ChromeOS Data Processor Mode Agreement
Translated versions of this agreement are available on this page: https://www.google.com/chrome/dpchromeos/hub
This ChromeOS Data Processor Mode Agreement ("Agreement") is entered into by and between Google (as defined below) and the entity agreeing to these terms ("Customer"). This Agreement is effective on the date accepted by Customer (the "Effective Date"). This Agreement governs Customer's access to and use of the Services by managed End User Accounts running on a ChromeOS Device, located in the Available Countries. For clarity, this Agreement does not cover hardware, use of ChromeOS on unmanaged devices, use of the Chrome browser on non-ChromeOS Devices, or any managed End User Accounts on ChromeOS Devices outside of the Available Countries.
1. Services.
1.1 Services. Google will provide the Services to Customer in accordance with this Agreement.
1.2 Admin Console. Customer can access the Admin Console through which its use of the Services can be managed, via Chrome Enterprise Upgrade or Chrome Education Upgrade. Customer may specify one or more Administrators through the Admin Console who will have the right to access Admin Accounts. Customer is responsible for: (a) maintaining (i) the confidentiality and security of associated passwords to the extent within Customer's control; and (ii) the security of components of accounts to the extent that Customer provides or controls such components, such as devices used in connection with the managed End User Accounts; and (b) any use of the End User Accounts.
1.3 Changes to Services.
(a) Limitations on Changes. The Services may automatically download and install updates periodically. These updates are designed to improve, enhance and further develop the Services and may take the form of changes such as bug fixes, enhanced functions, new software modules and new versions. Customer accepts that Google may update the Services, provided such updates do not result in a material reduction in the performance or security of the Services. Google will notify Customer of any material update that has a material impact on Customer's use of the Services ("Material Change"), if Customer has subscribed with Google to be informed of such Material Change. If Customer disagrees with any such Material Change, Customer may terminate this Agreement in accordance with Section 9.2 (Termination for Convenience) of this Agreement.
(b) Discontinuation. Google will notify Customer at least 12 months before discontinuing any of the Services (or associated material functionality), unless Google replaces such discontinued Service or functionality with a materially similar Service or functionality.
(c) Support. Google will continue to provide product and security updates until the conclusion of the applicable notice period under subsection 1.3(b) above.
1.4 Permitted Changes. Section 1.3 (Changes to Services) does not limit Google's ability to make changes required to comply with applicable law, address a material security risk, or that are applicable to new or pre-general availability Services or functionality. If Google's changes under this Section 1.4 have a materially negative impact on Customer's use of the Services, Customer may exercise its termination right under Section 1.3(a), provided the Customer has subscribed to be informed in accordance with Section 1.3(a).
1.5 Services Suspension. Google may Suspend Services if: (a) necessary to comply with law; (b) necessary to protect the Services, other Google services, or Google's infrastructure; or (c) the situation described in Section 10.2(b) (Remedies) of this Agreement applies. For Suspensions of managed End User Accounts, Google will provide Customer's Administrator the ability to restore managed End User Accounts, in certain circumstances.
1.6 Limitations on Services Suspensions. Google will provide Customer notice of the cause for Suspension without undue delay, to the extent legally permitted. Any Suspension will be to the minimum extent and for the shortest duration required to resolve the cause for Suspension.
1.7 Technical Support. Customer is responsible for providing technical support to its End Users. Google will provide support as available through the Chromebook Help Center.
1.8 Optional Services. Google makes Optional Services available to Customer and its End Users. Customer's use of Optional Services is not governed by this Agreement, and is instead governed by the Google Terms of Service and Google Privacy Policy, and/or any applicable terms specific to an Optional Service. If consent can be relied upon as a legal ground for processing and is required for the processing of Personal Data in any Optional Service, it is Customer's sole responsibility, in respect of any End Users below the age of consent under applicable law, to either: (a) obtain parental or other required consent for such End Users to access and use those Optional Services; or (b) disable access to such Optional Services.
1.9 Open Source Licenses. Portions of the Services may be provided with notices and open source licenses from third parties that govern the use of those portions (which may be found at https://chromium.googlesource.com/), and any licenses granted hereunder do not alter any rights and obligations Customer may have under such open source licenses. These links include disclosure of third-party licenses to the extent required by the applicable third-party software in the Services.
1.10 Passthrough Terms. Use of certain components of the Services is subject to the Passthrough Terms, which are hereby incorporated into this Agreement, excluding references to the Google Terms of Service. Google may only update the Passthrough Terms if required by the third-party owner of the Passthrough Terms, provided that such updates do not: (a) result in a material degradation of the overall security of the Services to Customer, or (b) expand the scope of or remove any restrictions on Google's processing of data as described in the Data Processing Amendment and in Sections 2.5 and 2.6 of this Agreement.
1.11 Apps and Extensions. Customer's use of apps or extensions provided by Google or a third party may be subject to separate terms, and is not covered by this Agreement.
2. Data Processing Terms.
2.1 Protection of Customer Data and Service Data. Google has implemented and will maintain administrative, physical, and technical safeguards to protect Customer Data and Service Data (as further described in the Data Processing Amendment or, for Service Data that Google processes as a controller, the Google Privacy Policy).
2.2 Data Processing Amendment. Subject to Sections 2.3 - 2.12 and 3.1 - 3.3 of this Agreement, the Data Processing Amendment is incorporated by reference into this Agreement with the following changes:
i. any reference to "Customer Personal Data" will be deemed to be amended to "Customer Personal Data or Processor Service Data", see the definition of "European Law" in Sections 2.1, 4.3, 5.1.3, 5.2.2, 9.2.1 and 10.2;
ii. any reference to "Customer Personal Data" will be deemed to be amended to "Customer Personal Data and Processor Service Data", see Sections 4.1, 5.2.1, 7.1.4, 9.2.2;
iii. any reference to "Customer Personal Data" will be deemed to be amended to "Customer Personal Data and/or Processor Service Data", see Sections 4.2, 5.1.1, 5.1.2, 5.3, 7.1.2 and 11.3(a)(ii);
iv. any reference to "Customer Data" will be deemed to be amended to "Customer Data and Processor Service Data", see the definitions of "Data Incident" and "Subprocessor", Sections 2.1, 3, 6.1, 6.2, 7.1.1, 7.1.3, 7.2.1, 7.3.1, 7.3.2, 9.1, 10.1, 11.1, and 11.3.(a)(i), and Appendix 2 under "4. Personnel Security";
v. any reference to "Customer Data" will be deemed to be amended to "Customer Data or Processor Service Data", see Sections 6.3, 7.2.4, and 11.4(a);
vi. Appendix 1 to the Data Processing Amendment is replaced with Exhibit A to this Agreement;
vii. The following replaces Section 5.1.3 (Responsibilities under Non-European Law) of the Data Processing Amendment: “If Non-European Data Protection Law applies to either party’s processing of Customer Personal Data or Processor Service Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data or Processor Service Data, except, with respect to Customer, to the extent its obligations under Non-European Data Protection Law conflict with or lead to a breach of Customer’s obligations under GDPR (which is Customer’s sole responsibility)”; and
viii. The sentence “Customer agrees that the Services, Security Measures implemented and maintained by Google, Additional Security Controls and Google’s commitments under this Section 7 (Data Security) provide a level of security appropriate to the risk to Customer Data (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals)” in Section 7.3.2 (Customer’s Security Assessment) of the Data Processing Amendment is replaced by the following: “Customer at the Effective Date concludes and remains responsible for determining, based on its current and intended use of the Services, that the Services, Security Measures, Additional Security Controls and Google’s commitments under this Section 7 (Data Security): (a) meet Customer’s needs, including with respect to any security obligations of Customer under European Data Protection Law and/or Non-European Data Protection Law, as applicable, and (b) provide a level of security appropriate to the risk in respect of the Customer Data and Processor Service Data.”
2.3 Purposes of processing Service Data. Google will process Service Data only for the purposes set out in Section 2.5 (Customer Instructions) and the Legitimate Business Purposes.
2.4 Processor and Controller Responsibilities. All Personal Data relating to Customer or End Users that is processed by Google in connection with Google's provision of the Services to Customer or End Users qualifies as Customer Personal Data or Service Data. Google is a processor of such Personal Data, except where Google or a Google Affiliate acts as a controller processing Service Data in accordance with the Legitimate Business Purposes.
2.5 Customer Instructions. Where Google is a processor, Google may only process Customer Personal Data and Processor Service Data in accordance with both applicable law and the Customer's documented instructions, as explicitly set out in this Agreement and further specified via Customer's use of the Services (including the Admin Console and other functionality of the Services) (the “Customer Instructions”).
Subject to the preceding paragraph, Customer hereby instructs Google, as a processor, to process Customer Personal Data and Processor Service Data only to the extent necessary to achieve the following three purposes:
i. to provide, maintain and improve the Services;
ii. to identify, address and fix security threats, risks, bugs and other anomalies;
iii. to develop, deliver and install updates to the Services subscribed to by Customer (including new functionality related to the Services subscribed to by Customer).
2.6 Limitations to processing by Google. Google will not process Customer Personal Data or Service Data:
i. for Advertising purposes; or
ii. for profiling, data analytics, and market research, except where such processing is necessary: (a) to comply with the (Customer Instructions), or (b) with respect to Service Data, in accordance with the Legitimate Business Purposes.
2.7 Deletion and return. On expiry or termination of this Agreement, Customer, at its choice, may instruct Google to either delete all Customer Data and Processor Service Data, or return Customer Data and Processor Service Data in a manner consistent with the functionality of the Services. Google will confirm deletion upon Customer's request.
2.8 Right to object to new Subprocessors. Customer may object to Subprocessor changes as detailed in Section 11.4 (Opportunity to Object to Subprocessor Changes) of the Data Processing Agreement. Notwithstanding Section 11.2 (Information about Subprocessors) and 11.4 of the Data Processing Amendment either in writing or at a URL specified by Google.
2.9 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Google will comply with the requirements in Section 11.3 (Requirements for Subprocessor Engagement) of the Data Processing Amendment.
2.10 Processing of Personal Data. For the avoidance of doubt, to "process" Personal Data includes:
i. to disclose, pseudonymise, de-identify, or anonymise Personal Data, and
ii. to combine Personal Data with other Personal Data, or to derive any data or information from such Personal Data.
3. Audit Terms.
3.1 Privacy Audit Rights. Customer's audit rights are detailed in Section 7.5.2 (Customer's Audit Rights) of the Data Processing Amendment.
3.2 Additional Business Terms for Audits.
a. Frequency. Customer may only conduct one audit under Section 3.1 (Privacy Audit Rights) per Contract Year in respect of all Chrome services, including the Services, except in respect of an additional audit under Section 3.1 that: (i) promptly follows a Google Fault Data Incident; or (ii) is specifically ordered by Customer's supervisory authority.
b. Procedure. In addition to the restrictions and obligations contained in Section 7.5.3 of the Data Processing Amendment, the parties agree that:
(i) the on-premise portion of any audit will not exceed a designated window of two consecutive weeks; and
(ii) all audits must be conducted in accordance with recognised international auditing standards (for example, ISAE 3402).
c. Information. The Security Documentation and all information obtained under this Section 3 (Audit Terms) are Google's Confidential Information and subject to all related obligations under Section 5 (Confidential Information). Nothing in this Agreement will require Google to: (a) provide data of Google customers or End Users other than Customer's; or (b) allow access to any Google systems or facilities that are not involved in the provision of the Services. The auditor may only disclose audit reports to: (i) Google and its Affiliates; (ii) Customer; and (iii) as otherwise required by law, provided that Confidential Information contained in the report shall not be disclosed other than in accordance with Section 5. The term "Security Documentation" is defined in the Data Processing Amendment.
3.3 No Modification of SCCs. Nothing in this Section 3 (Audit Terms) varies or modifies any rights or obligations of Customer, Google or Google's Affiliates under any SCCs entered into as described in the Data Processing Amendment.
4. Customer Obligations.
4.1 Permitted Uses. The Services are permitted for use on ChromeOS Devices only.
4.2 Consents. Customer is responsible for any consents and notices, to the extent legally required, to permit: (a) Customer's and its End Users' receipt and use of the Services; and (b) Google's accessing, storing, and processing of data provided by Customer (including Customer Data and Personal Data, if applicable) under this Agreement.
4.3 Compliance. Customer will: (a) ensure that Customer's and its End Users' use of the Services complies with this Agreement; (b) use reasonable endeavours to prevent and terminate any unauthorised access to or use of the Services; and (c) promptly notify Google of any unauthorised use of, or access to, the Services of which Customer becomes aware.
4.4 Use Restrictions. Customer will not, and will not allow End Users to: (a) copy, modify, create a derivative work of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any of the source code of Chrome services, including the Services (except to the extent such restriction is expressly prohibited by applicable law); (b) sell, resell, sublicense, transfer, or distribute the Chrome services, including the Services; or (c) access or use Chrome services, including the Services: (i) for High Risk Activities; (ii) for materials or activities that are subject to the International Traffic in Arms Regulations (ITAR) maintained by the United States Department of State; or (iii) in a manner that breaches, or causes the breach of, Export Control Laws. Customer acknowledges the Services are not capable of placing or receiving emergency services calls.
4.5 Customer Domain Name Ownership. Customer is responsible for obtaining and maintaining any rights necessary for Customer's and Google's use of the Customer Domain Names under this Agreement. Before providing the Services, Google may require that Customer verify that Customer owns or controls the Customer Domain Names. If Customer does not own or control the Customer Domain Names, then Google will have no obligation to provide the Services to Customer.
4.6 Abuse Monitoring. Customer is solely responsible for monitoring, responding to, and otherwise processing emails sent to the "abuse" and "postmaster" aliases for Customer Domain Names, but Google may monitor emails sent to these aliases to allow Google to identify Services abuse.
5. Confidential Information.
5.1 Use and Disclosure of Confidential Information. The Recipient will not disclose the Disclosing Party's Confidential Information in any way, will only use the Disclosing Party's Confidential Information to exercise its rights and fulfill its obligations under this Agreement, and will use reasonable care to protect against the disclosure of the Disclosing Party's Confidential Information. Notwithstanding the foregoing, and subject to the Data Processing Amendment, the Recipient may disclose the Disclosing Party's Confidential Information: (a) to its Delegates (for the avoidance of doubt, if such Delegates are Subprocessors and the Confidential Information at hand is Customer Personal Data, any processing of such data by that Subprocessor is subject to Section 11 (Subprocessors) of the Data Processing Amendment) who have a need to know and who are bound by confidentiality obligations at least as protective as those in this Section 5 (Confidential Information); (b) with the Disclosing Party's written consent; or (c) regardless of any other provision in this Agreement, as strictly necessary to comply with Legal Process, provided the Recipient promptly notifies the Disclosing Party prior to such disclosure, unless legally prohibited from doing so. The Recipient will comply with the Disclosing Party's reasonable requests to oppose disclosure of its Confidential Information.
5.2 Redirect Disclosure Request. Notwithstanding the obligations set out in the Data Processing Amendment, if the Recipient receives Legal Process for the Disclosing Party's Confidential Information, the Recipient will, if reasonably possible, first attempt to redirect the third party to request it from the Disclosing Party directly. To facilitate this request, the Recipient may provide the name, telephone number and email address of the Disclosing Party's contact person to the third party. Google has published further information about how it responds to government requests here: https://transparencyreport.google.com
5.3 Treatment of Corporate Data and Service Data. Google will not disclose Corporate Data or Service Data except: (a) in respect of Processor Service Data, to Subprocessors in accordance with Section 11 (Subprocessors) of the Data Processing Amendment; (b) in respect of Corporate Data and Service Data not being Processor Service Data, to its Delegates who are bound by confidentiality obligations at least as protective as those in this Section 5.3 (Treatment of Corporate Data and Service Data); and (c) regardless of any other provision in this Agreement, as strictly necessary to comply with Legal Process, provided, Google promptly notifies Customer prior to such disclosure unless legally prohibited from doing so. Google will comply with Customer's reasonable requests to oppose disclosure of Processor Service Data and Corporate Data. If Google receives Legal Process for Processor Service Data or Corporate Data, Google will, if reasonably possible, first attempt to redirect the third party to request it from Customer directly. To facilitate this request, Google may provide the name, telephone number and email address of Customer's contact person to the third party. In this Section, "Corporate Data" means any data excluding Service Data and Customer Data that: (a) is not Personal Data, (b) identifies Customer, and (c) Google collects or generates during the provision (including administration) of the Services to Customer (including without limitation data: (i) within support tickets, and (ii) collected from Software installed on End User devices through which the End User accesses the Services (including telemetry data)).
6. Intellectual Property Rights.
6.1 Intellectual Property. Except as expressly described in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other's Intellectual Property. As between the parties, Customer retains all Intellectual Property Rights in Customer Data and Customer Applications, and Google retains all Intellectual Property Rights in the Chrome services (including the Services) and Software.
6.2 Feedback. At its option, Customer may provide feedback and suggestions about Google services, including the Services, to Google ("Feedback"). If Customer provides Feedback, then Google and its Affiliates may use that Feedback without restriction and without obligation to Customer.
7. Publicity.
7.1 Publicity. Customer may state publicly that it is a Google customer and display Google Brand Features in accordance with the Trademark Guidelines. Google may not use Customer's name and Brand Features without Customer's prior written consent or in accordance with Customer’s brand guidelines, if applicable. Additionally, with prior written consent, the parties may engage in joint marketing activities such as customer testimonials, press engagements, public speaking events, and analyst interviews. A party may revoke the other party's right to use its Brand Features with 30 days' written notice. Any use of a party's Brand Features will inure to the benefit of the party holding Intellectual Property Rights to those Brand Features.
8. Representations, Warranties and Disclaimers.
8.1 Representations and Warranties. Each party represents and warrants that it has full power and authority to enter into this Agreement. Each party warrants that it will comply with all laws and regulations applicable to its provision, receipt, or use, of the Services, as applicable. Google warrants that it will use reasonable care and skill in complying with its obligations under this Agreement.
8.2 Disclaimer. No conditions, warranties or other terms apply to the provision of the Services or Software unless expressly described in this Agreement. No implied conditions, warranties or other terms apply (including any implied terms as to satisfactory quality, fitness for purpose or conformance with description). Google does not warrant that operation of the Services or Software will be error-free or uninterrupted.
9. Termination.
9.1 Agreement Term. This Agreement will remain in effect until terminated.
9.2 Termination for Convenience. Either party may terminate this Agreement for convenience with 30 days' prior written notice to the other party.
9.3 Termination for Breach. Either party may terminate this Agreement with immediate effect if the other party: (a) is in material breach of this Agreement and such material breach is incurable or the party fails to cure that breach within 30 days after receipt of written notice; (b) enters into an arrangement or composition with or for the benefit of its creditors, goes into administration, receivership or administrative receivership, or is dissolved or otherwise ceases its business operations; or (c) becomes subject to insolvency or bankruptcy proceedings and such proceedings are not dismissed within 90 days.
9.4 Termination by Google. Google may terminate this Agreement if: (a) required to comply with a legal requirement or court order, (b) Customer or End Users' conduct causes harm or Liability to a user, third party, or Google, or (c) Google will no longer provide a primarily data processor version of managed ChromeOS (in which case Google will provide at least 30 days' prior written notice to Customer).
9.5 Effects of Termination. If this Agreement terminates, then: (a) the rights granted by one party to the other will cease immediately (except as set forth in this Section 9.5 and Section 9.6 (Survival)); (b) Customer will not have access to, or the ability to export, Customer Data after the effective date of termination or expiry of this Agreement; (c) Customer will be responsible for determining whether (and the extent to which) to use the functionality of the Services to delete Customer Data prior to such date; and (d) Google will delete or return Customer Data in accordance with the terms of this Agreement.
9.6 Survival. The following Sections will survive expiration or termination of this Agreement: Section 2 (Data Processing Terms), Section 3 (Audit Terms), Section 5 (Confidentiality), Section 6 (Intellectual Property Rights), Section 8 (Representations, Warranties and Disclaimers), Section 9.5 (Effects of Termination), Section 10 (Indemnification), Section 11 (Limitation of Liability), Section 12 (Miscellaneous) and Section 13 (Definitions).
10. Indemnification.
10.1 Indemnification Obligations. To the extent allowed by applicable law, Customer will indemnify Google, its Affiliates, and each of their directors, officers, employees, and contractors for any Third-Party Legal Proceedings (including actions by government authorities) arising out of or relating to: (a) any Customer Indemnified Materials; or (b) Customer's or an End User's unlawful use of the Services or violation of this Agreement. This indemnity covers any liability or expense arising from claims, losses, damages, judgments, fines, litigation costs, and legal fees.
10.2 Remedies.
(a) If Google reasonably believes the Services might infringe a third party's Intellectual Property Rights, then Google may, at its sole option and expense: (i) procure the right for Customer to continue using the Services; (ii) modify the Services to make them non-infringing without materially reducing their functionality; or (iii) replace the Services with a non-infringing, functionally equivalent alternative. Google will notify Customer of changes in accordance with and subject to the conditions set out in Section 1.3 (Changes to Services).
(b) If Google does not believe the remedies in Section 10.2(a) are commercially reasonable, then Google may Suspend or terminate any or all impacted services.
(c) Without affecting either party's termination rights, this Section 10.2 (Remedies) states Customer's sole and exclusive remedies under this Agreement for any third-party allegations of Intellectual Property Rights infringement.
11. Limitation of Liability.
11.1 Limited Liabilities.
(a) To the extent allowed by applicable law, and subject to Section 11.2 (Unlimited Liabilities), Google will not have any Liability arising out of or relating to this Agreement for any (i) loss of profits, revenues, business opportunities, goodwill, or anticipated savings, (ii) indirect or consequential losses, or (iii) punitive damages.(b) Subject to Sections 11.1(a) and 11.2 (Unlimited Liabilities), Google’s total Liability for all claims, damages, penalties, fines, costs and expenses incurred by the other party and its Affiliates arising out of or relating to this Agreement is limited to $200 (two hundred US dollars).
11.2 Unlimited Liabilities. Nothing in this Agreement excludes or limits either party's Liability for:
(a) death or personal injury resulting from its negligence or willful misconduct, or the negligence or willful misconduct of its employees or agents;
(b) its fraud or fraudulent misrepresentation;
(c) its infringement of the other party's Intellectual Property Rights;
(d) Customer's obligation to pay any audit fees in accordance with Section 3 (Audit Terms); or
(e) matters for which liability cannot be excluded or limited under applicable law.
12. Miscellaneous.
12.1 Notices. Google will provide notices relating to this Agreement to Customer by sending an email to the Notification Email Address. Customer will provide such notices to Google by sending an email to legal-notices@google.com. A notice will be treated as received when the email is sent. Customer is responsible for keeping its Notification Email Address current throughout the Term
12.2 Emails. The parties may use emails to satisfy written approval and consent requirements under this Agreement.
12.3 Assignment. Neither party may assign this Agreement without the written consent of the other, except to an Affiliate where: (a) the assignee has agreed in writing to be bound by the terms of this Agreement; (b) the assigning party remains liable for obligations under this Agreement if the assignee defaults on them; and (c) the assigning party has notified the other party of the assignment. Any other attempt to assign is void.
12.4 Change of Control. If a party experiences a change of Control (for example, through a stock purchase or sale, merger, or other form of corporate transaction), then: (a) that party will give written notice to the other party within 30 days after the change of Control; and (b) the other party may immediately terminate this Agreement any time within 30 days after it receives that written notice.
12.5 Force Majeure. Neither party will be liable for failure or delay in performance of its obligations to the extent caused by circumstances beyond its control.
12.6 Subcontracting. Either party may subcontract any of its obligations under this Agreement, but will remain liable for all subcontracted obligations and its subcontractors' acts or omissions.
12.7 No Agency. The parties are independent contractors. This Agreement does not create any agency, partnership, or joint venture between the parties.
12.8 No Waiver. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.
12.9 Severability. If any part of this Agreement is invalid, illegal, or unenforceable, the rest of this Agreement will remain in effect.
12.10 No Third-Party Beneficiaries. This Agreement does not confer any rights or benefits to any third party unless it expressly states that it does. The parties can amend, rescind, or terminate this Agreement without any third-party beneficiary's consent.
12.11 Emergency, Interim and Injunctive Relief. Nothing in this Agreement will limit the right of either party to apply to any court of competent jurisdiction for emergency, interim and/or injunctive relief.
12.12 Governing Law and Venue. This Agreement and any dispute (contractual or non-contractual) concerning this Agreement or its subject matter or formation, validity, subject matter, interpretation, performance or termination (a "Dispute") is/are governed by English law. The 1980 United Nations Convention on Contracts for the International Sale of Goods and its related instruments will not apply to this Agreement. Any Dispute will be exclusively resolved by the competent court in London, England.
12.13 Amendments. Any amendment to this Agreement must be in writing, expressly state that it is amending this Agreement, and be signed by both parties; however, Google may update this Agreement: (a) to reflect material changes to the Services; (b) for required legal, regulatory, or security reasons; or (c) to prevent abuse or harm. In the event that Google updates this Agreement under this Section 12.13, it will provide Customer with at least 30 days' prior written notice, except in urgent situations such as preventing ongoing abuse or responding to legal requirements. If Customer does not agree to any updates, Customer may exercise its termination right under Section 9.2 (Termination for Convenience).
12.14 Independent Development. Nothing in this Agreement will be construed to limit or restrict either party from independently developing, providing, or acquiring any materials, services, products, programs, or technology that are similar to the subject of this Agreement, provided that the party does not breach its obligations under this Agreement in doing so.
12.15 Entire Agreement. Subject to Section 11.2(b), this Agreement states all terms agreed between the parties, and supersedes any prior or contemporaneous agreements between the parties, relating to the subject matter of this Agreement. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation, or warranty (whether made negligently or innocently), except those expressly described in this Agreement. This Agreement includes URL links to other terms, which are incorporated by reference into this Agreement.
12.16 Conflicting Terms. If there is a conflict among the Sections of this Agreement or the documents that make up this Agreement, then the Sections and documents will control in the following order:
i. Sections 2 and 3 of this Agreement;
ii. the Data Processing Amendment;
iii. the Passthrough Terms, to the limited extent applicable;
iv. other Sections of this Agreement;
v. any other document incorporated by reference under this Agreement.
12.17 Counterparts. The parties may execute this Agreement in counterparts, including facsimile, PDF, and other electronic copies, which taken together will constitute one instrument.
12.18 Electronic Signatures. The parties consent to electronic signatures.
12.19 Conflicting Languages. To the extent any translated version of this Agreement is inconsistent with the English version, the English version will govern.
12.20 Headers. Headings and captions used in this Agreement are for reference purposes only and will not have any effect on the interpretation of this Agreement.
13. Definitions.
"Admin Account" means a type of End User Account that Customer may use to administer the Services.
"Admin Console" means the online console(s) and/ tool(s) provided by Google to Customer for administering (a) the Services under this Agreement, and (b) the services set out in a Complementary Product Services Summary (if applicable).
"Administrator" means Customer-designated personnel who administer the Services to managed End Users on Customer's behalf, and have the ability to access Customer's managed End User Accounts. Such access includes the ability to access, monitor, use, modify, withhold, or disclose any data available to End Users associated with their managed End User Accounts.
"Advertising" means online advertisements and recommendations displayed by Google to End Users, excluding:
(a) any advertisements and recommendations that Customer expressly chooses to have Google or any of its Affiliates display in connection with the Services, for example under a separate agreement (such as Google AdSense advertisements implemented by Customer on a website created by Customer using any Google Sites functionality within the Services); and
(b) any recommendations relating to the Services or other Google cloud services subscribed to by Customer.
"Affiliate" means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.
"AUE Date" means the date set forth on the applicable ChromeOS Device or as listed at the following link: https://support.google.com/chrome/a/answer/6220366 (where such content may be updated or modified by Google).
"Available Countries" means the jurisdictions in which data processor mode for ChromeOS is provided by Google, a list of which is available in the Chromebook Help Center and which may be updated by Google from time to time.
"Brand Features" means each party's trade names, trademarks, logos, domain names, and other distinctive brand features.
"Chrome Education Upgrade" or "Chrome Enterprise Upgrade" have the meanings described in more detail at https://support.google.com/chrome/a/answer/2717664 (as may be updated by Google from time to time).
"Chromebook Help Center" means the online support pages at https://support.google.com/chromebook or such other URL as Google may designate.
"ChromeOS Device" means a managed hardware device running the latest available versions of Google's Chrome operating system (ChromeOS) and Chrome browser, where such device is managed through the Admin Console by Customer or Administrator(s), using Chrome Enterprise Upgrade.
"Complementary Product Services Summary" has the meaning given in the Data Processing Amendment.
"Confidential Information" means information that one party or its Affiliate ("Disclosing Party") discloses to the other party ("Recipient") under this Agreement, that is marked as confidential or would normally be considered confidential information under the circumstances. Customer Data is Customer's Confidential Information. Confidential Information does not include information that is independently developed by the Recipient, is shared with the Recipient by a third party without confidentiality obligations, or is or becomes public through no fault of the Recipient.
"Contract Year" means a period of one calendar year starting on the Effective Date or the relevant anniversary of the Effective Date (as appropriate).
"Control" means control of greater than 50% of the voting rights or equity interests of a party.
"Corporate Data" has the meaning given to it in Section 5.3 (Treatment of Corporate Data and Service Data) of this Agreement.
"Customer Application" means a software program that Customer creates or hosts using the Services.
"Customer Data" means all data (including text, files, software, images, video, audio, software and code) submitted, stored, sent or received via the Services by Customer or its End Users.
"Customer Domain Name" means the Customer domain name(s) used in connection with the Services.
"Customer Indemnified Materials" means Customer Data and Customer Brand Features.
"Customer Instructions" has the meaning given in Section 2.5 (Customer Instructions).
"Customer Personal Data" means the Personal Data contained within Customer Data.
"Data Incident" means a breach of Google's or a Subprocessor's security, leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Google or a Subprocessor.
"Data Processing Amendment" means the then-current terms at: https://www.google.com/chrome/terms/dpa_terms.html, or such other URL as Google may provide.
"Delegates" means the Recipient's employees, contractors, civil servants, Affiliates, agents, or professional advisors.
"End User" means a managed individual (e.g. employee, onsite contractor or onsite agent) that Customer permits to use the Services or a Customer Application. For clarity, End Users may include employees of Customer, its Affiliates and other third parties.
"End User Account" means a Google-hosted account established and managed by Customer through the Admin Console, for an End User to use the Services.
"Essential Services" means the then-current "Essential Services" described in the Admin Console and listed in the Chromebook Help Center.
"European Data Protection Law" has the meaning given to it in the Data Processing Amendment.
"Export Control Laws" means all applicable export and re-export control laws and regulations,including: (a) the Export Administration Regulations ("EAR") maintained by the U.S. Department of Commerce, (b) trade and economic sanctions maintained by the U.S. Treasury Department's Office of Foreign Assets Control, and (c) the International Traffic in Arms Regulations ("ITAR")maintained by the U.S. Department of State, and (d) economic or financial sanctions or trade embargoes, including any economic or financial sanctions or trade embargoes imposed,administered or enforced by the United Nations, the European Union or its Member States and the Swiss Confederation and administered by SECO and/or the Swiss Directorate of Public International Law and Her Majesty’s Treasury (HMT) of the United Kingdom.
"GDPR" has the meaning given to it in the Data Processing Amendment.
"Google" means Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland.
"Google Fault Data Incident" means a Data Incident caused by a breach of the Security Measures by Google, Google's Affiliate, Google's processor or a Subprocessor.
"Google Privacy Policy" means the privacy policy at https://policies.google.com/privacy?hl=en.
"Google Terms of Service" means the terms at https://policies.google.com/terms?hl=en.
"High Risk Activities" means activities where the failure of the Services could lead to death, serious personal injury, or severe environmental or property damage.
"including" means including but not limited to.
"Intellectual Property" or "IP" means anything protectable by an Intellectual Property Right.
"Intellectual Property Right(s)" means all patent rights, copyrights, trademark rights, rights in trade secrets (if any), design rights, database rights, domain name rights, moral rights, and any other intellectual property rights (registered or unregistered) throughout the world.
"Legal Process" means an information disclosure request made under law, governmental regulation, court order, subpoena, warrant, governmental regulatory or agency request, or other valid legal authority, legal procedure, or similar process.
"Liability" means any liability whether under contract, tort (including negligence), or otherwise, regardless of whether foreseeable or contemplated by the parties.
"Legitimate Business Purposes" means:
(i) Billing and account management and customer relationship management and related correspondence with Customers and Customer Administrators;
(ii) Improving and optimizing the performance and core functionality of accessibility, privacy, security and IT infrastructure efficiency of the Services;
(iii) Internal reporting, financial reporting, revenue planning, capacity planning and forecast modeling (including product strategy);
(iv) Abuse and security threat detection, prevention and protection (such as automatic scanning for and reporting of CSAM, scanning for viruses (to the extent permitted and/or required by applicable EU or EU member state law), phishing, malware and other indicators of security threats, that may affect any of Google’s services);
(v) Processing of Personal Data in support tickets and support requests (including corresponding with Customers and Customer Administrators) and any attachments thereto sent by Administrators;
(vi) Receiving and using Feedback;
(vii) Complying with legal obligations; and
(viii) For ChromeOS and Chrome browser usage statistics and crash reports.
"Notification Email Address" means the email address(es) designated by Customer in the Admin Console.
"Optional Services" means products, services, and applications that are not designated as Essential Services, but which may be accessible for use by End Users in conjunction with the Services.
"Passthrough Terms" means the Google Chrome and ChromeOS Additional Terms of Service at https://www.google.com/chrome/terms/?hl=en_US.
"Personal Data" has the meaning given to it in the GDPR.
"Processor Service Data" means the Service Data that Google processes as a processor in accordance with Section 2.5 (Customer Instructions).
"Security Measures" has the meaning given in the Data Processing Amendment.
"Services" means the Essential Services when running on a ChromeOS Device, until the applicable ChromeOS Device's AUE Date.
"Service Data" means the Personal Data Google collects or generates during the provision (including administration) of the Services to Customer (including any Personal Data: (a) within support tickets, and (b) collected from Software installed on End User devices through which the End User accesses the Services (including telemetry data)), excluding any Customer Personal Data.
"Software" means any downloadable tools, software development kits, or other such computer software provided by Google for use in connection with the Services, and any updates Google may make to such Software from time to time.
"Suspend" or "Suspension" means disabling access to or use of the Services or other Google services, in whole or in part.
"Term" means the term of the Agreement, which will begin on this Effective Date and continue until this Agreement is terminated as set forth herein.
"Third-Party Legal Proceeding" means any formal legal proceeding filed by an unaffiliated third party before a court or government tribunal (including any appellate proceeding).
"Trademark Guidelines" means Google's Brand Terms and Conditions, described at: https://www.google.com/permissions/trademark/brand-terms.html.
"URL" means a uniform resource locator address to a site on the internet.
Exhibit A
Replacement of Appendix 1 to the Data Processing Amendment
This Appendix forms part of the Data Processing Amendment.
Appendix 1: Subject Matter and Details of the Data Processing
Subject Matter
Processing of Customer Personal Data and Processor Service Data in accordance with this Agreement.
Duration of the Processing
The applicable Term plus the period from the expiry of such Term until return or deletion of all Customer Personal Data and Processor Service Data by Google in accordance with the Data Processing Amendment.
Nature and Purpose of the Processing
Google will process Customer Personal Data and Processor Service Data for the purposes set out in Section 2.5 of this Agreement.
Categories of Data
Data relating to individuals provided to Google via the Services, by (or at the direction of) Customer or by End Users.
Data Subjects
Data subjects include the individuals about whom data is provided to Google via the Services by (or at the direction of) Customer or by End Users.
By accepting this Agreement, Customer becomes a party to this with Google Ireland Limited.
By accepting this Agreement on behalf of Customer, you represent and warrant that: (i) you have full legal authority to bind your employer, or the applicable entity, to this Agreement; (ii) you have read and understand this Agreement; and (iii) you agree, on behalf of the party that you represent, to this Agreement. If you do not have the legal authority to bind Customer, please do not accept this Agreement.