GCP Marketplace Vendor Agreement

Last modified: September 3, 2020 | Previous Versions

This GCP Marketplace Vendor Agreement ("Agreement") is effective as of the Effective Date and is entered into by Google and Vendor.

This Agreement will be effective as of the date Vendor clicks the "Agree" button (the "Effective Date"). If you are clicking the "Agree" button on behalf of Vendor, you represent and warrant that (a) you have full legal authority to bind Vendor to this Agreement; (b) you have read and understand this Agreement; and (c) you agree, on behalf of Vendor, to this Agreement. If you don't have the legal authority to bind Vendor, please do not click the "Agree" button.

1. Definitions

  1. 1.1. "Affiliate" means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party.
  2. 1.2. "BYOL Products" has the meaning described in Attachment A.
  3. 1.3. "Brand Features" means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party, respectively, as owned (or licensed) by such party from time to time.
  4. 1.4. "Control" means control of greater than 50% of the voting rights or equity interests of a party.
  5. 1.5. "Customer(s)" means any person or entity who purchases, acquires, or deploys Products from the Store.
  6. 1.6. "Customer Charges" means the charges for Customers' purchase and use of Products from the Store, which may be subscription based or based on metrics determined by Google, for example usage or related support time provided.
  7. 1.7. "Customer Sales Data" means information relating to a Customer that Google provides to Vendor.
  8. 1.8. "Excluded Charges" means the charges (a) that arise through any fraudulent or invalid means (as determined by Google in its reasonable discretion), including the fraudulent use of credit cards or other means of payment; (b) that are subject to chargebacks, reversals, adjustments or rejections, whether by a bank, Customer action or otherwise, including related fees; (c) for Customer's use of GCP; or (d) for Google's or its Affiliates' use of the Products in (i) its operation of the Store, including for developing and testing the Store and addressing and assessing Customer issues; or (ii) in connection with marketing, including, demonstrating Products to prospective customers and use by sales personnel for education regarding the Product.
  9. 1.9. "GCP" means the services that comprise the Google Cloud Platform at https://cloud.google.com/cloud/services or such other URL as Google may determine (including any associated APIs).
  10. 1.10. "Google" means Google LLC, with offices at 1600 Amphitheatre Parkway, Mountain View, California 94043.
  11. 1.11. "including" means including but not limited to.
  12. 1.12. "Open Source Material(s)" means any materials that are available under an open source license, including those licenses identified by the Open Source Initiative at https://opensource.org/licenses/alphabetical, that are included or used in any of the Products.
  13. 1.13. "Payment Account" means the Vendor-owned, U.S. payment account set up by Vendor through the Google vendor management system located at the following URL: https://services.google.com/partner-enrollment/enroll or such other URL as Google may determine.
  14. 1.14. "Product(s)" means the Vendor software or services identified by Vendor and approved by Google for listing in the Store (and any related Brand Features).
  15. 1.15. "Rev Split Base" means the Customer Charges collected by Google minus any Taxes, foreign exchange costs, and Excluded Charges.
  16. 1.16. "Revenue Split" means 80% of the Rev Split Base.
  17. 1.17. "Store" means "GCP Marketplace", "Google Cloud Launcher", "Google Cloud Marketplace", or other GCP online marketplace operated by Google, which allows the procurement or deployment by customers of software or services.
  18. 1.18. "Tax(es)" means all applicable taxes, except for taxes based on either party's net income, net worth, employment, or assets (including personal and real property).
  19. 1.19. "Third Party Material(s)" means any materials not owned solely by Vendor or Google that are included, incorporated or used in any of the Products.
  20. 1.20. "Terms URL" means the following URL: https://cloud.google.com/marketplace/docs/partners/terms.
  21. 1.21. "UBB Products" has the meaning described in Attachment B.
  22. 1.22. "Vendor" means the person or entity accepting this Agreement who is registered with and approved by Google for listing of software or services via the Store in accordance with the terms of this Agreement.
  23. 1.23. "Vendor Account" means an account issued by Google to Vendor that enables the listing of Products via the Store.
  24. 1.24. "Vendor Console" means the console or other online tool that may be provided by Google to Vendor to manage administrative functions related to the Store.
  25. 1.25. "Vendor GCP Agreement" means the agreement under which Google has agreed to provide GCP to Vendor.
  26. 1.26. "Wind Down Period" has the meaning described in Section 12.5 (Wind Down).

2. Provision of Products

  1. 2.1. Listing Requirements. Google will display and make Products available for procurement, purchase, deployment, and use (as applicable) by Customers. In order for Products to be available via the Store, Vendor will: (a) accept this Agreement and the Vendor GCP Agreement; (b) have a Vendor Account and Payment Account in good standing; (c) comply with Section 7.5.4 (Third Party Materials and Open Source), and (d) provide complete and accurate information to Google in the Vendor Console (or otherwise requested by Google).
  2. 2.2. Merchant of Record. The parties agree that Google or a Google Affiliate, as applicable, is the merchant of record relative to the business contemplated by this Agreement. If Google or a Google Affiliate is not deemed to be the "merchant of record", "seller of record", or other equivalent for the sale of any Product in any jurisdiction, then Vendor will be merchant of record for that jurisdiction and Product, and Vendor agrees that Google and/or Google's Affiliate, as applicable, is assisting Vendor as Vendor's authorized and disclosed agent and is acting on Vendor's behalf under this Agreement with Vendor as merchant of record.
  3. 2.3. Marketing. The parties will work together on a marketing plan.

3. Payments and Pricing.

  1. 3.1. Payment Terms.
    1. 3.1.1. Payments. Subject to Section 3.1.2 (Minimum Payment), Google will, on or before the last business day of each calendar month during the Term of this Agreement, pay Vendor the Revenue Split for the previous calendar month. All payments of the Revenue Split will be made directly to the Payment Account. Payments will be transferred by the ACH Network (or by other means determined by Google) and paid to Vendor in US dollars, or in other currency agreed upon by the parties from time to time.
    2. 3.1.2. Minimum Payment. Google will not be obligated to make a payment to Vendor under Section 3.1.1 (Payments) if the Revenue Split at the time to be paid is less than $100.00 USD or foreign currency equivalent. Such unpaid Revenue Split will carry over and be included in the Revenue Split for the following calendar month.
    3. 3.1.3. Conditions. Upon the termination of this Agreement and any applicable Wind Down Period that follows, Google will pay any remaining Revenue Split to Vendor within 90 days after termination. In no event will Google be obligated to make payments for any balance less than $1.00 USD or foreign currency equivalent. Google is not responsible for any delay, inaccuracy or non-payment caused by incorrect or incomplete information provided by Vendor or a bank, or for failure of a bank to credit Vendor's account for the correct amount.
  2. 3.2. Pricing. Google will set the price for Products based on a Google defined billing structure.
  3. 3.3. Reports. On a monthly basis during the Term, Google will provide Vendor with reports of Customer Charges in the form generally made available to other Store vendors. Google's measurement of the usage metrics is final.
  4. 3.4. Refunds to Customers. Google may provide Customers a full refund of Customer Charges if the Customer requests the refund and Google determines that the refund should be given. Customer refunds may be exclusive of taxes previously included in Customer Charges.
  5. 3.5. Right to Offset Payment. Google may withhold payments for, offset against payments due, or require Vendor to pay to Google within 60 days of receipt of a related invoice from Google for, any amounts that are or were (a) subject to billing disputes for Products, except in cases when Google reasonably determines that the Customer initiating the dispute has an abnormal dispute history, (b) an Excluded Charge under Section 1.7(a) or (b); (c) based on Customer Charges for Products that are not delivered to the Customer, for example due to termination of the Agreement or take down or modification of the Products; or (d) overpaid by Google to Vendor in prior periods whether as a result of miscalculation by Google or Vendor or otherwise.
  6. 3.6. Fraud. Vendor will not, and will not authorize or encourage any third party to directly or indirectly purchase or otherwise obtain access to the Store through (a) any automated, deceptive, fraudulent or other invalid means, (b) the use of robots or other automated query tools or computer generated search requests, or (c) the fraudulent use of software or credit cards. Vendor will cooperate with Google in any investigation of any of the above circumstances, regardless of whether encouraged, authorized, or perpetrated by Vendor or not.
  7. 3.7. Taxes. If Vendor is legally obligated to collect transaction Taxes, Vendor will notify Google of this requirement and state each Tax as a separate line item on an invoice to Google. Google will be required to pay transaction Tax only on receipt of a tax invoice that meets all of the relevant tax authority's requirements (to allow Google to obtain relief from such Tax if available). Google will pay Taxes separately on the Revenue Split, unless Google provides Vendor with a valid tax exemption certificate. If Google is obligated to withhold any Taxes from the Revenue Split, Google will pay the Revenue Split net of the withheld amounts. Google will provide Vendor with sufficient evidence of such Tax payments withheld on behalf of Vendor to allow Vendor to apply for a refund of the withheld Tax if available.

4. Support

  1. 4.1. Vendor Support of Customers. Vendor will provide and maintain complete and up to date information in the Vendor Console. Such information, including Vendor contact information, may be made available to Customers and other users of the Store. Customers will be instructed to contact Vendor concerning any defects or performance issues related to Products. Vendor will be solely responsible for, and Google will have no responsibility for handling support and maintenance of Products or any complaints about Products. Vendor's response to Customer support inquiries should be no less urgent, inclusive or responsive than the response Vendor offers or provides to similarly situated customers outside of the Store. Google may direct Customers to Vendor to complete setup of Products. If Vendor offers direct management of its Products through Vendor's own systems, Vendor will support such system and make it available to Customers on substantially similar terms and with substantially similar capabilities as it does for customers outside of the Store. Google will support Customer issues related to GCP.
  2. 4.2. Product Updates and Patches.
    1. 4.2.1. Vendor will update, or will provide Google with updates to, as applicable, Products in the Store within five days of release of those updates to the public (or through any other online marketplace) and within 24 hours if those updates include critical security patches, as determined by Google.
    2. 4.2.2. If Google requests a critical security matter be patched, Vendor will respond to Google within 24 hours of such request with either a resolution or a written resolution plan, contact information for person(s) managing the resolution, and the estimated time for delivery of a resolution. Google may choose to hide or prohibit access to any Product until Vendor provides any security patch determined necessary by Google.
    3. 4.2.3. Failure to provide the information, support, or updates for Products described in this Section 4.2 (Product Updates and Patches) may result in consequences including less prominent Product exposure or placement in the Store, removal of the Product from the Store, or Google's termination of this Agreement.
  3. 4.3. Redeployments. So long as Customers pay the applicable, required Customer Charges, Customers are allowed unlimited deployments of each deployable Product.

5. Vendor Responsibilities

  1. 5.1. Authorized Purpose. Vendor will use the Store only for purposes that are permitted by (a) this Agreement, and (b) any applicable law or regulation (including any laws regarding the export of data or software to and from the United States or other relevant countries).
  2. 5.2. Prohibited Actions. Vendor will not engage in any activity with the Store that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of Google; Google's Affiliates; or any third party, including GCP users, Store users, or any network operator.
  3. 5.3. Vendor Responsibility for Products. Vendor is solely responsible for (and Google has no responsibility to Vendor or any third party for) (a) any Products, including their interaction with the Store, Store APIs, or GCP; or (b) the consequences of any Vendor actions (including any loss or damage which Google may suffer) related to the Products, including with respect to Vendor's use of the Store, Store APIs, or GCP, except to the extent resulting solely from an unforeseeable malfunction (e.g., a bug) of the Store, Store APIs, or GCP. Except as described in this Agreement, Vendor has no responsibility for the Store.
  4. 5.4. Vendor Responsibility for Breach. Vendor is solely responsible for (and Google has no responsibility to Vendor or any third party for) any breach by Vendor of its obligations under this Agreement, any applicable third party contract or terms of service between Vendor and its Customer(s), or any applicable law or regulation.
  5. 5.5. Product Display. Google may use and publish performance measurements for Products, such as uninstall or refund rates. Google may display Products to Customers in a manner determined by Google.
  6. 5.6. Product Information. Vendor will be responsible for providing Google with all information and materials necessary to sell and deploy the Products via the Store, including accurate and complete Product information and support information for Customer. Google may immediately hide, prohibit access to, or remove any Products from the Store if Vendor fails to comply with this Section 5.6 (Product Information).
  7. 5.7. Restricted Content and Store Use. Google may upon 30 days prior notice impose generally applicable Vendor Use Policies ("VUP") related to Product content and Vendor's use of the Store. Google will email Vendor if it imposes any VUP, and the VUP will be binding on Vendor on the date stated in the email notice to Vendor.
  8. 5.8. Public Storage. Vendor understands that container based Products may be available from a public location, and as such, a third party who is not a Customer may be able to access, including download, and use such Product. Vendor acknowledges that Google and its Affiliates are not responsible for any access, including download, or use of the Product by such third party.
  9. 5.9. Security and Privacy.
    1. 5.9.1. Protections. Vendor will protect the privacy and other legal rights of Customers. Vendor will only gather information (including GCP account information) from Customers that is necessary to provide Products to them and only use gathered information when and for the limited purpose(s) for which the Customer has given Vendor permission to do so. Subject to Vendor's obligations in this Agreement, Vendor may use Customer information obtained from the Store to sell or distribute products or services outside of the Store only to the extent permitted by Customer. If Customers provide Vendor or a Product with, or Vendor or a Product accesses or uses, user names, passwords, or other login information or personal information, Vendor must inform Customers that the information will be available to Vendor or Product, and Vendor must provide a legally adequate privacy notice and protection for those Customers, provided that if a Customer has entered into a separate agreement with Vendor that allows Vendor or Product to store or use Customer personal or sensitive information then, subject to Vendor's obligations in this Agreement, nothing in this Section prohibits such separate agreement terms from governing Vendor's use of such information as well.
    2. 5.9.2. Google Provided Information. Google may provide Customer Sales Data to Vendor. Notwithstanding any provision to the contrary in this Agreement, Vendor may only use Customer Sales Data for attributing sales of the Product to Vendor personnel, analyzing the performance of the relevant Product, and supporting the relevant Product.
    3. 5.9.3. Compliance & Assistance. Vendor will handle and store any information obtained from Customer (or about Customer via Google or the Store), only for as long as it is needed, applying reasonable care to adhere to reasonable security and privacy policies (but, in no event, (a) with less care than (i) Vendor uses in handling any other customer information or (ii) Vendor states in its own privacy policy, which policy must be presented to and agreed upon by Customer before Vendor accesses the information, or (b) in a manner inconsistent with Google's security and privacy policies at https://policies.google.com/privacy and https://cloud.google.com/terms/data-processing-terms). Vendor will follow all instructions that, in Google's determination, are reasonably necessary to satisfy applicable laws and regulations regarding use of or access to Customer information. If an unauthorized disclosure or other breach of any Customer information occurs, Vendor will use all reasonable efforts to assist Google in investigating and provide necessary information and documentation related to (a) Vendor's compliance with this Section 5.9 (Security and Privacy) and (b) any other circumstances related to the breach.
    4. 5.9.4. Information Security Attachment. If Vendor has access to Customer Sales Data in connection with this Agreement, Vendor will comply with Attachment C (Data Protection Addendum) in addition to this Section 5.9 (Security and Privacy).

6. License Grants

  1. 6.1. Products.
    1. 6.1.1. Grant to Google. Vendor grants to Google a non-exclusive, worldwide, and royalty-free (except for payment of Revenue Split by Google) license to distribute, deploy, reproduce, perform, display, configure, and use the Products in connection with (a) a Customer's use and deployment of the Product, (b) the operation and marketing of the Store, and (c) the marketing of GCP products and services that interact with the Products.
    2. 6.1.2. Limitations. Except for the license rights granted by Vendor in Section 6 (License Grants) Google obtains no right, title or interest from Vendor (or its licensors) under this Agreement to any of the Products.
    3. 6.1.3. Customer License. Vendor will grant Customers a non-exclusive, worldwide, royalty-free, license to use the Product. Vendor will provide Google (in a manner and format specified by Google) with Vendor's standard end user license agreement ("EULA") for the Product. If Vendor provides the EULA via a URL link, Vendor will ensure that the link is functional and points to the EULA. In no event will Vendor's EULA limit Google's or Customers' rights under, or described in, this Agreement or any Customer facing terms of service for the Store.
  2. 6.2. Brand Features.
    1. 6.2.1. Ownership. Google and Vendor each owns all right, title and interest, including all intellectual property rights, in its own Brand Features. Except as expressly provided in this Section 6.2 (Brand Features) neither party grants any right, title or interest in any Brand Features of the other party. Except as expressly stated in Section 6.2.3 (Store Brand Features) nothing in this Agreement gives Vendor a right to use any of Google's Brand Features. Any use of a party's Brand Features will inure to the benefit of the party holding intellectual property rights to those Brand Features.
    2. 6.2.2. Vendor Brand Features. Vendor grants to Google a limited, non-exclusive, worldwide, royalty-free license to use and display Vendor Brand Features (a) in connection with the marketing, distribution and sale of the Product through the Store and its availability for use on GCP, including by including Vendor's name or Brand Features in online or in promotional materials for the Store and verbally referencing Vendor as a provider of the Products, or (b) as otherwise necessary to exercise Google's or its Affiliates' rights under this Agreement. If a Product is removed from the Store, Google and its Affiliates will stop using the Brand Features associated solely with the discontinued Products, except as necessary to allow Google to effectuate the Wind Down Period.
    3. 6.2.3. Store Brand Features. Google grants to Vendor a limited, non-exclusive, worldwide, royalty-free license to use the Store Brand Features for the Term of this Agreement solely for marketing purposes specifically related to the Store with the prior approval of Google and in accordance with Google's trademark guidelines located at https://www.google.com/permissions/guidelines.html.

7. Vendor Representations & Warranties

  1. 7.1. Anti-Bribery. Vendor represents and warrants that it will comply with all applicable commercial and public anti-bribery laws, including the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act of 2010, which prohibit corrupt offers of anything of value, either directly or indirectly to anyone, including Government Officials, to obtain or keep business or to secure any other improper commercial advantage. "Government Officials" include any government employee; candidate for public office; and employee of government-owned or government-controlled companies, public international organizations, and political parties. Furthermore, Vendor will not make any facilitation payments, which are payments to induce officials to perform routine functions they are otherwise obligated to perform. Vendor will use commercially reasonable and good faith efforts to comply with Google's due diligence process, including providing requested information.
  2. 7.2. Discrimination. Vendor represents and warrants that it is an equal-opportunity employer and does not discriminate on the basis of age, race, creed, color, religion, sex, sexual orientation, gender identity, national origin, disability, marital or veteran status, or any other basis that is prohibited by applicable law.
  3. 7.3. Equal Employment Opportunities. Because Google is an equal employment opportunity employer and a U.S. federal contractor or subcontractor, Vendor warrants that it will, to the extent applicable, comply with the requirements of 41 CFR 60-1.4(a), 41 CFR 60-300.5(a), and 41 CFR 60-741.5(a), all of which are incorporated into this Agreement by reference. These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. As applicable, Vendor will also abide by the requirements of Executive Order 13496 (29 CFR Part 471, Appendix A to Subpart A), relating to the notice of employee rights under federal labor laws.
  4. 7.4. Employment; Occupational Health and Safety. Vendor represents and warrants that it will comply with all other applicable employment and occupational health and safety laws and regulations.
  5. 7.5. Product Representations and Warranties.
    1. 7.5.1. Applicable Law. In connection with the Agreement, Vendor represents and warrants that Vendor and the Products comply and will comply with applicable laws, including all applicable privacy, data security, and data protection laws.
    2. 7.5.2. Rights and Infringement. Vendor represents and warrants that Vendor owns or has valid and enforceable licenses to the intellectual property, including patent, trademark, trade secret, copyright and other proprietary rights, in and to the Products to allow their sale and distribution in the Store and use by Customer. Vendor represents and warrants that the Product does not violate any person's rights, including intellectual property, privacy, and security rights. If Vendor reasonably determines, or becomes aware of any allegation that any Product, its use, sale or distribution, infringes the intellectual property of any individual or entity, Vendor will notify Google immediately.
    3. 7.5.3. Viruses. Vendor also represents and warrants that Products do not include any viruses, spyware, Trojan horses, or other malicious code of any kind.
    4. 7.5.4. Third Party Materials and Open Source.
      1. a. If Vendor makes use of Third Party Materials or Open Source Materials, Vendor represents and warrants that Vendor has the right to distribute the Third Party Material or Open Source Material. Vendor further represents and warrants that, as of each Product's listing via the Store, Vendor has provided in writing to Google the names and license information for all Open Source Materials.
      2. b. Vendor will comply with, and will cooperate in any manner necessary (as determined by Google) to assist Google in complying with, any obligations contained in any licenses related to Third Party Material or Open Source Material. Vendor will not include or use any material licensed under AGPL or SSPL. To the extent required by the applicable license and/or for Open Source Material licensed under GPL, LGPL, or MPL, Vendor will include a .zip file within the Product of the full source code and license terms for such Open Source Material and any third party component or library to which such is linked or with which it is distributed.
      3. c. Vendor will notify Google by email to external-opensource-licensing@google.com, with a copy to cloud-partners@google.com, of any Open Source Materials. Vendor will make such notification before or when Vendor submits or identifies potential Products to Google for consideration, and in all cases before Products are made available through the Store. Vendor will not cause to be listed on the Store any software or service that is not a Product. Google retains the right to reject a Product because of Open Source Material or Third Party Material on any grounds.

8. DISCLAIMER OF WARRANTIES

  1. 8.1. STORE. VENDOR'S USE OF THE STORE IS AT VENDOR'S SOLE RISK. THE STORE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND.
  2. 8.2. MATERIALS. VENDOR'S USE OF ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE STORE IS AT VENDOR'S OWN RISK, AND VENDOR IS SOLELY RESPONSIBLE FOR ANY DAMAGE TO VENDOR'S COMPUTER SYSTEMS, SOFTWARE, NETWORK OR OTHER PROPERTY, OR LOSS OF ANY DATA THAT RESULTS FROM SUCH USE.
  3. 8.3. DISCLAIMER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GOOGLE AND ITS AFFILIATES FURTHER DISCLAIM ALL WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

9. Confidential Information

  1. 9.1. "Confidential Information" means information that one party (or an Affiliate) discloses to the other party under this Agreement, and that is marked as confidential or would normally be considered confidential information under the circumstances. It does not include information that was independently developed by the recipient, is or becomes public through no fault of the recipient, or is rightfully known by the recipient without confidentiality obligations. The terms of this Agreement are Confidential Information. Any information that Google (or its Affiliates) shares with Vendor about or relating to a Customer, including Customer Sales Data, is Google's Confidential Information.
  2. 9.2. Duty. The recipient will not disclose the discloser's Confidential Information, except to employees, Affiliates, contractors, agents, or professional advisors ("Delegates") who need to know it and who have a legal obligation to keep it confidential. The recipient will use the discloser's Confidential Information only to exercise rights and fulfill obligations under this Agreement, and will ensure that such people and entities use the discloser's Confidential Information only to exercise rights and fulfill obligations under this Agreement while using reasonable care to protect the Confidential Information. The recipient will ensure that its Delegates are also subject to the same non-disclosure and use obligations. The recipient may disclose Confidential Information when required by law after giving reasonable notice to the discloser, if permitted by law.
  3. 9.3. Return. Upon termination of this Agreement, and if requested by a party, the other party will use commercially reasonable efforts to return or destroy all Confidential Information of such requesting party.
  4. 9.4. Independent Development. Each party recognizes that the other party may in the future develop or purchase products or services related to or similar to the subject matter of Confidential Information disclosed under this Agreement. Accordingly, the recipient may use Residuals for any purpose, including use in the acquisition, development, manufacture, promotion, sale, or maintenance of products and services; provided that this right to Residuals does not represent a license under any intellectual property and/or proprietary rights of the discloser. The term "Residuals" means information that is retained in the unaided memories of the recipient's employees or other Delegate as permitted herein who have had access to the discloser's Confidential Information. Memory is unaided if the employee or other Delegate has not intentionally memorized the Confidential Information for the purpose of retaining and subsequently using or disclosing it.

10. Product Takedowns.

  1. 10.1. Removal by Vendor. Vendor may remove any Product from the Store at any time by providing Google with (a) at least 30 days prior notice and (b) a transition or migration plan for Customers. All such removed Products are subject to the obligations in Section 12.5 (Wind Down).
  2. 10.2. Removal by Google. While Google is not obligated to monitor the Products or their content, if Google is notified by Vendor, becomes aware, or determines that a Product or Vendor Brand Feature: (a) violates the intellectual property rights or any other rights of Google or any third party; (b) violates any applicable law or is subject to an injunction; (c) is pornographic, obscene or otherwise violates Store policies or other terms of service as may be updated by Google from time to time; (d) may create liability for Google; (e) is deemed by Google to have a virus or to be malware, spyware or other malicious code; (f) violates this Agreement (g) is impacting the integrity of Google's or Customer's network or servers (e.g., Customers are unable to access the Product or otherwise experience difficulty); (h) is not meeting acceptable standards, including based on performance measurements such as uninstall and/or refund rates, as determined solely by Google; or (i) in the case of UBB Products, is the subject of repeated errors in Metrics calculation or measurement, Google may immediately hide, prohibit access to, or remove the Product from the Store. Google may hide, prohibit access to, or remove any Product from or bar any vendor from the Store at any time.
  3. 10.3. Cure. Google will use commercially reasonable efforts to provide 7 days' notice to Vendor instructing Vendor to cure its failures before Google removes a Product from the Store unless the agreement is terminated or in Google's opinion the provision of such notice is restricted by applicable law or would otherwise harm Google, or such failure is not reasonably capable of cure.

11. Vendor Account Credentials

  1. Vendor is responsible for maintaining the confidentiality of any Vendor Account credentials. Vendor will be solely responsible for all actions related to its credentials, including all Products that are distributed through the Store. Google may limit the number of Vendor Accounts issued to Vendor.

12. Term and Termination

  1. 12.1. Term. This Agreement will start on the Effective Date and continue until terminated (the "Term").
  2. 12.2. Termination for Convenience. Either Party may terminate this Agreement on 30 days prior notice.
  3. 12.3. Termination by Google. Under the following circumstances Google may immediately terminate this Agreement if, in Google's opinion, the provision of notice under Section 12.2 (Termination for Convenience) is restricted by applicable law; would otherwise harm Google, Vendor or Customers; or such circumstance is not reasonably capable of cure:
    1. 12.3.1. Vendor has breached any provision of this Agreement or another agreement with Google;
    2. 12.3.2. Google is required to do so by law (e.g., Vendor is a person or entity barred from using GCP or the Store under the laws of the United States or other countries, including the country in which Vendor is resident/domiciled or from which Vendor uses GCP or the Store);
    3. 12.3.3. Vendor has a Product that violates any applicable law;
    4. 12.3.4. Vendor ceases to have a Vendor Account and Payment Account in good standing; or
    5. 12.3.5. Google no longer provides the Store.
  4. 12.4. Effects of Termination.
    1. 12.4.1. Subject to Section 12.5 (Wind Down) as applicable, upon termination of this Agreement: (a) all Products will be removed from the Store; and (b) Vendor must cease Vendor's use of any Vendor Account credentials except as needed to fulfill Vendor's obligations during the Wind Down Period.
    2. 12.4.2. Survival. All terms of this Agreement will remain valid and enforceable, as applicable with respect to the removed Product, during any Wind Down Period. The obligations in Sections 3.4 (Refunds to Customers), 3.5 (Right to Offset Payment), 5.9 (Security and Privacy), 8 (Disclaimer of Warranties), 9 (Confidential Information), 12.5 (Wind Down), 13 (Limitations of Liability), 14 (Indemnification) and 16 (General Legal Terms), and any remaining payment obligations under this Agreement will survive any expiration or termination of this Agreement.
  5. 12.5. Wind Down.
    1. 12.5.1. Except where prohibited by law and unless otherwise requested by Google, when a Product is removed from the Store a wind down period starting from the date of Product removal will apply (the "Wind Down Period"). The Wind Down Period will be 6 months unless Google requests a shorter Wind Down Period.
    2. 12.5.2. Subject to Section 12.5.3, during the Wind Down Period the terms of the Agreement will continue to apply as to the removed Product, including the following: (a) Vendor will continue to allow the procurement and deployment of Products via the Store by existing Customers and will continue to support any existing Customers, in each case in accordance with the terms of this Agreement; and (b) all licenses granted under this Agreement with respect to the removed Product will continue in force.
    3. 12.5.3. During the Wind Down Period the listing for the removed Product will be removed from the Store and users of the Store who have not already acquired the Product may not acquire or deploy the removed Product through the Store.
    4. 12.5.4. After the Wind Down Period expires, no user of the Store may acquire or deploy the removed Product through the Store. Google will have no responsibility or liability for use of the Product after the end of the Wind Down Period.
  6. 12.6. Waiver. Where applicable, to effectuate the termination of this Agreement under Section 12 (Term and Termination), the Parties will waive any provisions, procedures, and operation of any applicable law that requires a court order to terminate this Agreement.

13. LIABILITY

  1. 13.1. Definition. "LIABILITY" MEANS ANY LIABILITY, WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, REGARDLESS OF WHETHER FORESEEABLE OR CONTEMPLATED BY THE PARTIES.
  2. 13.2. Limited Liabilities.
    1. 13.2.1. TO THE EXTENT PERMITTED BY APPLICABLE LAW AND SUBJECT TO SECTION 13.3 (UNLIMITED LIABILITIES):NEITHER PARTY WILL HAVE ANY LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT FOR ANY
      • (A) INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES;
      • OR
      • (B) LOST REVENUES, PROFITS, SAVINGS, OR GOODWILL.
    2. 13.2.2. EACH PARTY'S TOTAL LIABILITY FOR DAMAGES PER INCIDENT ARISING OUT OF OR RELATING TO THIS AGREEMENT IS LIMITED TO THE GREATER OF $15 THOUSAND OR THE TOTAL CUSTOMER CHARGES FOR THE 12 MONTH PERIOD BEFORE THE INCIDENT GIVING RISE TO LIABILITY.
  3. 13.3. Unlimited Liabilities. NOTHING IN THIS AGREEMENT EXCLUDES OR LIMITS EITHER PARTY'S LIABILITY FOR: (A) DEATH, PERSONAL INJURY, OR TANGIBLE PERSONAL PROPERTY DAMAGE RESULTING FROM ITS NEGLIGENCE OR THE NEGLIGENCE OF ITS EMPLOYEES OR AGENTS; (B) ITS FRAUD OR FRAUDULENT MISREPRESENTATION; (C) ITS BREACH OF SECTIONS 5.9 (SECURITY AND PRIVACY), 7.5 (PRODUCT REPRESENTATIONS AND WARRANTIES), OR 9, (CONFIDENTIAL INFORMATION); (D) ITS OBLIGATIONS UNDER SECTION 14 (INDEMNIFICATION); (E) ITS INFRINGEMENT OF THE OTHER PARTY'S INTELLECTUAL PROPERTY RIGHTS; OR (F) MATTERS FOR WHICH LIABILITY CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

14. Indemnification

  1. 14.1. Indemnity. To the maximum extent permitted by applicable law, Vendor will defend and indemnify Google, its Affiliates and their respective directors, officers, employees, agents and Customers against any and all losses, liabilities, damages, costs, fees (including legal fees) and expenses relating to any third-party allegation or third-party legal proceeding arising from or related to: (a) the procurement and deployment of Product via the Store, including any claims of violation of applicable law or the violation of the privacy or security rights of any Customers or other third parties, but not including anything to the extent arising out of or accruing solely from the Store and its design, (b) Vendor's use of the Store or any Customer information or data, including Customer Sales Data, (c) any Product infringing any copyright, trademark, trade secret, trade dress, patent or other intellectual property right of any person or defames any person or violates a person's rights of publicity or privacy, or (d) Vendor's breach of any Vendor warranty under this Agreement.
  2. 14.2. Remedies. If an injunction preventing continued use of Products is threatened or granted, Vendor will do the following at its sole expense: (a) procure the right to continue providing the Products in compliance with this Agreement; (b)modify the Products to make them non-infringing; or (c) remove the affected Product under Section 10.1 (Removal by Vendor).
  3. 14.3. Exclusions. The indemnity provided by Vendor under this Agreement does not extend to claims to the extent arising solely from breach by Google of its material obligations hereunder.

15. Modifications to the Agreement

  1. Google may make changes to this Agreement from time to time. Google will post any modifications to the Terms URL, and unless otherwise noted by Google or this Section 15, changes to the Agreement will become effective when they are posted to the Terms URL. Google will provide at least 30 days' advance notice before the change becomes effective for material changes by posting a notice to the Terms URL. If Vendor does not agree to the revised Agreement, Vendor should within 30 days of the posted changes (a) notify Google of its rejection of the modifications in total, (b) terminate this Agreement under Section 12.2 (Termination for Convenience), and (c) stop using the Store. So long as Vendor timely and properly rejects the modifications in total and terminates the Agreement, then the terms of the Agreement before the notified modification will continue to apply, including during any Wind Down Period.
  1. 16.1. Notices. Google will provide notices under the Agreement to the Vendor by sending an email to the Notification Email Address. Vendor will provide notices under the Agreement to Google by sending an email to legal-notices@google.com. Notice will be treated as received when the email is sent. Vendor is responsible for keeping its Notification Email Address current throughout the term.
  2. 16.2. Emails. The parties may use emails to satisfy written approval and consent requirements under the Agreement.
  3. 16.3. Assignment. Neither party may assign the Agreement without the written consent of the other, except to an Affiliate where (a) the assignee has agreed in writing to be bound by the terms of this Agreement, (b) the assigning party remains liable for obligations under this Agreement if the assignee defaults on them, (c) the assigning party has notified the other party of the assignment, and (d) if the Vendor is the assigning party, the assignee is established in the same country as Vendor. Any other attempt to assign is void.
  4. 16.4. Change of Control. If a party experiences a change of Control other than an internal restructuring or reorganization, then (a) that party will give written notice to the other party within 30 days after the change of Control and (b) the other party may immediately terminate this Agreement any time within 30 days after it receives that written notice.
  5. 16.5. Other User Rights & Subcontracting. Google may use Affiliates, consultants, and other contractors in connection with its performance of obligations and exercise of rights under this Agreement. These Affiliates, consultants, and contractors will be subject to the same obligations as Google. Either party may subcontract any of its obligations under this Agreement, but will remain liable for all subcontracted obligations and its subcontractor's acts or omissions.
  6. 16.6. Force Majeure. Neither party will be liable for failure or delay in performance of its obligations to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.
  7. 16.7. No Agency. The Agreement does not create any agency, partnership, or joint venture between the parties.
  8. 16.8. No Waiver. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under this Agreement.
  9. 16.9. No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party unless it expressly states that it does.
  10. 16.10. Counterparts. The parties may execute this Agreement in counterparts, including facsimile, PDF, and other electronic copies, which taken together will constitute one instrument.
  11. 16.11. Amendments. Any amendment must be in writing. Except for amendments made under Section 15 (Modifications to the Agreement), any amendment must also be signed by both parties and expressly state that it is amending this Agreement.
  12. 16.12. Independent Development. Nothing in the Agreement will be construed to limit or restrict either party from independently developing, providing, or acquiring any materials, services, products, programs, or technology that are similar to the subject of the Agreement, provided that the party does not breach its obligations under the Agreement in doing so.
  13. 16.13. Entire Agreement. This Agreement states all terms agreed between the parties relating to its subject matter, and completely replaces any prior agreements between Vendor and Google in relation to the subject matter of the Agreement. If any Products have been listed in the Store before the Effective Date, then, as of the Effective Date, such Products will be governed by this Agreement. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation or warranty (whether made negligently or innocently), except those expressly stated in this Agreement.
  14. 16.14. Severability. If any term (or part of a term) of this Agreement is invalid, illegal or unenforceable, the rest of this Agreement will remain in effect.
  15. 16.15. Equitable Relief. Nothing in the Agreement will limit either party's ability to seek equitable relief.
  16. 16.16. EXPORT RESTRICTIONS. PRODUCTS MAY BE SUBJECT TO UNITED STATES EXPORT LAWS AND REGULATIONS. VENDOR WILL COMPLY WITH ALL APPLICABLE EXPORT AND RE-EXPORT LAWS AND REGULATIONS, INCLUDING (a) THE EXPORT ADMINISTRATION REGULATIONS ("EAR") MAINTAINED BY THE U.S. DEPARTMENT OF COMMERCE, (b) TRADE AND ECONOMIC SANCTIONS MAINTAINED BY THE U.S. TREASURY DEPARTMENT'S OFFICE OF FOREIGN ASSETS CONTROL, AND (c) THE INTERNATIONAL TRAFFIC IN ARMS REGULATIONS ("ITAR") MAINTAINED BY THE U.S. DEPARTMENT OF STATE. VENDOR WILL PROVIDE GOOGLE WITH ALL ACCURATE INFORMATION NEEDED TO COMPLY WITH ALL APPLICABLE EXPORT CONTROL LAWS RELATED TO THE DISTRIBUTION OF PRODUCTS IN THE STORE.
  17. 16.17. Conflicting Languages. If this Agreement is translated into any other language, and there is a discrepancy between the English text and the translated text, the English text will govern.
  18. 16.18. Governing Law. All claims arising out of or relating to the Agreement will be governed by California law, excluding that state's conflict of laws rules, and will be litigated exclusively in the federal or state courts of Santa Clara County, California; the parties consent to personal jurisdiction in those courts.
  19. 16.19. Electronic Signatures. The parties consent to electronic signature.
  20. 16.20. Headers. Headings and captions used in the Agreement are for reference purposes only and will not have any effect on the interpretation of the Agreement.

Attachment A

BYOL RIDER

  1. This BYOL Rider ("Attachment A") applies to all BYOL Products offered as Products.
  2. 1. Order of Precedence. This Attachment A is part of the Agreement. The terms of Attachment A apply to BYOL Products only. For BYOL Products, the terms of this Attachment A prevail over any other, conflicting terms in the remainder of the Agreement.
  3. 2. Definitions.
    1. a. "BYOL Products" means a bring-your-own-license Product(s) (also known as BYOL) for which a Customer obtains the right to deploy and enable in the Store using a Product license key that is separately provisioned or purchased outside of the Store.
  4. 3. Updated Terms.
    1. b. Vendor will describe all BYOL Products as BYOL in the Store and to Google. Vendor will not make a BYOL Product available through the Store unless Vendor has made a non-BYOL Product available through the Store.
    2. c. All BYOL Products are offered without a charge to Customer through the Store and without any revenue sharing with Google. Google has no obligation to track usage or collect payments from Customers with respect to BYOL Products.
    3. d. For all BYOL Products, the following terms in the Agreement do not apply:
      1. i. All of Section 1.6 (Customer Charges);
      2. ii. All of Section 1.13 (Payment Account), as well as the phrase "and Payment Account" from Sections 2.1(b) and 12.3.4;
      3. iii. All of Section 1.16 (Revenue Split), as well as the phrase "(except for payment of Revenue Split by Google)" from Section 6.1;
      4. iv. All of Section 2.2 (Merchant of Record);
      5. v. All of Section 3 (Pricing and Payments), other than Section 3.6 (Fraud); and
      6. vi. The phrase "So long as Customers pay the applicable, required Customer Charges" in the first sentence of Section 4.3 (Redeployments).
    4. e. Any calculations using "Customer Charges" or "Revenue Split" in the remainder of the Agreement will use "$0" as the Customer Charge for purposes of all BYOL Product-related obligations or liabilities.
  5. 4. Vendor is responsible for all BYOL Product related activities, including, provisioning a temporary or free trial Product license, requiring a redirection to purchase a BYOL Product license, and all BYOL Product error handling.
  6. 5. To offer BYOL Products, Vendor will ensure that all related BYOL functionality is operational for Customers.
  7. 6. Vendor specifically acknowledges and agrees for all BYOL Products that Google will not provide Vendor with any Customer information or any analytics.

Attachment B

USAGE BASED BILLING RIDER

  1. This Usage Based Billing Rider ("Attachment B") applies to all UBB Products offered as Products.
  2. 1. Order of Precedence. This Attachment B is part of the Agreement. The terms of Attachment B apply to UBB Products only. For UBB Products, the terms of this Attachment B prevail over any other, conflicting terms in the remainder of the Agreement.
  3. 2. Definitions.
    1. f. "Metric Unit(s)" means one or more of the following: (i) for time, seconds, (ii) for data, bytes, (iii) for storage, byte-seconds, or (iv) for count, integers.
    2. g. "Metrics" means the measure of the consumption of a Resource in Metric Unit(s).
    3. h. "Reporting Cycle" means the period of time and frequency for which the Metrics of a UBB Product are reported to Google. The Reporting Cycle must be no less frequent than once per hour.
    4. i. "Resource" means one or more of the following: (i) time, (ii) data, (iii) storage, or (iv) count.
    5. j. "UBB Order" means each individual order for a UBB Product.
    6. k. "UBB Product" means a consumption Product offered by Vendor in the Store and under a usage based pricing model for which a Customer obtains the right from Google to deploy and enable, with such Product's usage metrics tracked by the Product, Vendor, or Vendor's agent(s) rather than Google.
  4. 3. Usage.
    1. a. Product-Specific Metrics and Reporting Cycle. Prior to Vendor listing a UBB Product in the Store, Google and Vendor will determine which Metric Units and Reporting Cycle to apply to that UBB Product.
    2. b. Reporting. For each Reporting Cycle during the Term plus any applicable Wind Down Period, and for one Reporting Cycle that follows, Vendor will provide to Google accurate and complete Metrics of each UBB Product for the previous Reporting Cycle, broken down by Customer and, if applicable, UBB Order. Vendor will provide Metrics in a format chosen by Google, and using the service control system and protocols established by Google, in each case as Google communicates to Vendor and which may be updated from time to time by Google at its discretion. Vendor acknowledges that reported Metrics will be used by Google for billing Customers, making it critical that Vendor provide Metrics free of errors or omissions.
    3. c. Error Correction.
      1. i. Vendor Discovered. During the Term plus any applicable Wind Down Period, and for 90 days thereafter, Vendor will monitor its Metrics collection, calculation and reporting system and if Vendor discovers any tampering of or errors in such Metrics system, or has reason to believe that a Metric may have been unreported to Google or that a Metric previously reported to Google may have been inaccurate, Vendor will promptly notify Google of this circumstance, including all relevant details, and keep Google fully apprised of Vendor's findings as to the root cause of the issue, the correction, and any recalculation made necessary as a result of this circumstance. As necessary, Vendor will issue a new report with revised Metrics.
      2. ii. Google or Customer Discovered. If at any time Google or a Customer reasonably believes that a Metric reported to Google by Vendor or to Customer by Google may have been inaccurate, Google will notify Vendor of this circumstance, including all relevant details. Once Google disputes any Metrics, the parties will confer and determine what adjustments, if any, are necessary.
      3. iii. Google's determination in the case of disputed Metrics is final.
    4. d. Credit. Vendor will not issue credits directly to Customers for use of UBB Products in the Store. Subject to the obligations of Section 3(c) (Error Correction) of this Attachment B, if Vendor believes that any Customers qualify for a usage credit or other credits for overcharges as determined in good faith by Vendor, Vendor will share this with Google so that Google may directly apply any valid credit. Vendor will not modify the Metrics to account for such credit or report Metrics to Google that are negative. The minimum reportable Metric is ZERO.
  5. 4. Applicability.
    1. a. Customer Charges. Customer Charges do not include, and no Revenue Split will be due on, any payments due or made for (i) any UBB Product usage which has not been properly and timely reported under Section 3(b) (Reporting) of this Attachment B or (ii) Metrics for which Google has required a correction (e.g., faulty or broken reporting).
    2. b. Conversion. At any time upon written request by Google, Vendor will convert a UBB Product to a subscription billing based Product during the Term. If Vendor cannot convert the Product as required by the preceding sentence, then Vendor will remove the Product from the Store. This Attachment B will not apply to such converted Product(s) following the first full Reporting Cycle after such conversion.

Attachment C

DATA PROTECTION ADDENDUM

  1. 1. General.
    1. 1.1. Agreement. This Data Protection Addendum (the "Addendum") forms part of the Agreement and/or other services agreement(s) between You and Google (the "Agreement") and incorporates the mandatory terms set out in this Addendum and the Standard Contractual Clauses (as defined below), to the extent applicable.
    2. 1.2. Order of Precedence. To the extent this Addendum conflicts with the Agreement, this Addendum will govern.
    3. 1.3. Interpretation. All capitalized terms not defined in the Addendum will have the meanings given to them in the Agreement. Any examples in this Addendum are illustrative and not the sole examples of a particular concept.
  2. 2. Defined Terms. In this Addendum:
    1. 2.1. "Applicable Data Protection Laws" means privacy, data security, and data protection laws, directives, regulations, and rules in any jurisdiction applicable to the Personal Information Processed for the Services.
    2. 2.2. "Applicable Standards" means government standards, industry standards, and best practices applicable to the Personal Information Processed for the Services.
    3. 2.3. "CCPA" means, as applicable: (i) the California Consumer Privacy Act of 2018, California Civil Code 1798.100 et seq. (2018), as amended from time to time; and (ii) any other applicable U.S. state data protection laws modeled on the CCPA.
    4. 2.4. "Controller" has the same meaning as "controller" under GDPR-Modeled Data Protection Laws.
    5. 2.5. "GDPR" means the European Union General Data Protection Regulation (EU) 2016/679 on data protection and privacy for all individuals within the European Union ("EU") and the European Economic Area ("EEA").
    6. 2.6. "GDPR-Modeled Data Protection Laws" means, as applicable: (i) the GDPR; (ii) the GDPR as incorporated into United Kingdom ("UK") law by the Data Protection Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (each as amended, superseded and replaced from time to time); and, (iii) any other applicable data protection laws or regulations modeled on the GDPR.
    7. 2.7. "GDPR Personal Information" means Personal Information subject to GDPR-Modeled Data Protection Laws.
    8. 2.8. "includes" or "including" means "including but not limited to".
    9. 2.9. "individual" or "individual(s)" include Consumer(s) as defined by the CCPA.
    10. 2.10. "Personal Information" means (i) any information about an identified or identifiable individual; or (ii) information that is not specifically about an identifiable individual but, when combined with other information, may identify an individual. Personal Information includes names, email addresses, postal addresses, telephone numbers, government identification numbers, financial account numbers, payment card information, credit report information, biometric information, online identifiers (including IP addresses and cookie identifiers), network and hardware identifiers, and geolocation information, and any information that constitutes "personal data" within the meaning of GDPR Data Protection Laws, or "personal information" within the meaning of the CCPA.
    11. 2.11. "Privacy Shield" means, as applicable, EU-U.S.,Swiss-U.S., or UK-U.S. Privacy Shield self-certification approved by the European Commission (Decision 12 July 2016) and operated by the U.S. Department of Commerce as amended from time to time.
    12. 2.12. "Process" or "Processing" means to access, create, collect, acquire, receive, record, consult, use, process, alter, store, maintain, retrieve, disclose, or dispose of. Process includes "processing" within the meaning of GDPR-Modeled Data Protection Laws.
    13. 2.13. "reasonable" means reasonable and appropriate to (i) the size, scope, and complexity of the party's business; (ii) the nature of the Personal Information being processed; and (iii) the need for privacy, confidentiality, and security of the Personal Information.
    14. 2.14. "Safeguards" has the meaning set forth in Section 4 (Safeguards).
    15. 2.15. "Secondary Use" means Processing Personal Information for purposes other than as necessary to fulfill the Agreement, or for any purpose that would be considered a "sale" or "disclosure" of Personal Information as defined by the CCPA.
    16. 2.16. "Security Incident" means actual or reasonable degree of certainty of unauthorized use, destruction, loss, control, alteration, acquisition, exfiltration, theft, retention, disclosure of, or access to, Personal Information for which You are responsible. Security Incidents do not include unsuccessful access attempts or attacks that do not compromise the confidentiality, integrity, or availability of Personal Information, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
    17. 2.17. "Services" means any goods or services that You or a Third Party Provider provide(s) to or for Google under the Agreement.
    18. 2.18. "Standard Contractual Clauses" means the Standard Contractual Clauses attached as Annex 1 to this Addendum.
    19. 2.19. "Third Party Provider" means any agent or other third party that a party to this Agreement authorizes to act on Your behalf in connection with the Services. "Third Party Provider" includes "sub-processor" within the meaning of GDPR-Modeled Data Protection Laws.
    20. 2.20. "You" or "Your" means the Vendor (including any personnel, contractor, or agent acting on behalf of such party) that performs Services for or partners with Google or its affiliates under the Agreement.
  3. 3. Representations and Warranties: You represent and warrant that You:
    1. 3.1. are an independent controller and third party to Google with respect to the Personal Information You Process, and will not Process Personal Information with Google as a joint controllers; and
    2. 3.2. will individually determine the purposes and means of Your Processing of Personal Information received from the Disclosing Controller as described in the Agreement.
  4. 4. Your Obligations. In fulfilling Your obligations under the Agreement, You will comply with Applicable Data Protection Laws, including to the extent applicable:
    1. 4.1. providing all required notices or obtaining all required consents from individuals before Processing the Personal Information, including before disclosing it to Google;
    2. 4.2. providing individuals with rights in connection with Personal Information You receive in a timely manner, including the ability of individuals to: (i) access or receive their Personal Information in an agreed upon format; and (ii) correct, amend, or delete Personal Information where it is inaccurate, or has been Processed in violation of Applicable Data Protection Laws; and
    3. 4.3. responding to enquiries from data subjects or entities with supervisory or regulatory authority over You concerning Your Processing of Personal Information.
  5. 5. Safeguards. You will have in place reasonable technical and organizational measures to protect Personal Information against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access. You will ensure that such measures provide a level of security reasonable to the risk represented by the processing and the nature of the data to be protected including:
    1. 5.1. maintaining reasonable controls to ensure that access to Personal Information will be limited to individuals who have a legitimate need to Process Personal Information under the Agreement;
    2. 5.2. promptly terminating an individual's access to Personal Information when such access is no longer required for performance under the Agreement;
    3. 5.3. using reasonable and secure data transfer methods to transfer any Personal Information across any network other than an internal company network owned and managed by that party;
    4. 5.4. assuming responsibility for any unauthorized access to Personal Information under Your custody or control (or, as applicable, a Third-Party Provider(s) custody or control); and
    5. 5.5. providing reasonable ongoing privacy and information protection training and supervision for all personnel (including Third-Party Providers) who Process Personal Information.
  6. 6. Owned or Managed Systems. To the extent You access Google's owned or managed networks, systems, or devices (including APIs, corporate email accounts, equipment, or facilities) to Process Google's Personal Information, You will comply with Google's written instructions, and system requirements made available to You.
  7. 7. Third Party Providers. You will contractually require each Third ­Party Provider that Processes Personal Information to protect the privacy, confidentiality, and security of Personal Information using all reasonable and appropriate measures as required by this Addendum and Applicable Data Protection Laws. You will regularly assess Your Third ­Party Providers' compliance with those contractual requirements and provide Google with information about Your Third Party Providers, including a summary or copy of the contractual terms between You and Your Third Party Providers, if required by Applicable Data Protection Laws.
  8. 8. Assessments of Your Compliance with this Addendum.
    1. 8.1. Self-Assessment. You will continuously monitor risk to Google's Personal Information to ensure that the Safeguards are properly designed and maintained to prevent unauthorized access to the Personal Information and will periodically (but no less than once per year) assess and document the effectiveness of Your Safeguards across Your networks, systems, and devices (including infrastructure, applications, and services) used to Process Personal Information. You will update Your Safeguards as needed.
    2. 8.2. Security Assessment. On Google's written request, You will promptly and accurately complete Google's written information privacy and security questionnaire regarding any network, application, system, or device, or Safeguard applicable to Google's Processing of Personal Information. You will provide any additional assistance and cooperation that may reasonably require during any assessment of Your Safeguards, including penetration testing of such Safeguards.
  9. 9. Security Incident Response; Statements.
    1. 9.1. Security Incident Response Program. You will maintain a reasonable incident response program to respond to Security Incidents. You will promptly inform Google in the event that any Security Incident is determined to require notification to end users.
    2. 9.2. No Unauthorized Statements. Except as required by law, You will not make (or permit any Third Party under Your control) any statement concerning the Security Incident that references Google either directly or indirectly unless Google provides its explicit written authorization.
  10. 10. Legal Process. If You become legally compelled by a court or other government authority to disclose the Personal Information, then to the extent permitted by law, You will promptly inform Google of any request and reasonably cooperate with Google's efforts to challenge the disclosure or seek an appropriate protective order.
  11. 11. Cross-Border Transfers.
    1. 11.1. Transfers of Data Out of the EEA, Switzerland, or the UK. Either party may transfer GDPR Personal Information outside the EEA, Switzerland, or the UK (as applicable) if it complies with the provisions on the transfer of personal data to third countries in GDPR-Modeled Data Protection Laws.
    2. 11.2. Transfers under the Privacy Shield.
      1. 11.2.1. Google LLC has certified under the Privacy Shield on behalf of itself and certain of its US subsidiaries with respect to the transfer of GDPR Personal Information from the EEA, Switzerland, or the UK (as applicable) to the US. Google's certification is at https://www.commerce.gov/page/eu-us-privacy-shield.
      2. 11.2.2. To the extent You will Process GDPR Personal Information transferred to You in reliance on the Privacy Shield, You will:
        1. 11.2.2.1. provide at least the same level of protection for the GDPR Personal Information as required by the relevant principles of the Privacy Shield; and
        2. 11.2.2.2. promptly notify Google in writing if You determine that You can no longer provide such protection and, upon making such a determination, cease Processing the GDPR Personal Information or take other reasonable and appropriate remediation steps.
    3. 11.3. Transfers under Standard Contractual Clauses. To the extent either party relies on Standard Contractual Clauses (instead of the Privacy Shield) to transfer GDPR Personal Information from the EEA, Switzerland, or the UK (as applicable) under the Agreement, or where the Privacy Shield is inapplicable to the contemplated transfer of Personal Information, then the parties will complete and sign the attached Standard Contractual Clauses and appendices for each such transfer.
    4. 11.4. Order of Precedence. If the Services are covered by more than one transfer mechanism, the transfer of GDPR Personal Information will be subject to a single transfer mechanism in accordance with the following order of precedence: (i) Privacy Shield; (ii) Standard Contractual Clauses.
  12. 12. Termination. In addition to the suspension and termination rights in the Agreement, Google may terminate the Agreement if it reasonably determines that (a) You have failed to cure material noncompliance with the Addendum within a reasonable time; or (b) Google needs to do so to comply with Applicable Data Protection Laws.
  13. 13. Survival. This Addendum will survive expiration or termination of the Agreement as long as the parties continue to Process the other party's Personal Information.

Previous Versions