Effective Date: November 27, 2020
Last modified: December 07, 2020
This Privacy Notice describes how we collect and process your personal information in relation to Google Workspace and Google Cloud Platform (together, “Cloud Services”).
We offer Cloud Services either directly or via our authorized partners. Where we refer to our customers in this notice, we also mean our partners and their customers.
Information We Collect
Google processes Customer Data, Partner Data and Service Data in order to provide Cloud Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data or Partner Data.
Customer Data and Partner Data are defined in our agreement(s) covering Cloud Services and represent the data that you and our customers provide for processing in Cloud Services. For more information about how we process Customer Data and Partner Data, see our Google Workspace Data Processing Amendment, Google Cloud Platform Data Processing and Security Terms (Customers) and Google Cloud Platform Data Processing and Security Terms (Partners).
Service Data is the personal information Google collects or generates during the provision and administration of the Cloud Services, excluding any Customer Data and Partner Data. Service Data includes:
- Cloud payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
- Cloud settings and configurations. We record your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
- Technical and operational details of your usage of Cloud Services. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain Cloud Services and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
- Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Why We Process Data
Google processes Service Data for the following purposes:
- Provide Cloud Services you request. Service Data is primarily used to deliver the Cloud Services that you and our customers request. This includes a number of processing activities that are necessary to provide the Cloud Services, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the services you use.
- Make recommendations to optimize use of Cloud Services. We may process Service Data to provide you and our customers with recommendations and tips. These suggestions may include ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
- Maintain and improve Cloud Services. We evaluate Service Data to help us improve the performance and functionality of Cloud Services. As we optimize Cloud Services for you, this may improve them for our customers and vice versa.
- Provide and improve other services you request. We may use Service Data to deliver and improve other services that you and our customers request, including Google or third-party services that are enabled via the Cloud Services, administrative consoles, APIs, or the Google Cloud Platform Marketplace or Google Workspace Marketplace.
- Assist you. We use Service Data when needed to provide technical support and professional services as requested by you and our customers, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you and our customers. This includes notifications about updates to Cloud Services, and responding to support requests.
- Protect you, our users, the public, and Google. We use Service Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, or Google. These activities are an important part of our commitment to secure our services.
- Comply with legal obligations. We may need to process Service Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
- Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
To achieve these purposes, we may use Service Data together with information we collect from other Google products and services. We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, including for internal reporting and analysis of product and business operations described above.
Where Data Is Stored
We maintain data centers around the world, and provide Google Workspace from these locations and Google Cloud Platform from these locations. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. When transferring Service Data outside of the European Economic Area, we comply with certain legal frameworks.
How We Secure Data
We build Cloud Services with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Google from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
- We encrypt Service Data at rest and while in transit between our facilities.
- We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to Google employees, contractors, and agents who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How We Share Data
We do not share Service Data with companies, organizations, or individuals outside of Google except in the following cases:
- With your consent
- With your administrators and authorized resellers
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
- For external processing
- For legal reasons
- Comply with applicable law, regulation, legal process, or enforceable governmental request. We share information about the number and type of requests we receive from governments in our Transparency Report.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of Google, our customers, users, and the public as required or permitted by law.
We’ll share Service Data outside of Google when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Google Cloud Platform Marketplace or Google Workspace Marketplace, or use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
When you use Cloud Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
We may share Service Data outside of Google if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
If Google is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy policy.
Access to Data
Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Google. Some Google Cloud Services enable you to directly access and download the data you have stored in the services. For example, as further described in our Google Workspace Data Subject Requests Guide, you or your organization may use various tools to access, control, and export data.
You and your organization’s administrator can access several categories of Service Data directly from Google Cloud, including your billing contact information, payment and transaction information, as well as product and communication settings and configurations.
If you’re otherwise unable to access your data, you can always request it here.
Deletion and Retention of Data
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Google processes a payment for you, or when you make a payment to Google, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
Using Google Accounts and Products
Your Google Account is your connection to all Google products and services, not just Cloud Services. When you choose to use Google products and services outside of Cloud Services, the Google Privacy Policy describes how data (including your Google Account profile information) is collected and used. You and your administrator can control which other Google services you may use while logged into a Google Account managed by your organization.
If you interact with Cloud Services using a Google Account managed by an organization, then your personal information may be subject to your organization’s privacy policies and processes, and you should direct privacy inquiries to your organization.
Updates to this Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.