Google Workspace for Education Service Data Addendum
This Addendum (“Addendum”) to the Google Workspace for Education Terms of Service or other agreement governing use of Google Workspace for Education (the “Agreement”) is entered into by Google and Customer and amends the Agreement as from the date the Addendum is accepted by Customer (the “Addendum Effective Date”). Capitalized terms used but not defined in this Addendum have the meaning given to them in the Agreement.
-
INTRODUCTION
-
A. Google provides Customer with Core Services for Google Workspace for Education (the “Core Services”) under the Agreement.
-
B. Customer wishes to instruct Google to process Service Data (as defined below) as a processor under European Data Protection Law, provided that Google may also process such Service Data as a controller under European Data Protection Law for certain purposes.
-
C. Google and Customer wish to make related amendments to the Agreement, including the Cloud Data Processing Addendum at
https://cloud.google.com/terms/data-processing-addendum (the “CDPA”), as described in this Addendum.
-
-
AGREED TERMS
-
1. Defined Terms.
-
1.1. In this Addendum:
-
“Customer Data” means data submitted, stored, sent or received by or on behalf of Customer or its End Users via the Core Services under the Account.
-
“GCPN” means the Google Cloud Privacy Notice at
https://cloud.google.com/terms/cloud-privacy-notice . -
“Service Data” has the meaning given in the GCPN under the paragraph headed “Service Data We Collect”, except that the “Cloud Services” referred to in that GCPN definition are limited to the Core Services.
-
“Supplemental GCPN” means the supplement at
https://cloud.google.com/terms/cloud-privacy-notice-supplement that modifies the GCPN in relation to this Addendum.
-
-
1.2. The terms “personal data”, “processing”, “controller”, and “processor” as used in this Addendum have the meanings given by European Data Protection Law.
-
-
2. Personal Data Categorization. All personal data processed by Google during the provision and administration of the Core Services and TSS is either Customer Personal Data or Service Data.
-
3. Roles of the Parties; Specific Amendments.
-
3.1. Except when Google processes Service Data as a controller as described in Section 4 (Google’s Controller Activities) of this Addendum, Google is a processor of both Customer Personal Data and Service Data under European Data Protection Law.
-
3.2. Customer is a controller or processor (as applicable) of both Customer Personal Data and Service Data under European Data Protection Law.
-
3.3. The CDPA applies to Google’s processing of Service Data as a processor and to Customer as a controller or processor (as applicable) of Service Data, as amended by Sections 3.1 and 3.2 of this Addendum and the following:
-
(a) with the exception of the CDPA definitions of “Customer Data” and “Customer Personal Data”, wherever the CDPA refers to “Customer Data” or “Customer Personal Data” in relation to the Core Services, those references will be deemed to include Service Data; and
-
(b) names, locations and activities of all Subprocessors for the Core Services are described at
https://workspace.google.com/terms/subprocessors-service-data.html (which replaceshttps://workspace.google.com/terms/subprocessors.html with respect to the Core Services).
-
-
3.4. For clarity, and without limiting any other obligations of either party:
-
(a) the CDPA obliges the parties to comply with their respective obligations under European Data Protection Law related to Google’s processing of Service Data as a processor; and
-
(b) if Customer is a controller of Service Data, European Data Protection Law obliges Customer to provide certain information to its End Users, including details of the purposes for which Customer processes Service Data as a controller.
-
-
3.5. The Agreement is further amended as follows:
-
(a) under the “Compliance” Section of the Agreement, Google’s reserved right to investigate potential violations of the AUP by Customer includes the right to review Service Data as well as Customer Data;
-
(b) under the “Privacy” Section of the Agreement, Customer is responsible for any consents and notices required to permit Google's accessing, storing, and processing of data provided by Customer under the Agreement, including both Customer Data and Service Data that Google processes as a processor;
-
(c) under the “Intellectual Property Rights” Section of the Agreement, Google retains all Intellectual Property Rights in the Core Services and Service Data, as between the parties;
-
(d) under the “Protection of Customer Data” Section of the Agreement, Google’s commitments with respect to Customer Data also apply to Service Data that Google processes as a processor; and
-
(e) under the “Effect of Termination or Non-Renewal” Section of the Agreement, if Customer’s access to Customer Data terminates or ceases, its access to Service Data will also terminate or cease.
-
-
-
4. Google’s Controller Activities.
-
4.1. Google may only process Service Data as a controller for the limited purposes set out in the Supplemental GCPN (such purposes being independently determined by Google) and otherwise in accordance with the GCPN.
-
4.2. Customer will inform its End Users of Google’s processing of Service Data as a controller as set out in the Supplemental GCPN (the URL link for which Customer will provide to its End Users).
-
-
5. General.
-
5.1. The Agreement, including the CDPA, remains in full force and effect except as modified by this Addendum.
-
5.2. To the extent of any conflict between the Agreement and this Addendum, this Addendum governs.
-
5.3. As of the Addendum Effective Date, this Addendum supersedes and terminates any previous Google Workspace Service Data Addendum entered into by Google and Customer.
-
5.4. For clarity, this Addendum does not amend the Agreement or CDPA (including when either refers to “Customer Data” or “Customer Personal Data”) in relation to any services other than the Core Services.
-
5.5. For clarity, the GCPN does not apply to Google’s processing of Service Data as a processor.
-
5.6. The Agreement’s governing law and dispute resolution provisions also apply to this Addendum.
-
-