Stay organized with collections
Save and categorize content based on your preferences.
Google-Managed Multi-Cloud
Services Data Processing and Security Terms Addendum
Last modified: October 8, 2021
This Google-Managed Multi-Cloud Services Data Processing
and Security Terms Addendum (this "Addendum") supplements
and amends the Data Processing and Security Terms ("DPST")
solely with respect to the Google-Managed Multi-Cloud
Services ("Google-Managed MCS"). Capitalized terms used but
not defined in this Addendum have the meaning given to them
in the Agreement, including, without limitation, Section 6
(Google-Managed Multi-Cloud Services Terms)
of the
Service Specific Terms, General Service Terms.
This Addendum sets out amendments to the DPST needed to
address the multi-cloud delivery model where Customer
chooses to use the Google-Managed MCS. The terms of this
Addendum apply only to Google's processing of Multi-Cloud
Customer Data (as defined below) stored in Customer's
selected Multi-Cloud Service Third-Party Provider's
infrastructure pursuant to Google's provision of the
Google-Managed MCS. Customer will have a separate agreement
in place with Customer's selected Multi-Cloud Service
Third-Party Provider governing the Multi-Cloud Service
Third-Party Provider's processing of Customer's data on
behalf of Customer ("Multi-Cloud Service Data Processing
Terms").
1. Customer Data
For the purposes of this Addendum
and the DPST, Customer Data will include data provided by or on
behalf of Customer or Customer End Users to Google via the
Google-Managed MCS under the Account ("Multi-Cloud Customer
Data").
2. Multi-Cloud Service
Third-Party Providers
2.1. Authorization to Engage Multi-Cloud Service Third-Party Provider
.
Customer selects the Multi-Cloud Service Third-Party Provider on
whose infrastructure the Google-Managed MCS are deployed. The
process to make the selection of the Multi-Cloud Service
Third-Party Provider will be explicitly documented in the
Documentation for the Google-Managed MCS. Customer specifically
authorizes the engagement of Customer's selected Multi-Cloud
Service Third-Party Provider and their subprocessors (as
referenced in the Multi-Cloud Service Data Processing Terms) to
process the Multi-Cloud Customer Data in connection with
Google's provision of the Google-Managed MCS.
2.2. Information about Multi-Cloud Service Third-Party
Providers
. The available Multi-Cloud Service Third-Party
Providers are listed at https://cloud.google.com/terms/mcs-providers
(as may be updated by Google from time to time).
2.3. Requirements for Multi-Cloud Service Third-Party
Provider Engagement
. When engaging Customer's selected
Multi-Cloud Service Third-Party Provider in connection with the
Google-Managed MCS, Google will:
a. ensure via a written contract
that the Multi-Cloud Service Third-Party Provider only accesses
and uses the Multi-Cloud Customer Data to the extent required to
perform the obligations subcontracted to it;
b. enter into a data processing
agreement with the Multi-Cloud Service Third-Party Provider that
imposes the data protection obligations described in Article
28(3) of the GDPR on the Multi-Cloud Service Third-Party
Provider for its processing of any personal data within the
Multi-Cloud Customer Data; and
c. remain fully liable for all
obligations subcontracted to, and all acts and omissions of, the
Multi-Cloud Service Third-Party Provider in the provision of the
Google-Managed MCS.
2.4. Multi-Cloud Service Third-Party Provider Changes
. Google
will not change Customer's selected Multi-Cloud Service
Third-Party Provider. Customer is responsible for and in control
of which Multi-Cloud Service Third-Party Provider may process
the Multi-Cloud Customer Data, and may change or revoke its
Multi-Cloud Service Third-Party Provider selection at any time.
Information about changes to the Multi-Cloud Service Third-Party
Provider's subprocessors is available in the Multi-Cloud Service
Third-Party Provider's data processing terms.
3. Data Security
3.1. Security Measures
.
a. Google Infrastructure
.
The Security Measures described in Appendix 2 of the DPST apply
to Customer Data that Google processes pursuant to Google's
provision of the Google-Managed MCS on Google's infrastructure.
b. Multi-Cloud Service Third-Party Provider Infrastructure
.
Where Customer Data that Google processes via the Google-Managed
MCS is processed on the Multi-Cloud Service Third-Party
Provider's infrastructure, for any security measures described
in Appendix 2 that are managed solely by the Multi-Cloud Service
Third-Party Provider, such as physical security for the
applicable data centers, Google will rely on the security
measures implemented and maintained by the applicable
Multi-Cloud Service Third-Party Provider.
3.2. Customer's Audit Rights
. The Multi-Cloud Service Data
Processing Terms describe Customer's right to directly audit and
inspect the Multi-Cloud Service Third-Party Provider. Section
7.5.2 (Customer's Audit Rights) of the DPST only applies to
Google's processing of Multi-Cloud Customer Data stored in
Google's infrastructure pursuant to Google's provision of the
Google-Managed MCS.
4. Effect of this Addendum
To the extent of any conflict or
inconsistency between this Addendum and the remaining terms of
the Agreement, this Addendum will govern.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Google Managed Multi Cloud Services Data Processing And Security Terms Addendum\n\n- [Back to Google Cloud Terms Directory](https://cloud.google.com/product-terms)\n- \n- Current \n\nGoogle-Managed Multi-Cloud\nServices Data Processing and Security Terms Addendum\n===============================================================================\n\nLast modified: October 8, 2021\nThis is not the current version of this document and is provided for archival purposes. [View the current version](/terms/mcs-data-processing-terms) \nThis Google-Managed Multi-Cloud Services Data Processing\nand Security Terms Addendum (this \"Addendum\") supplements\nand amends the Data Processing and Security Terms (\"DPST\")\nsolely with respect to the Google-Managed Multi-Cloud\nServices (\"Google-Managed MCS\"). Capitalized terms used but\nnot defined in this Addendum have the meaning given to them\nin the Agreement, including, without limitation, Section 6\n(Google-Managed Multi-Cloud Services Terms)of the\nService Specific Terms, General Service Terms.\n\nThis Addendum sets out amendments to the DPST needed to\naddress the multi-cloud delivery model where Customer\nchooses to use the Google-Managed MCS. The terms of this\nAddendum apply only to Google's processing of Multi-Cloud\nCustomer Data (as defined below) stored in Customer's\nselected Multi-Cloud Service Third-Party Provider's\ninfrastructure pursuant to Google's provision of the\nGoogle-Managed MCS. Customer will have a separate agreement\nin place with Customer's selected Multi-Cloud Service\nThird-Party Provider governing the Multi-Cloud Service\nThird-Party Provider's processing of Customer's data on\nbehalf of Customer (\"Multi-Cloud Service Data Processing\nTerms\").\n\n#### 1. Customer Data\n\nFor the purposes of this Addendum\nand the DPST, Customer Data will include data provided by or on\nbehalf of Customer or Customer End Users to Google via the\nGoogle-Managed MCS under the Account (\"Multi-Cloud Customer\nData\"). \n\n#### 2. Multi-Cloud Service\nThird-Party Providers\n\n2.1.\n*Authorization to Engage Multi-Cloud Service Third-Party Provider*.\nCustomer selects the Multi-Cloud Service Third-Party Provider on\nwhose infrastructure the Google-Managed MCS are deployed. The\nprocess to make the selection of the Multi-Cloud Service\nThird-Party Provider will be explicitly documented in the\nDocumentation for the Google-Managed MCS. Customer specifically\nauthorizes the engagement of Customer's selected Multi-Cloud\nService Third-Party Provider and their subprocessors (as\nreferenced in the Multi-Cloud Service Data Processing Terms) to\nprocess the Multi-Cloud Customer Data in connection with\nGoogle's provision of the Google-Managed MCS.\n\n2.2.\n*Information about Multi-Cloud Service Third-Party*\n*Providers* . The available Multi-Cloud Service Third-Party\nProviders are listed at\n\u003chttps://cloud.google.com/terms/mcs-providers\u003e\n(as may be updated by Google from time to time).\n\n2.3.\n*Requirements for Multi-Cloud Service Third-Party*\n*Provider Engagement*. When engaging Customer's selected\nMulti-Cloud Service Third-Party Provider in connection with the\nGoogle-Managed MCS, Google will:\n\na. ensure via a written contract\nthat the Multi-Cloud Service Third-Party Provider only accesses\nand uses the Multi-Cloud Customer Data to the extent required to\nperform the obligations subcontracted to it;\n\nb. enter into a data processing\nagreement with the Multi-Cloud Service Third-Party Provider that\nimposes the data protection obligations described in Article\n28(3) of the GDPR on the Multi-Cloud Service Third-Party\nProvider for its processing of any personal data within the\nMulti-Cloud Customer Data; and\n\nc. remain fully liable for all\nobligations subcontracted to, and all acts and omissions of, the\nMulti-Cloud Service Third-Party Provider in the provision of the\nGoogle-Managed MCS.\n\n2.4.\n*Multi-Cloud Service Third-Party Provider Changes*. Google\nwill not change Customer's selected Multi-Cloud Service\nThird-Party Provider. Customer is responsible for and in control\nof which Multi-Cloud Service Third-Party Provider may process\nthe Multi-Cloud Customer Data, and may change or revoke its\nMulti-Cloud Service Third-Party Provider selection at any time.\nInformation about changes to the Multi-Cloud Service Third-Party\nProvider's subprocessors is available in the Multi-Cloud Service\nThird-Party Provider's data processing terms. \n\n#### 3. Data Security\n\n3.1. *Security Measures*.\n\n*a. Google Infrastructure*.\nThe Security Measures described in Appendix 2 of the DPST apply\nto Customer Data that Google processes pursuant to Google's\nprovision of the Google-Managed MCS on Google's infrastructure.\n\n\n*b. Multi-Cloud Service Third-Party Provider Infrastructure*.\nWhere Customer Data that Google processes via the Google-Managed\nMCS is processed on the Multi-Cloud Service Third-Party\nProvider's infrastructure, for any security measures described\nin Appendix 2 that are managed solely by the Multi-Cloud Service\nThird-Party Provider, such as physical security for the\napplicable data centers, Google will rely on the security\nmeasures implemented and maintained by the applicable\nMulti-Cloud Service Third-Party Provider.\n\n3.2.\n*Customer's Audit Rights*. The Multi-Cloud Service Data\nProcessing Terms describe Customer's right to directly audit and\ninspect the Multi-Cloud Service Third-Party Provider. Section\n7.5.2 (Customer's Audit Rights) of the DPST only applies to\nGoogle's processing of Multi-Cloud Customer Data stored in\nGoogle's infrastructure pursuant to Google's provision of the\nGoogle-Managed MCS.\n\n\u003cbr /\u003e\n\n#### 4. Effect of this Addendum\n\nTo the extent of any conflict or\ninconsistency between this Addendum and the remaining terms of\nthe Agreement, this Addendum will govern."]]
