Stay organized with collections
Save and categorize content based on your preferences.
Google-Managed
Multi-Cloud Services Data Processing Amendment
Last modified: April 11, 2023
This Google-Managed Multi-Cloud Services Data
Processing Amendment (this “Amendment”) supplements and
amends the Cloud Data Processing Addendum (“CDPA”)
solely with respect to the Google-Managed Multi-Cloud
Services (“Google-Managed MCS”). Capitalized terms used
but not defined in this Amendment have the meaning given
to them in the Agreement, including, without limitation,
Section 6 (Google-Managed Multi-Cloud Services
Terms)
of the Service Specific Terms, General
Service Terms.
This Amendment sets out amendments to the CDPA needed
to address the multi-cloud delivery model where Customer
chooses to use the Google-Managed MCS. The terms of this
Amendment apply only to Google’s processing of
Multi-Cloud Customer Data (as defined below) stored in
Customer’s selected Multi-Cloud Service Third-Party
Provider’s infrastructure pursuant to Google’s provision
of the Google-Managed MCS. Customer will have a separate
agreement in place with Customer’s selected Multi-Cloud
Service Third-Party Provider governing the Multi-Cloud
Service Third-Party Provider’s processing of Customer’s
data on behalf of Customer (“Multi-Cloud Service Data
Processing Terms”).
1. Customer Data
For the purposes of this
Amendment and the CDPA, Customer Data will include data
provided by or on behalf of Customer or Customer End Users
to Google via the Google-Managed MCS under the Account
(“Multi-Cloud Customer Data”).
2. Multi-Cloud Service Third-Party Providers
2.1. Authorization to Engage Multi-Cloud Service Third-Party Provider
.
Customer selects the Multi-Cloud Service Third-Party
Provider on whose infrastructure the Google-Managed MCS
are deployed. The process to make the selection of the
Multi-Cloud Service Third-Party Provider will be
explicitly documented in the Documentation for the
Google-Managed MCS. Customer specifically authorizes the
engagement of Customer’s selected Multi-Cloud Service
Third-Party Provider and their subprocessors (as
referenced in the Multi-Cloud Service Data Processing
Terms) to process the Multi-Cloud Customer Data in
connection with Google’s provision of the Google-Managed
MCS.
2.2. Information about Multi-Cloud Service Third-Party
Providers
. The available Multi-Cloud Service
Third-Party Providers are listed at https://cloud.google.com/terms/mcs-providers
(as may be updated by Google from time to time).
2.3. Requirements for Multi-Cloud Service Third-Party
Provider Engagement
. When engaging Customer’s
selected Multi-Cloud Service Third-Party Provider in
connection with the Google-Managed MCS, Google will:
a. ensure via a written
contract that the Multi-Cloud Service Third-Party Provider
only accesses and uses the Multi-Cloud Customer Data to
the extent required to perform the obligations
subcontracted to it;
b. enter into a data
processing agreement with the Multi-Cloud Service
Third-Party Provider that imposes the data protection
obligations described in Article 28(3) of the GDPR on the
Multi-Cloud Service Third-Party Provider for its
processing of any personal data within the Multi-Cloud
Customer Data; and
c. remain fully liable for
all obligations subcontracted to, and all acts and
omissions of, the Multi-Cloud Service Third-Party Provider
in the provision of the Google-Managed MCS.
2.4. Multi-Cloud Service Third-Party Provider Changes
.
Google will not change Customer’s selected Multi-Cloud
Service Third-Party Provider. Customer is responsible for
and in control of which Multi-Cloud Service Third-Party
Provider may process the Multi-Cloud Customer Data, and
may change or revoke its Multi-Cloud Service Third-Party
Provider selection at any time. Information about changes
to the Multi-Cloud Service Third-Party Provider’s
subprocessors is available in the Multi-Cloud Service
Third-Party Provider’s data processing terms.
3. Data Security
3.1. Security Measures
.
a. Google Infrastructure
. The Security Measures
described in Appendix 2 of the CDPA apply to Customer Data
that Google processes pursuant to Google’s provision of
the Google-Managed MCS on Google’s infrastructure.
b. Multi-Cloud Service Third-Party Provider Infrastructure
.
Where Customer Data that Google processes via the
Google-Managed MCS is processed on the Multi-Cloud Service
Third-Party Provider’s infrastructure, for any security
measures described in Appendix 2 of the CDPA that are
managed solely by the Multi-Cloud Service Third-Party
Provider, such as physical security for the applicable
data centers, Google will rely on the security measures
implemented and maintained by the applicable Multi-Cloud
Service Third-Party Provider.
3.2. Customer’s Audit Rights
. The Multi-Cloud Service
Data Processing Terms describe Customer’s right to
directly audit and inspect the Multi-Cloud Service
Third-Party Provider. Section 7.5.2 (Customer’s Audit
Rights) of the CDPA only applies to Google’s processing of
Multi-Cloud Customer Data stored in Google’s
infrastructure pursuant to Google’s provision of the
Google-Managed MCS.
4. Effect of this Amendment
To the extent of any conflict
or inconsistency between this Amendment and the remaining
terms of the Agreement, this Amendment will govern.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Google Managed Multi Cloud Services Data Processing And Security Terms Addendum\n\n- [Back to Google Cloud Terms Directory](https://cloud.google.com/product-terms)\n- \n- Current \n\nGoogle-Managed\nMulti-Cloud Services Data Processing Amendment\n=============================================================\n\nLast modified: April 11, 2023\nThis is not the current version of this document and is provided for archival purposes. [View the current version](/terms/mcs-data-processing-terms) \nThis Google-Managed Multi-Cloud Services Data\nProcessing Amendment (this \"Amendment\") supplements and\namends the Cloud Data Processing Addendum (\"CDPA\")\nsolely with respect to the Google-Managed Multi-Cloud\nServices (\"Google-Managed MCS\"). Capitalized terms used\nbut not defined in this Amendment have the meaning given\nto them in the Agreement, including, without limitation,\nSection 6 (Google-Managed Multi-Cloud Services\nTerms)of the Service Specific Terms, General\nService Terms.\n\nThis Amendment sets out amendments to the CDPA needed\nto address the multi-cloud delivery model where Customer\nchooses to use the Google-Managed MCS. The terms of this\nAmendment apply only to Google's processing of\nMulti-Cloud Customer Data (as defined below) stored in\nCustomer's selected Multi-Cloud Service Third-Party\nProvider's infrastructure pursuant to Google's provision\nof the Google-Managed MCS. Customer will have a separate\nagreement in place with Customer's selected Multi-Cloud\nService Third-Party Provider governing the Multi-Cloud\nService Third-Party Provider's processing of Customer's\ndata on behalf of Customer (\"Multi-Cloud Service Data\nProcessing Terms\"). \n\n#### 1. Customer Data\n\nFor the purposes of this\nAmendment and the CDPA, Customer Data will include data\nprovided by or on behalf of Customer or Customer End Users\nto Google via the Google-Managed MCS under the Account\n(\"Multi-Cloud Customer Data\"). \n\n#### 2. Multi-Cloud Service Third-Party Providers\n\n2.1.\n*Authorization to Engage Multi-Cloud Service Third-Party Provider*.\nCustomer selects the Multi-Cloud Service Third-Party\nProvider on whose infrastructure the Google-Managed MCS\nare deployed. The process to make the selection of the\nMulti-Cloud Service Third-Party Provider will be\nexplicitly documented in the Documentation for the\nGoogle-Managed MCS. Customer specifically authorizes the\nengagement of Customer's selected Multi-Cloud Service\nThird-Party Provider and their subprocessors (as\nreferenced in the Multi-Cloud Service Data Processing\nTerms) to process the Multi-Cloud Customer Data in\nconnection with Google's provision of the Google-Managed\nMCS.\n\n2.2.\n*Information about Multi-Cloud Service Third-Party*\n*Providers* . The available Multi-Cloud Service\nThird-Party Providers are listed at\n\u003chttps://cloud.google.com/terms/mcs-providers\u003e\n(as may be updated by Google from time to time).\n\n2.3.\n*Requirements for Multi-Cloud Service Third-Party*\n*Provider Engagement*. When engaging Customer's\nselected Multi-Cloud Service Third-Party Provider in\nconnection with the Google-Managed MCS, Google will:\n\na. ensure via a written\ncontract that the Multi-Cloud Service Third-Party Provider\nonly accesses and uses the Multi-Cloud Customer Data to\nthe extent required to perform the obligations\nsubcontracted to it;\n\nb. enter into a data\nprocessing agreement with the Multi-Cloud Service\nThird-Party Provider that imposes the data protection\nobligations described in Article 28(3) of the GDPR on the\nMulti-Cloud Service Third-Party Provider for its\nprocessing of any personal data within the Multi-Cloud\nCustomer Data; and\n\nc. remain fully liable for\nall obligations subcontracted to, and all acts and\nomissions of, the Multi-Cloud Service Third-Party Provider\nin the provision of the Google-Managed MCS.\n\n2.4.\n*Multi-Cloud Service Third-Party Provider Changes*.\nGoogle will not change Customer's selected Multi-Cloud\nService Third-Party Provider. Customer is responsible for\nand in control of which Multi-Cloud Service Third-Party\nProvider may process the Multi-Cloud Customer Data, and\nmay change or revoke its Multi-Cloud Service Third-Party\nProvider selection at any time. Information about changes\nto the Multi-Cloud Service Third-Party Provider's\nsubprocessors is available in the Multi-Cloud Service\nThird-Party Provider's data processing terms. \n\n#### 3. Data Security\n\n3.1.\n*Security Measures*.\n\n\n*a. Google Infrastructure*. The Security Measures\ndescribed in Appendix 2 of the CDPA apply to Customer Data\nthat Google processes pursuant to Google's provision of\nthe Google-Managed MCS on Google's infrastructure.\n\n\n*b. Multi-Cloud Service Third-Party Provider Infrastructure*.\nWhere Customer Data that Google processes via the\nGoogle-Managed MCS is processed on the Multi-Cloud Service\nThird-Party Provider's infrastructure, for any security\nmeasures described in Appendix 2 of the CDPA that are\nmanaged solely by the Multi-Cloud Service Third-Party\nProvider, such as physical security for the applicable\ndata centers, Google will rely on the security measures\nimplemented and maintained by the applicable Multi-Cloud\nService Third-Party Provider.\n\n3.2.\n*Customer's Audit Rights*. The Multi-Cloud Service\nData Processing Terms describe Customer's right to\ndirectly audit and inspect the Multi-Cloud Service\nThird-Party Provider. Section 7.5.2 (Customer's Audit\nRights) of the CDPA only applies to Google's processing of\nMulti-Cloud Customer Data stored in Google's\ninfrastructure pursuant to Google's provision of the\nGoogle-Managed MCS.\n\n\u003cbr /\u003e\n\n#### 4. Effect of this Amendment\n\nTo the extent of any conflict\nor inconsistency between this Amendment and the remaining\nterms of the Agreement, this Amendment will govern."]]
