1. Where the data exporter is a processor subject to Regulation (EU) 2016/679 and acting as a controller on behalf of a Union institution or body, the use of those clauses when engaging another processor (processor) not subject to Regulation (EU) 2016/679 shall also ensure compliance with Article 29, paragraph 4 of Regulation (EU) 2018/1725 of the European Union. European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data. Data from the Union institutions, bodies, offices and agencies and on the free movement of such data and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC OJ L 295, 21.11.2018, p. 1. (39) to the extent that those clauses and the data protection obligations set out in the contract or any other legal act between the controller and the processor are aligned in accordance with Article 29(3) of Regulation (EU) 2018/1725. This is particularly the case where the controller and the processor invoke the standard contractual clauses of Decision 2021/915. The controller has authorised the use of the following processors: firebase.google.com/terms/subprocessors. have accepted these Standard Contractual Clauses (hereinafter: «Clauses»). In 2010, the European Commission (EC) approved standard contractual clauses as a way to meet the requirements of the EU Data Protection Directive, which was replaced by the General Data Protection Regulation (GDPR) in May 2018. For years, Google Cloud customers subject to European data protection laws have relied on our 2010 Standard Contractual Clauses (also known as Standard Contractual Clauses), as previously approved by regulators, to legitimize the transfer of their customers` personal data abroad when using our Services. Those clauses shall include appropriate safeguards, including enforceable rights of data subjects and effective remedies, in accordance with Article 46(1) and point (c) of Article 46(2) of Regulation (EU) 2016/679 and, as regards data transfers from controllers to processors and/or from processors to processors, standard contractual clauses in accordance with Article 28(7) of Regulation (EU) 2016/679, unless amended; except to select the appropriate module(s) or to add or update information in the Annex. This shall not prevent the parties from incorporating the standard contractual clauses set out in those clauses into a wider contract and/or from adding other additional clauses or guarantees, provided that they do not directly or indirectly contradict those clauses or infringe the fundamental rights or freedoms of data subjects.
It will be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this context, to determine the respective role(s) of the Parties as data exporter(s) and/or data importer(s). This does not necessarily require the establishment and signature of separate annexes for each transfer/category of transfers and/or contractual relationships, where such transparency can be achieved through an annex. However, to the extent necessary to ensure sufficient clarity, separate facilities should be used. The data importer shall implement and maintain security standards at least as protective as those set out in Annex 2 to the data processing and security conditions. Google also offers these standard contractual clauses to customers of its business services, including Google Workspace, Google Cloud Platform, Google Ads, and other advertising and measurement products. For more information about Google`s use of standard contractual clauses for business services, see privacy.google.com/businesses. Like previous CCTs, these clauses can be used to facilitate the lawful transfer of personal data outside the European Economic Area under the GDPR under certain conditions. Google Cloud`s state-of-the-art control, contractual obligations and accountability tools have been helping companies across Europe comply with strict data protection regulations for years. We have been providing our clients with CCS since 2012. In 2017, EU data protection authorities confirmed that Google Cloud`s contractual obligations meet the legal requirements for the transfer of data from the EU to the rest of the world under the EU Data Protection Directive 95/46/EC.
Google Cloud remains committed to protecting the privacy of its customers and their users and helping them comply with EU regulatory obligations. On 4 June 2021, the European Commission published new Standard Contractual Clauses (SCCs) to help protect personal data. These new CBAs have replaced the CCS previously adopted by the European Commission in 2010 and can be used under certain conditions to facilitate legal data transfers. By imposing various contractual obligations, THE CCT allow the influx of personal data subject to the GDPR to recipients located outside the European Economic Area (EEA). Like previous CTCs, these clauses can be used to facilitate legal data transfers under certain conditions. By imposing various contractual obligations, THE CCT enables the flow of personal data subject to the EU`s General Data Protection Regulation (GDPR) to recipients outside the European Economic Area (EEA). The GDPR is an important part of EU data protection legislation, which came into force in 2018. It requires adequate safeguards for EEA personal data transferred from the EEA to non-EEA countries that do not meet the EU standard on adequacy of privacy.
The purpose of those standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)1 for the transfer of personal data to a third country. The European Commission has approved the use of standard contractual clauses as a means of ensuring adequate protection when transferring data outside the EEA. By including standard contractual clauses in a contract between parties transferring data, personal data is considered protected when transferred outside the EEA or the UK to countries not covered by an adequacy decision. We rely on these standard contractual clauses for the transfer of data. The data importer shall immediately inform the data exporter of any request received from a data subject. It does not itself respond to that request unless it has been authorised to do so by the data exporter. The data exporter has the right to terminate the contract to the extent that it concerns the processing of personal data in accordance with these clauses if: These clauses do not affect the obligations to which the data exporter is subject under Regulation (EU) 2016/679. The data importer shall remain fully liable to the data exporter for the performance of the sub-processor`s obligations under its contract with the data importer. The data importer shall inform the data exporter of any non-compliance by the sub-processor with the obligations arising from this contract.
To the extent permitted by the legislation of the country of destination, the data importer undertakes to periodically provide the data exporter with as much relevant information as possible on the requests received during the term of the contract (in particular, the number of requests, the type of data requested, the requesting authority, whether the requests have been contested and the outcome of those requests; == References ===== External links ===The data exporter may choose to carry out the audit himself or to appoint an independent auditor. Audits may include inspections at the data importer`s premises or physical facilities and shall be carried out with reasonable notice, where appropriate. . If the data importer finds that the personal data received are inaccurate or outdated, he shall inform the data exporter without delay. In this case, the data importer will work with the data exporter to delete or correct the data.. . . .