Data center access procedure. Google has formal access procedures to allow physical access to data centers. The data centers are installed in facilities requiring electronic access to the card key, with alarms connected to the on-site security operation. All data center participants must identify themselves and provide proof of identity to on-site security operations. Only authorized staff, contractors and visitors are allowed to enter the data centres. Only authorized staff members and contractors may request access to electronic card keys. Requests for access to data center e-card keys must be made by e-mail and require the agreement of the applicant`s manager and the data center director. all other participants who require temporary access to the data center must: (i) obtain prior authorization from the data center managers for the specific data center and the internal areas they wish to visit; (ii) register for on-site security operations; and (iii) a set of approved data center access data that identifies the individual as approved. If any provision of this CCA is or becomes unenforceable, it will not invalidate the entire Agreement. Any provision of this CCA, which is invalidated or unenforceable only partially or to some extent, is rewritten by mutual agreement to accurately reflect the invalid or unenforceable provision, while valid and enforceable.

The data controller selects the cloud platform and region used for the server on which the service is hosted. The processor can only transfer personal data to a server selected by the data controller. The processor will not transfer personal data without being requested by the data controller. Where the controller requests the transfer of personal data, the processor shall assist the data protection officer in ensuring that such transfer and processing complies with applicable data protection legislation. 4.1 Application of European law. The parties acknowledge that European data protection legislation applies to the processing of the customer`s personal data, for example, when the processor appoints the data controller`s contact person for data protection issues arising from the terms and conditions and this DPA. We will notify you immediately of incidents with your customer data, in accordance with the data incident terms in our agreements with you. We continue to nurture and invest in advanced threat detection and prevention technologies, as well as a rigorous 24/7 incident management program that allows you to identify and respond to security or privacy events without delay and with available information...