauses: The data exporter enters into contracts with partners and customers consisting of the Processor Services as described here: business.safety.google/services/
The data exporter engages the data importer as a further processor in connection with each Processor Services as described in the Agreement between the parties.
Signature and date: The parties agree that agreement or accession to the Intra-Group Data Processing Agreement by the data exporter will constitute execution of these Clauses by both parties as follows:
In respect of the transfer of personal data pursuant to the EU GDPR and/or the Swiss FDPA:
(a) on 27 September 2021, where the agreement date or accession date of the data exporter is on or before 27 September 2021; or
(b) otherwise, as of the accession date of the data exporter.
In respect of the transfer of personal data pursuant to the UK GDPR:
(a) on 22 September 2022, where the agreement date or accession date of the data exporter is on or before 21 September 2022; or
(b) otherwise, as of the accession date of the data exporter.
Role (controller/processor): processor
Data importer(s):
Name: Google LLC
Address: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA
Contact person’s name, position and contact details: The data importer can be contacted via the address specified above. The data importer’s data protection team can be contacted as described at [email protected] (and/or via such other means as the data importer may provide from time to time).
Activities relevant to the data transferred under these Clauses: The data exporter engages the data importer as a further processor in connection with each Processor Services.
Signature and date: The parties agree that agreement or accession to the Intra-Group Data Processing Agreement by the data exporter will constitute execution of these Clauses by both parties as follows:
In respect of the transfer of personal data pursuant to the EU GDPR and/or the Swiss FDPA:
(a) on 27 September 2021, where the agreement date or accession date of the data exporter is on or before 27 September 2021; or
(b) otherwise, as of the accession date of the data exporter.
In respect of the transfer of personal data pursuant to the UK GDPR:
(a) on 22 September 2022, where the agreement date or accession date of the data exporter is on or before 21 September 2022; or
(b) otherwise, as of the accession date of the data exporter.
Role (controller/processor): processor
B. Description of Transfer
Categories of data subjects whose personal data is transferred
The personal data transferred (‘Personal Data’) concern the following categories of data subjects:
-
data subjects about whom personal data is collected in the provision of the Processor Services; and/or
-
data subjects about whom personal data is transferred to the data exporter in connection with the Processor Services by, at the direction of, or on behalf of customers of the Processor Services (‘Customers’).
Depending on the nature of the Processor Services, these data subjects may include individuals: (a) to whom online advertising has been, or will be, directed; (b) who have visited specific websites or applications in respect of which the data exporter provides the Processor Services; and/or (c) who are customers or users of Customers’ products or services.
Categories of personal data transferred
Personal Data may include the categories of personal data described in the applicable Processor Services.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Not applicable.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Personal Data may be transferred to the data importer on a continuous basis until the data importer deletes it in accordance with the terms of the applicable data protection terms (including where applicable the Intra-Group Data Processing Agreements) to enable the data exporter to fulfil its obligations pursuant to each Agreement.
Nature of the processing
The data importer will process Personal Data to enable the following basic processing activities: as applicable to the Processor Services and the relevant instructions, collecting, recording, organising, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying personal data to enable the data exporter to fulfil its obligations under each Agreement or applicable data protection terms (including where applicable the Intra-Group Data Processing Agreements).
Purpose(s) of the data transfer and further processing
The data importer will process Personal Data to enable the data exporter to fulfil its obligations under each Agreement or applicable data protection terms (including where applicable the Intra-Group Data Processing Agreements).
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
The data importer will retain Personal Data in accordance with the terms of the applicable data protection terms (including where applicable the Intra-Group Data Processing Agreements). to enable the data exporter to fulfil its obligations under each Agreement.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
As above.
C. Competent Supervisory Authority
Identify the competent supervisory authority/ies in accordance with Clause 13
To the extent the data exporter is in Ireland, or is located outside the EEA, the Irish Data Protection Commission.
Where the data exporter is located in a member state other than Ireland, the supervisory authority of the member
state in which the data exporter is located shall be the competent supervisory authority.