The GDPR provides several mechanisms to facilitate the transfer of personal data outside the EU. Those mechanisms aim to confirm an adequate level of protection or to ensure the implementation of appropriate safeguards for the transfer of personal data to a third country. An adequate level of protection can be confirmed by adequacy decisions such as the Japanese Personal Data Protection Act (APPI) and the Swiss Data Protection Act. Where personal data is transferred outside the EU to third countries that are not covered by adequacy decisions, we undertake, under our data processing agreements, to maintain a mechanism that facilitates such transfers in accordance with the GDPR. In 2017, we received confirmation of compliance with our standard contractual clauses from the European data protection authorities and confirmed that our contractual obligations for Google Workspace and Google Cloud Platform meet the requirements to legally shape the transfer of personal data from the EU to third countries that do not offer adequate protection. 7.1.4 Google Security Support. Google helps Customer (given the nature of Customer`s processing of personal data and the information available to Google) to comply with its obligations under Sections 32 to 34 of the GDPR by: These Data Processing and Security Terms, including their Appendices (the “Terms”), are effective and supersede all previously applicable data processing and security provisions from the date of entry into force of the Terms (as defined below). 7.1.1 Google`s Security Measures. Google implements and maintains technical and organizational measures to protect Customer Data from accidental or unlawful unauthorized destruction, loss, alteration, disclosure or access, as described in Appendix 2 (the “Security Measures”). Security measures include encryption measures for personal data; to ensure the continued confidentiality, integrity, availability and resilience of Google`s systems and services; restore timely access to personal data after an incident; and to review its effectiveness on a regular basis. Google may update security measures from time to time, provided that such updates do not result in a deterioration in the overall security of the Services. The Google Group companies directly carry out most of the data processing activities necessary for the provision of the Google Workspace and Google Cloud Platform services.
However, we hire third-party service providers to help us support these services. Each vendor goes through a rigorous selection process to ensure they have the necessary technical expertise and can provide the appropriate level of security and privacy. We provide information about Google Group subcontractors that support Google Workspace and Google Cloud Platform services, as well as third-party subcontractors involved in those services. Details about the Google Workspace subprocessor and details about the GCP subprocessor can be found here. We also include obligations relating to sub-processors in our data processing agreements. (i) any data of another customer of a Jibe company; “Data Subject Tool” means a tool (if any) provided by a Jibe Company to Data Subjects that enables Jibe to respond directly and in a standardised manner to certain data subject requests regarding the Company`s personal data (e.g. B an opt-out browser plug-in). For more information, please see workspace.google.com/security This Data Processing Addendum (including the “Data Processing Addendum”) is entered into by Jibe and Company and supplements the Agreement.
This Data Processing Addendum is in effect and supersedes all previously applicable terms and conditions relating to their subject matter (including data processing and security terms relating to subcontracting services) from the date of entry into force of the terms. 2.2 The terms “personal data”, “data subject”, “processing”, “controller” and “processor” used in these terms and conditions have the meaning specified in the GDPR, regardless of whether European or non-European data protection law applies. 12.1 Contact Jibe. The Company may contact Jibe in connection with this Data Processing Addendum through Jibe`s RCS Privacy Contact, who may be contacted by issuetracker.google.com or other means provided by Jibe from time to time. You can also delete customer data at any time using the features of Google Workspace or Google Cloud Platform services. If Google receives a complete removal instruction from you (e.B. if an email that you have deleted can no longer be retrieved from your “Recycle Bin”), Google will delete the relevant customer data from all its systems within a maximum of 180 days, provided that there are no retention obligations. All data you share with Google is protected. The security checks of our products are regularly reviewed in accordance with international standards to ensure that all personal data is treated securely and responsibly.
In addition, the effectiveness of our controls is reviewed by an independent third party at least every two years. Data subjects` rights Controllers may use the management consoles and services of Google Workspace and Google Cloud Platform to access, correct, restrict processing or delete data that they and their users enter into our systems. . . .