Skip to main content
Google Cloud
Overview
  • Accelerate your digital transformation
  • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
  • Learn more
  • Key benefits
  • Why Google Cloud
    Top reasons businesses choose us.
  • AI and ML
    Get enterprise-ready AI.
  • Multicloud
    Run your apps wherever you need them.
  • Global infrastructure
    Build on the same infrastructure as Google.
  • Data Cloud
    Make smarter decisions with unified data.
  • Modern Infrastructure Cloud
    Next generation of cloud infrastructure.
  • Security
    Protect your users, data, and apps.
  • Productivity and collaboration
    Connect your teams with AI-powered apps.
  • Reports and insights
  • Executive insights
    Curated C-suite perspectives.
  • Analyst reports
    Read what industry analysts say about us.
  • Whitepapers
    Browse and download popular whitepapers.
  • Customer stories
    Explore case studies and videos.
Solutions
  • Industry Solutions
    Reduce cost, increase operational agility, and capture new market opportunities.
  • Retail
    Analytics and collaboration tools for the retail value chain.
  • Consumer Packaged Goods
    Solutions for CPG digital transformation and brand growth.
  • Financial Services
    Computing, data management, and analytics tools for financial services.
  • Healthcare and Life Sciences
    Advance research at scale and empower healthcare innovation.
  • Media and Entertainment
    Solutions for content production and distribution operations.
  • Telecommunications
    Hybrid and multi-cloud services to deploy and monetize 5G.
  • Games
    AI-driven solutions to build and scale games faster.
  • Manufacturing
    Migration and AI tools to optimize the manufacturing value chain.
  • Supply Chain and Logistics
    Enable sustainable, efficient, and resilient data-driven operations across supply chain and logistics operations.
  • Government
    Data storage, AI, and analytics solutions for government agencies.
  • Education
    Teaching tools to provide more engaging learning experiences.
  • Not seeing what you're looking for?
  • See all industry solutions
  • Not seeing what you're looking for?
  • See all solutions
  • Application Modernization
    Assess, plan, implement, and measure software practices and capabilities to modernize and simplify your organization’s business application portfolios.
  • CAMP
    Program that uses DORA to improve your software delivery capabilities.
  • Modernize Traditional Applications
    Analyze, categorize, and get started with cloud migration on traditional workloads.
  • Migrate from PaaS: Cloud Foundry, Openshift
    Tools for moving your existing containers into Google's managed container services.
  • Migrate from Mainframe
    Automated tools and prescriptive guidance for moving your mainframe apps to the cloud.
  • Modernize Software Delivery
    Software supply chain best practices - innerloop productivity, CI/CD and S3C.
  • DevOps Best Practices
    Processes and resources for implementing DevOps in your org.
  • SRE Principles
    Tools and resources for adopting SRE in your org.
  • Platform Engineering
    Comprehensive suite of managed services and Golden Paths to build, manage, and scale IDPs.
  • Run Applications at the Edge
    Guidance for localized and low latency apps on Google’s hardware agnostic edge solution.
  • Architect for Multicloud
    Manage workloads across multiple clouds with a consistent platform.
  • Go Serverless
    Fully managed environment for developing, deploying and scaling apps.
  • Artificial Intelligence
    Add intelligence and efficiency to your business with AI and machine learning.
  • Customer Engagement Suite with Google AI
    End-to-end application that combines our most advanced conversational AI.
  • Document AI
    Document processing and data capture automated at scale.
  • Vertex AI Search for commerce
    Google-quality search and product recommendations for retailers.
  • Google Cloud with Gemini
    AI assistants for application development, coding, and more.
  • Generative AI on Google Cloud
    Transform content creation and discovery, research, customer service, and developer efficiency with the power of generative AI.
  • APIs and Applications
    Speed up the pace of innovation without coding, using APIs, apps, and automation.
  • New Business Channels Using APIs
    Attract and empower an ecosystem of developers and partners.
  • Unlocking Legacy Applications Using APIs
    Cloud services for extending and modernizing legacy apps.
  • Open Banking APIx
    Simplify and accelerate secure delivery of open banking compliant APIs.
  • Data Analytics
    Generate instant insights from data at any scale with a serverless, fully managed analytics platform that significantly simplifies analytics.
  • Data Migration
    Migrate and modernize your data warehouse and data lakes with AI-powered migration services.
  • Data Lakehouse
    Unify and govern your multimodal data with a high-performance and open data lakehouse.
  • Real-time Analytics
    Insights from ingesting, processing, and analyzing event streams.
  • Marketing Analytics
    Solutions for collecting, analyzing, and activating customer data.
  • Datasets
    Data from Google, public, and commercial providers to enrich your analytics and AI initiatives.
  • Business Intelligence
    Solutions for modernizing your BI stack and creating rich data experiences.
  • AI for Data Analytics
    Write SQL, build predictive models, and visualize data with AI for data analytics.
  • Geospatial Analytics
    A comprehensive platform to solve for geospatial use cases at scale.
  • Databases
    Migrate and manage enterprise data with security, reliability, high availability, and fully managed data services.
  • Database Migration
    Guides and tools to simplify your database migration life cycle.
  • Database Modernization
    Upgrades to modernize your operational database infrastructure.
  • Databases for Games
    Build global, live games with Google Cloud databases.
  • Google Cloud Databases
    Database services to migrate, manage, and modernize data.
  • Migrate Oracle workloads to Google Cloud
    Rehost, replatform, rewrite your Oracle workloads.
  • Open Source Databases
    Fully managed open source databases with enterprise-grade support.
  • SQL Server on Google Cloud
    Options for running SQL Server virtual machines on Google Cloud.
  • Gemini for Databases
    Supercharge database development and management with AI.
  • Infrastructure Modernization
    Migrate quickly with solutions for SAP, VMware, Windows, Oracle, and other workloads.
  • Application Migration
    Discovery and analysis tools for moving to the cloud.
  • SAP on Google Cloud
    Certifications for running SAP applications and SAP HANA.
  • High Performance Computing
    Compute, storage, and networking options to support any workload.
  • Windows on Google Cloud
    Tools and partners for running Windows workloads.
  • Data Center Migration
    Migration solutions for VMs, apps, databases, and more.
  • Active Assist
    Automatic cloud resource optimization and increased security.
  • Virtual Desktops
    Remote work solutions for desktops and applications (VDI & DaaS).
  • Rapid Migration and Modernization Program
    End-to-end migration program to simplify your path to the cloud.
  • Backup and Disaster Recovery
    Ensure your business continuity needs are met.
  • Red Hat on Google Cloud
    Google and Red Hat provide an enterprise-grade platform for traditional on-prem and custom applications.
  • Cross-Cloud Network
    Simplify hybrid and multicloud networking, and secure your workloads, data, and users.
  • Observability
    Monitor, troubleshoot, and improve app performance with end-to-end visibility.
  • Productivity and Collaboration
    Change the way teams work with solutions designed for humans and built for impact.
  • Google Workspace
    Collaboration and productivity tools for enterprises.
  • Google Workspace Essentials
    Secure video meetings and modern collaboration for teams.
  • Cloud Identity
    Unified platform for IT admins to manage user devices and apps.
  • Chrome Enterprise
    ChromeOS, Chrome Browser, and Chrome devices built for business.
  • Security
    Detect, investigate, and respond to online threats to help protect your business.
  • Agentic SOC
    Delivering better security outcomes with AI agents.
  • Web App and API Protection
    Threat and fraud protection for your web applications and APIs.
  • Security and Resilience Framework
    Solutions for each phase of the security and resilience life cycle.
  • Risk and compliance as code (RCaC)
    Solution to modernize your governance, risk, and compliance function with automation.
  • Software Supply Chain Security
    Solution for improving end-to-end software supply chain security.
  • Security Foundation
    Recommended products to help achieve a strong security posture.
  • Google Cloud Cybershield™
    Strengthen nationwide cyber defense.
  • Startups and SMB
    Accelerate startup and SMB growth with tailored solutions and programs.
  • Startup Program
    Get financial, business, and technical support to take your startup to the next level.
  • Small and Medium Business
    Explore solutions for web hosting, app development, AI, and analytics.
  • Software as a Service
    Build better SaaS products, scale efficiently, and grow your business.
Products
  • Featured Products
  • Compute Engine
    Virtual machines running in Google’s data center.
  • Cloud Storage
    Object storage that’s secure, durable, and scalable.
  • BigQuery
    Autonomous data to AI platform for analytics and data science.
  • Cloud Run
    Fully managed environment for running containerized apps.
  • Google Kubernetes Engine
    Managed environment for running containerized apps.
  • Vertex AI
    Unified platform for ML models and generative AI.
  • Looker
    Platform for BI, data applications, and embedded analytics.
  • Apigee API Management
    Manage the full life cycle of APIs anywhere with visibility and control.
  • Cloud SQL
    Relational database services for MySQL, PostgreSQL and SQL Server.
  • Gemini
    Google Cloud products powered by Gemini.
  • Cloud CDN
    Content delivery network for delivering web and video.
  • Not seeing what you're looking for?
  • See all products (100+)
  • AI and Machine Learning
  • Vertex AI Platform
    Unified platform for ML models and generative AI.
  • Vertex AI Studio
    Build, tune, and deploy foundation models on Vertex AI.
  • Vertex AI Agent Builder
    Build and deploy gen AI experiences.
  • Conversational Agents
    Build conversational AI with both deterministic and gen AI functionality.
  • Vertex AI Search
    Build Google-quality search for your enterprise apps and experiences.
  • Speech-to-Text
    Speech recognition and transcription across 125 languages.
  • Text-to-Speech
    Speech synthesis in 220+ voices and 40+ languages.
  • Translation AI
    Language detection, translation, and glossary support.
  • Google Agentspace
    Build, manage and adopt AI agents at scale on a single platform.
  • Vision AI
    Custom and pre-trained models to detect emotion, text, and more.
  • Contact Center as a Service
    Omnichannel contact center solution that is native to the cloud.
  • Not seeing what you're looking for?
  • See all AI and machine learning products
  • Business Intelligence
  • Looker
    Platform for BI, data applications, and embedded analytics.
  • Looker Studio
    Interactive data suite for dashboarding, reporting, and analytics.
  • Compute
  • Compute Engine
    Virtual machines running in Google’s data center.
  • App Engine
    Serverless application platform for apps and back ends.
  • Cloud GPUs
    GPUs for ML, scientific computing, and 3D visualization.
  • Migrate to Virtual Machines
    Server and virtual machine migration to Compute Engine.
  • Spot VMs
    Compute instances for batch jobs and fault-tolerant workloads.
  • Batch
    Fully managed service for scheduling batch jobs.
  • Sole-Tenant Nodes
    Dedicated hardware for compliance, licensing, and management.
  • Bare Metal
    Infrastructure to run specialized workloads on Google Cloud.
  • Recommender
    Usage recommendations for Google Cloud products and services.
  • VMware Engine
    Fully managed, native VMware Cloud Foundation software stack.
  • Cloud Run
    Fully managed environment for running containerized apps.
  • Not seeing what you're looking for?
  • See all compute products
  • Containers
  • Google Kubernetes Engine
    Managed environment for running containerized apps.
  • Cloud Run
    Fully managed environment for running containerized apps.
  • Cloud Build
    Solution for running build steps in a Docker container.
  • Artifact Registry
    Package manager for build artifacts and dependencies.
  • Cloud Code
    IDE support to write, run, and debug Kubernetes applications.
  • Cloud Deploy
    Fully managed continuous delivery to GKE and Cloud Run.
  • Migrate to Containers
    Components for migrating VMs into system containers on GKE.
  • Deep Learning Containers
    Containers with data science frameworks, libraries, and tools.
  • Knative
    Components to create Kubernetes-native cloud-based software.
  • Data Analytics
  • BigQuery
    Autonomous data to AI platform for analytics and data science.
  • Looker
    Platform for BI, data applications, and embedded analytics.
  • Dataflow
    Real-time analytics for stream and batch processing.
  • Pub/Sub
    Messaging service for event ingestion and delivery.
  • Dataproc
    Managed service for running Apache Spark and Apache Hadoop clusters.
  • Google Cloud Serverless for Apache Spark
    Quick VM startup and dynamic autoscaling for Spark workloads.
  • Cloud Composer
    Workflow orchestration service built on Apache Airflow.
  • BigLake
    Storage engine for building data lakehouses with Apache Iceberg.
  • Dataplex Universal Catalog
    A unified data-to-AI governance fabric for all Google Cloud services.
  • BigQuery Migration Services
    Free-to-use, cloud-native and AI-powered data migration services.
  • Managed Service for Apache Kafka
    Managed Kafka service to operate highly available Apache Kafka clusters.
  • Not seeing what you're looking for?
  • See all data analytics products
  • Databases
  • AlloyDB for PostgreSQL
    Fully managed, PostgreSQL-compatible database for enterprise workloads.
  • Cloud SQL
    Fully managed database for MySQL, PostgreSQL, and SQL Server.
  • Firestore
    Highly scalable and serverless NoSQL document database, with MongoDB compatibility.
  • Spanner
    Cloud-native relational database with unlimited scale and 99.999% availability.
  • Bigtable
    Cloud-native wide-column database for large-scale, low-latency workloads.
  • Datastream
    Serverless change data capture and replication service.
  • Database Migration Service
    Serverless, minimal downtime migrations to Cloud SQL.
  • Bare Metal Solution
    Fully managed infrastructure for your Oracle workloads.
  • Memorystore
    Fully managed Redis and Memcached for sub-millisecond data access.
  • Developer Tools
  • Artifact Registry
    Universal package manager for build artifacts and dependencies.
  • Cloud Code
    IDE support to write, run, and debug Kubernetes applications.
  • Cloud Build
    Continuous integration and continuous delivery platform.
  • Cloud Deploy
    Fully managed continuous delivery to GKE and Cloud Run.
  • Cloud Deployment Manager
    Service for creating and managing Google Cloud resources.
  • Cloud SDK
    Command-line tools and libraries for Google Cloud.
  • Cloud Scheduler
    Cron job scheduler for task automation and management.
  • Cloud Source Repositories
    Private Git repository to store, manage, and track code.
  • Infrastructure Manager
    Automate infrastructure management with Terraform.
  • Cloud Workstations
    Managed and secure development environments in the cloud.
  • Gemini Code Assist
    AI-powered assistant available across Google Cloud and your IDE.
  • Not seeing what you're looking for?
  • See all developer tools
  • Distributed Cloud
  • Google Distributed Cloud Connected
    Distributed cloud services for edge workloads.
  • Google Distributed Cloud Air-gapped
    Distributed cloud for air-gapped workloads.
  • Hybrid and Multicloud
  • Google Kubernetes Engine
    Managed environment for running containerized apps.
  • Apigee API Management
    API management, development, and security platform.
  • Migrate to Containers
    Tool to move workloads and existing applications to GKE.
  • Cloud Build
    Service for executing builds on Google Cloud infrastructure.
  • Observability
    Monitoring, logging, and application performance suite.
  • Cloud Service Mesh
    Fully managed service mesh based on Envoy and Istio.
  • Google Distributed Cloud
    Fully managed solutions for the edge and data centers.
  • Industry Specific
  • Anti Money Laundering AI
    Detect suspicious, potential money laundering activity with AI.
  • Cloud Healthcare API
    Solution for bridging existing care systems and apps on Google Cloud.
  • Device Connect for Fitbit
    Gain a 360-degree patient view with connected Fitbit data on Google Cloud.
  • Telecom Network Automation
    Ready to use cloud-native automation for telecom networks.
  • Telecom Data Fabric
    Telecom data management and analytics with an automated approach.
  • Telecom Subscriber Insights
    Ingests data to improve subscriber acquisition and retention.
  • Spectrum Access System (SAS)
    Controls fundamental access to the Citizens Broadband Radio Service (CBRS).
  • Integration Services
  • Application Integration
    Connect to 3rd party apps and enable data consistency without code.
  • Workflows
    Workflow orchestration for serverless products and API services.
  • Apigee API Management
    Manage the full life cycle of APIs anywhere with visibility and control.
  • Cloud Tasks
    Task management service for asynchronous task execution.
  • Cloud Scheduler
    Cron job scheduler for task automation and management.
  • Dataproc
    Service for running Apache Spark and Apache Hadoop clusters.
  • Cloud Data Fusion
    Data integration for building and managing data pipelines.
  • Cloud Composer
    Workflow orchestration service built on Apache Airflow.
  • Pub/Sub
    Messaging service for event ingestion and delivery.
  • Eventarc
    Build an event-driven architecture that can connect any service.
  • Management Tools
  • Cloud Shell
    Interactive shell environment with a built-in command line.
  • Cloud console
    Web-based interface for managing and monitoring cloud apps.
  • Cloud Endpoints
    Deployment and development management for APIs on Google Cloud.
  • Cloud IAM
    Permissions management system for Google Cloud resources.
  • Cloud APIs
    Programmatic interfaces for Google Cloud services.
  • Service Catalog
    Service catalog for admins managing internal enterprise solutions.
  • Cost Management
    Tools for monitoring, controlling, and optimizing your costs.
  • Observability
    Monitoring, logging, and application performance suite.
  • Carbon Footprint
    Dashboard to view and export Google Cloud carbon emissions reports.
  • Config Connector
    Kubernetes add-on for managing Google Cloud resources.
  • Active Assist
    Tools for easily managing performance, security, and cost.
  • Not seeing what you're looking for?
  • See all management tools
  • Maps and Geospatial
  • Earth Engine
    Geospatial platform for Earth observation data and analysis.
  • Google Maps Platform
    Create immersive location experiences and improve business operations.
  • Media Services
  • Cloud CDN
    Content delivery network for serving web and video content.
  • Live Stream API
    Service to convert live video and package for streaming.
  • OpenCue
    Open source render manager for visual effects and animation.
  • Transcoder API
    Convert video files and package them for optimized delivery.
  • Video Stitcher API
    Service for dynamic or server side ad insertion.
  • Migration
  • Migration Center
    Unified platform for migrating and modernizing with Google Cloud.
  • Application Migration
    App migration to the cloud for low-cost refresh cycles.
  • Migrate to Virtual Machines
    Components for migrating VMs and physical servers to Compute Engine.
  • Cloud Foundation Toolkit
    Reference templates for Deployment Manager and Terraform.
  • Database Migration Service
    Serverless, minimal downtime migrations to Cloud SQL.
  • Migrate to Containers
    Components for migrating VMs into system containers on GKE.
  • BigQuery Migration Services
    Streamlined data warehouse and data lake migration tooling and incentives.
  • Rapid Migration and Modernization Program
    End-to-end migration program to simplify your path to the cloud.
  • Transfer Appliance
    Storage server for moving large volumes of data to Google Cloud.
  • Storage Transfer Service
    Data transfers from online and on-premises sources to Cloud Storage.
  • VMware Engine
    Migrate and run your VMware workloads natively on Google Cloud.
  • Mixed Reality
  • Immersive Stream for XR
    Hosts, renders, and streams 3D and XR experiences.
  • Networking
  • Cloud Armor
    Security policies and defense against web and DDoS attacks.
  • Cloud CDN and Media CDN
    Content delivery network for serving web and video content.
  • Cloud DNS
    Domain name system for reliable and low-latency name lookups.
  • Cloud Load Balancing
    Service for distributing traffic across applications and regions.
  • Cloud NAT
    NAT service for giving private instances internet access.
  • Cloud Connectivity
    Connectivity options for VPN, peering, and enterprise needs.
  • Network Connectivity Center
    Connectivity management to help simplify and scale networks.
  • Network Intelligence Center
    Network monitoring, verification, and optimization platform.
  • Network Service Tiers
    Cloud network options based on performance, availability, and cost.
  • Virtual Private Cloud
    Single VPC for an entire organization, isolated within projects.
  • Private Service Connect
    Secure connection between your VPC and services.
  • Not seeing what you're looking for?
  • See all networking products
  • Operations
  • Cloud Logging
    Google Cloud audit, platform, and application logs management.
  • Cloud Monitoring
    Infrastructure and application health with rich metrics.
  • Error Reporting
    Application error identification and analysis.
  • Managed Service for Prometheus
    Fully-managed Prometheus on Google Cloud.
  • Cloud Trace
    Tracing system collecting latency data from applications.
  • Cloud Profiler
    CPU and heap profiler for analyzing application performance.
  • Cloud Quotas
    Manage quotas for all Google Cloud services.
  • Productivity and Collaboration
  • AppSheet
    No-code development platform to build and extend applications.
  • Google Agentspace
    Build, manage and adopt AI agents at scale on a single platform.
  • Google Workspace
    Collaboration and productivity tools for individuals and organizations.
  • Google Workspace Essentials
    Secure video meetings and modern collaboration for teams.
  • Cloud Identity
    Unified platform for IT admins to manage user devices and apps.
  • Chrome Enterprise
    ChromeOS, Chrome browser, and Chrome devices built for business.
  • Security and Identity
  • Cloud IAM
    Permissions management system for Google Cloud resources.
  • Sensitive Data Protection
    Discover, classify, and protect your valuable data assets.
  • Mandiant Managed Defense
    Find and eliminate threats with confidence 24x7.
  • Google Threat Intelligence
    Know who’s targeting you.
  • Security Command Center
    Platform for defending against threats to your Google Cloud assets.
  • Cloud Key Management
    Manage encryption keys on Google Cloud.
  • Mandiant Incident Response
    Minimize the impact of a breach.
  • Chrome Enterprise Premium
    Get secure enterprise browsing with extensive endpoint visibility.
  • Assured Workloads
    Compliance and security controls for sensitive workloads.
  • Google Security Operations
    Detect, investigate, and respond to cyber threats.
  • Mandiant Consulting
    Get expert guidance before, during, and after an incident.
  • Not seeing what you're looking for?
  • See all security and identity products
  • Serverless
  • Cloud Run
    Fully managed environment for running containerized apps.
  • Cloud Functions
    Platform for creating functions that respond to cloud events.
  • App Engine
    Serverless application platform for apps and back ends.
  • Workflows
    Workflow orchestration for serverless products and API services.
  • API Gateway
    Develop, deploy, secure, and manage APIs with a fully managed gateway.
  • Storage
  • Cloud Storage
    Object storage that’s secure, durable, and scalable.
  • Block Storage
    High-performance storage for AI, analytics, databases, and enterprise applications.
  • Filestore
    File storage that is highly scalable and secure.
  • Persistent Disk
    Block storage for virtual machine instances running on Google Cloud.
  • Cloud Storage for Firebase
    Object storage for storing and serving user-generated content.
  • Local SSD
    Block storage that is locally attached for high-performance needs.
  • Storage Transfer Service
    Data transfers from online and on-premises sources to Cloud Storage.
  • Google Cloud Managed Lustre
    High performance managed parallel file service.
  • Google Cloud NetApp Volumes
    File storage service for NFS, SMB, and multi-protocol environments.
  • Backup and DR Service
    Service for centralized, application-consistent data protection.
  • Web3
  • Blockchain Node Engine
    Fully managed node hosting for developing on the blockchain.
  • Blockchain RPC
    Enterprise-grade RPC for building on the blockchain.
Pricing
  • Save money with our transparent approach to pricing
  • Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
  • Request a quote
  • Pricing overview and tools
  • Google Cloud pricing
    Pay only for what you use with no lock-in.
  • Pricing calculator
    Calculate your cloud savings.
  • Google Cloud free tier
    Explore products with free monthly usage.
  • Cost optimization framework
    Get best practices to optimize workload costs.
  • Cost management tools
    Tools to monitor and control your costs.
  • Product-specific Pricing
  • Compute Engine
  • Cloud SQL
  • Google Kubernetes Engine
  • Cloud Storage
  • BigQuery
  • See full price list with 100+ products
Resources
  • Learn & build
  • Google Cloud Free Program
    $300 in free credits and 20+ free products.
  • Solution Generator
    Get AI generated solution recommendations.
  • Quickstarts
    Get tutorials and walkthroughs.
  • Blog
    Read our latest product news and stories.
  • Learning Hub
    Grow your career with role-based training.
  • Google Cloud certification
    Prepare and register for certifications.
  • Cloud computing basics
    Learn more about cloud computing basics.
  • Cloud Architecture Center
    Get reference architectures and best practices.
  • Connect
  • Innovators
    Join Google Cloud's developer program.
  • Developer Center
    Stay in the know and stay connected.
  • Events and webinars
    Browse upcoming and on demand events.
  • Google Cloud Community
    Ask questions, find answers, and connect.
  • Consulting and Partners
  • Google Cloud Consulting
    Work with our experts on cloud projects.
  • Google Cloud Marketplace
    Deploy ready-to-go solutions in a few clicks.
  • Find a partner
    Explore the benefits of working with a partner.
  • Google Cloud partners
    Learn about the ecosystem and resources.
Docs Support
/
Docs Support
  • English
  • Deutsch
  • Español – América Latina
  • Français
  • Português – Brasil
  • 中文 – 简体
  • 日本語
  • 한국어
Console Sign in
Contact Us Start free
Google Cloud
  • Overview
    • More
  • Solutions
    • More
  • Products
    • More
  • Pricing
    • More
  • Resources
    • More
  • Docs
  • Support
  • Console
  • Contact Us
  • Start free
  • Accelerate your digital transformation
  • Learn more
  • Key benefits
  • Why Google Cloud
  • AI and ML
  • Multicloud
  • Global infrastructure
  • Data Cloud
  • Modern Infrastructure Cloud
  • Security
  • Productivity and collaboration
  • Reports and insights
  • Executive insights
  • Analyst reports
  • Whitepapers
  • Customer stories
  • Industry Solutions
  • Retail
  • Consumer Packaged Goods
  • Financial Services
  • Healthcare and Life Sciences
  • Media and Entertainment
  • Telecommunications
  • Games
  • Manufacturing
  • Supply Chain and Logistics
  • Government
  • Education
  • See all industry solutions
  • See all solutions
  • Application Modernization
  • CAMP
  • Modernize Traditional Applications
  • Migrate from PaaS: Cloud Foundry, Openshift
  • Migrate from Mainframe
  • Modernize Software Delivery
  • DevOps Best Practices
  • SRE Principles
  • Platform Engineering
  • Run Applications at the Edge
  • Architect for Multicloud
  • Go Serverless
  • Artificial Intelligence
  • Customer Engagement Suite with Google AI
  • Document AI
  • Vertex AI Search for commerce
  • Google Cloud with Gemini
  • Generative AI on Google Cloud
  • APIs and Applications
  • New Business Channels Using APIs
  • Unlocking Legacy Applications Using APIs
  • Open Banking APIx
  • Data Analytics
  • Data Migration
  • Data Lakehouse
  • Real-time Analytics
  • Marketing Analytics
  • Datasets
  • Business Intelligence
  • AI for Data Analytics
  • Geospatial Analytics
  • Databases
  • Database Migration
  • Database Modernization
  • Databases for Games
  • Google Cloud Databases
  • Migrate Oracle workloads to Google Cloud
  • Open Source Databases
  • SQL Server on Google Cloud
  • Gemini for Databases
  • Infrastructure Modernization
  • Application Migration
  • SAP on Google Cloud
  • High Performance Computing
  • Windows on Google Cloud
  • Data Center Migration
  • Active Assist
  • Virtual Desktops
  • Rapid Migration and Modernization Program
  • Backup and Disaster Recovery
  • Red Hat on Google Cloud
  • Cross-Cloud Network
  • Observability
  • Productivity and Collaboration
  • Google Workspace
  • Google Workspace Essentials
  • Cloud Identity
  • Chrome Enterprise
  • Security
  • Agentic SOC
  • Web App and API Protection
  • Security and Resilience Framework
  • Risk and compliance as code (RCaC)
  • Software Supply Chain Security
  • Security Foundation
  • Google Cloud Cybershield™
  • Startups and SMB
  • Startup Program
  • Small and Medium Business
  • Software as a Service
  • Featured Products
  • Compute Engine
  • Cloud Storage
  • BigQuery
  • Cloud Run
  • Google Kubernetes Engine
  • Vertex AI
  • Looker
  • Apigee API Management
  • Cloud SQL
  • Gemini
  • Cloud CDN
  • See all products (100+)
  • AI and Machine Learning
  • Vertex AI Platform
  • Vertex AI Studio
  • Vertex AI Agent Builder
  • Conversational Agents
  • Vertex AI Search
  • Speech-to-Text
  • Text-to-Speech
  • Translation AI
  • Google Agentspace
  • Vision AI
  • Contact Center as a Service
  • See all AI and machine learning products
  • Business Intelligence
  • Looker
  • Looker Studio
  • Compute
  • Compute Engine
  • App Engine
  • Cloud GPUs
  • Migrate to Virtual Machines
  • Spot VMs
  • Batch
  • Sole-Tenant Nodes
  • Bare Metal
  • Recommender
  • VMware Engine
  • Cloud Run
  • See all compute products
  • Containers
  • Google Kubernetes Engine
  • Cloud Run
  • Cloud Build
  • Artifact Registry
  • Cloud Code
  • Cloud Deploy
  • Migrate to Containers
  • Deep Learning Containers
  • Knative
  • Data Analytics
  • BigQuery
  • Looker
  • Dataflow
  • Pub/Sub
  • Dataproc
  • Google Cloud Serverless for Apache Spark
  • Cloud Composer
  • BigLake
  • Dataplex Universal Catalog
  • BigQuery Migration Services
  • Managed Service for Apache Kafka
  • See all data analytics products
  • Databases
  • AlloyDB for PostgreSQL
  • Cloud SQL
  • Firestore
  • Spanner
  • Bigtable
  • Datastream
  • Database Migration Service
  • Bare Metal Solution
  • Memorystore
  • Developer Tools
  • Artifact Registry
  • Cloud Code
  • Cloud Build
  • Cloud Deploy
  • Cloud Deployment Manager
  • Cloud SDK
  • Cloud Scheduler
  • Cloud Source Repositories
  • Infrastructure Manager
  • Cloud Workstations
  • Gemini Code Assist
  • See all developer tools
  • Distributed Cloud
  • Google Distributed Cloud Connected
  • Google Distributed Cloud Air-gapped
  • Hybrid and Multicloud
  • Google Kubernetes Engine
  • Apigee API Management
  • Migrate to Containers
  • Cloud Build
  • Observability
  • Cloud Service Mesh
  • Google Distributed Cloud
  • Industry Specific
  • Anti Money Laundering AI
  • Cloud Healthcare API
  • Device Connect for Fitbit
  • Telecom Network Automation
  • Telecom Data Fabric
  • Telecom Subscriber Insights
  • Spectrum Access System (SAS)
  • Integration Services
  • Application Integration
  • Workflows
  • Apigee API Management
  • Cloud Tasks
  • Cloud Scheduler
  • Dataproc
  • Cloud Data Fusion
  • Cloud Composer
  • Pub/Sub
  • Eventarc
  • Management Tools
  • Cloud Shell
  • Cloud console
  • Cloud Endpoints
  • Cloud IAM
  • Cloud APIs
  • Service Catalog
  • Cost Management
  • Observability
  • Carbon Footprint
  • Config Connector
  • Active Assist
  • See all management tools
  • Maps and Geospatial
  • Earth Engine
  • Google Maps Platform
  • Media Services
  • Cloud CDN
  • Live Stream API
  • OpenCue
  • Transcoder API
  • Video Stitcher API
  • Migration
  • Migration Center
  • Application Migration
  • Migrate to Virtual Machines
  • Cloud Foundation Toolkit
  • Database Migration Service
  • Migrate to Containers
  • BigQuery Migration Services
  • Rapid Migration and Modernization Program
  • Transfer Appliance
  • Storage Transfer Service
  • VMware Engine
  • Mixed Reality
  • Immersive Stream for XR
  • Networking
  • Cloud Armor
  • Cloud CDN and Media CDN
  • Cloud DNS
  • Cloud Load Balancing
  • Cloud NAT
  • Cloud Connectivity
  • Network Connectivity Center
  • Network Intelligence Center
  • Network Service Tiers
  • Virtual Private Cloud
  • Private Service Connect
  • See all networking products
  • Operations
  • Cloud Logging
  • Cloud Monitoring
  • Error Reporting
  • Managed Service for Prometheus
  • Cloud Trace
  • Cloud Profiler
  • Cloud Quotas
  • Productivity and Collaboration
  • AppSheet
  • Google Agentspace
  • Google Workspace
  • Google Workspace Essentials
  • Cloud Identity
  • Chrome Enterprise
  • Security and Identity
  • Cloud IAM
  • Sensitive Data Protection
  • Mandiant Managed Defense
  • Google Threat Intelligence
  • Security Command Center
  • Cloud Key Management
  • Mandiant Incident Response
  • Chrome Enterprise Premium
  • Assured Workloads
  • Google Security Operations
  • Mandiant Consulting
  • See all security and identity products
  • Serverless
  • Cloud Run
  • Cloud Functions
  • App Engine
  • Workflows
  • API Gateway
  • Storage
  • Cloud Storage
  • Block Storage
  • Filestore
  • Persistent Disk
  • Cloud Storage for Firebase
  • Local SSD
  • Storage Transfer Service
  • Google Cloud Managed Lustre
  • Google Cloud NetApp Volumes
  • Backup and DR Service
  • Web3
  • Blockchain Node Engine
  • Blockchain RPC
  • Save money with our transparent approach to pricing
  • Request a quote
  • Pricing overview and tools
  • Google Cloud pricing
  • Pricing calculator
  • Google Cloud free tier
  • Cost optimization framework
  • Cost management tools
  • Product-specific Pricing
  • Compute Engine
  • Cloud SQL
  • Google Kubernetes Engine
  • Cloud Storage
  • BigQuery
  • See full price list with 100+ products
  • Learn & build
  • Google Cloud Free Program
  • Solution Generator
  • Quickstarts
  • Blog
  • Learning Hub
  • Google Cloud certification
  • Cloud computing basics
  • Cloud Architecture Center
  • Connect
  • Innovators
  • Developer Center
  • Events and webinars
  • Google Cloud Community
  • Consulting and Partners
  • Google Cloud Consulting
  • Google Cloud Marketplace
  • Find a partner
  • Google Cloud partners
  • Home
Stay organized with collections Save and categorize content based on your preferences.
  • Back to Google Cloud Terms Directory
  • Current

Google Cloud Platform: EU Model Contract Clauses

Last modified: August 1, 2018

This is not the current version of this document and is provided for archival purposes. View the current version

Standard Contractual Clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

the non-Google legal entity accepting the Clauses (the “Data Exporter”)

And

Google LLC (formerly known as Google Inc.), 1600 Amphitheatre Parkway, Mountain View, California 94043 USA(the “Data Importer”)

each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the Data Exporter to the Data Importer of the personal data specified in Appendix 1.

The Clauses (including Appendices 1 and 2) are effective from the date the Data Exporter has both: (i) executed a valid Google Cloud Platform Agreement with Data Processing and Security Terms (collectively the “Services Agreement”); and (ii) clicked to accept these Clauses. In this document: (a) “Google Cloud Platform Agreement” means an agreement under which the Data Importer, Google Ireland Limited, Google Asia Pacific Pte. Ltd., or any other entity that directly or indirectly controls, is controlled by, or is under common control with the Data Importer, has agreed to provide Google Cloud Platform (as described at https://cloud.google.com/terms/services) and related technical support to Data Exporter (whether as a customer, reseller or supplier); and (b) “Data Processing and Security Terms” means terms incorporated by reference into the Google Cloud Platform Agreement or otherwise subsequently agreed between the parties to that agreement that set out certain terms in relation to the protection and processing of personal data.

If you are accepting on behalf of the Data Exporter, you represent and warrant that: (i) you have full legal authority to bind your employer, or the applicable entity, to these terms and conditions; (ii) you have read and understand the Clauses; and (iii) you agree, on behalf of the party that you represent, to the Clauses. If you do not have the legal authority to bind the Data Exporter, please do not click the “I Accept” button below. The Clauses shall automatically expire on the termination or expiry of the Data Processing and Security Terms. The parties agree that where Data Exporter has been presented with these Clauses and clicked to accept these terms electronically, such acceptance shall constitute execution of the entirety of the Clauses by both parties, subject to the effective date described above.

Clause 1

Definitions

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘Data Subject’ and ‘Supervisory Authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the Data Exporter’ means the controller who transfers the personal data;

(c) ‘the Data Importer’ means the processor who agrees to receive from the Data Exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25 (1) of Directive 95/46/EC;

(d) ‘the Subprocessor’ means any processor engaged by the Data Importer or by any other subprocessor of the Data Importer who agrees to receive from the Data Importer or from any other subprocessor of the Data Importer personal data exclusively intended for processing activities to be carried out on behalf of the Data Exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the Data Exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The Data Subject can enforce against the Data Exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The Data Subject can enforce against the Data Importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the Data Exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the Data Exporter, in which case the Data Subject can enforce them against such entity.

3. The Data Subject can enforce against the Subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the Data Subject can enforce them against such entity. Such third-party liability of the Subprocessor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a Data Subject being represented by an association or other body if the Data Subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the Data Exporter

The Data Exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the Data Exporter is established) and does not violate the relevant provisions of that State

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the Data Exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation.

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the Data Subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any Subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the Data Exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the Data Subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a Subprocessor providing at least the same level of protection for the personal data and the rights of Data Subject as the Data Importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the Data Importer*

The Data Importer agrees and warrants:

(a) to process the personal data only on behalf of the Data Exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the Data Exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the Data Exporter as soon as it is aware, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the Data Exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii) any accidental or unauthorised access; and

(iii) any request received directly from the Data Subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the Data Exporter relating to its processing of the personal Data Subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the Data Exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the Data Exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Data Exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the Data Subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the Data Subject is unable to obtain a copy from the Data Exporter;

(h) that, in the event of sub-processing, it has previously informed the Data Exporter and obtained its prior written consent;

(i) that the processing services by the Subprocessor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any Subprocessor agreement it concludes under the Clauses to the Data Exporter.

Clause 6

Liability

1. The parties agree that any Data Subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or Subprocessor is entitled to receive compensation from the Data Exporter for the damage suffered.

2. If a Data Subject is not able to bring a claim for compensation in accordance with paragraph 1 against the Data Exporter, arising out of a breach by the Data Importer or his Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the Data Exporter has factually disappeared or ceased to exist in law or has become insolvent, the Data Importer agrees that the Data Subject may issue a claim against the Data Importer as if it were the Data Exporter, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law, in which case the Data Subject can enforce its rights against such entity.The Data Importer may not rely on a breach by a Subprocessor of its obligations in order to avoid its own liabilities.

3. If a Data Subject is not able to bring a claim against the Data Exporter or the Data Importer referred to in paragraphs 1 and 2, arising out of a breach by the Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, the Subprocessor agrees that the Data Subject may issue a claim against the data Subprocessor with regard to its own processing operations under the Clauses as if it were the Data Exporter or the Data Importer, unless any successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law, in which case the Data Subject can enforce its rights against such entity. The liability of the Subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The Data Importer agrees that if the Data Subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the Data Importer will accept the decision of the Data Subject;

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the Data Exporter is established.

2. The parties agree that the choice made by the Data Subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The Data Exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the Data Importer, and of any Subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the Data Exporter under the applicable data protection law.

3. The Data Importer shall promptly inform the Data Exporter about the existence of legislation applicable to it or any Subprocessor preventing the conduct of an audit of the Data Importer, or any Subprocessor, pursuant to paragraph 2. In such a case the Data Exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the Data Exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Sub-Processing

1. The Data Importer shall not subcontract any of its processing operations performed on behalf of the Data Exporter under the Clauses without the prior written consent of the Data Exporter. Where the Data Importer subcontracts its obligations under the Clauses, with the consent of the Data Exporter, it shall do so only by way of a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor as are imposed on the Data Importer under the Clauses. Where the Subprocessor fails to fulfil its data protection obligations under such written agreement the Data Importer shall remain fully liable to the Data Exporter for the performance of the Subprocessor’s obligations under such agreement.

2. The prior written contract between the Data Importer and the Subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the Data Subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the Data Exporter or the Data Importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law. Such third-party liability of the Subprocessor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the Data Exporter is established

4. The Data Exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the Data Importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the Data Exporter’s data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the Data Importer and the Subprocessor shall, at the choice of the Data Exporter, return all the personal data transferred and the copies thereof to the Data Exporter or shall destroy all the personal data and certify to the Data Exporter that it has done so, unless legislation imposed upon the Data Importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the Data Importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The Data Importer and the Subprocessor warrant that upon request of the Data Exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1

to the Standard Contractual Clauses

This Appendix forms part of the Clauses

Data Exporter

The Data Exporter is the non-Google legal entity that is a party to the Clauses.

Data Importer

The Data Importer is Google LLC, a global provider of a variety of technology services for businesses.

Data Subjects

The personal data transferred concern the following categories of data subjects: Data subjects include the individuals about whom data is provided to Google via the Services (as defined in the Services Agreement) by (or at the direction of) Data Exporter.

Categories of data

The personal data transferred concern the following categories of data: Data relating to individuals provided to Google via the Services by (or at the direction of) Data Exporter.

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data: Data relating to individuals provided to Google via the Services by (or at the direction of) Data Exporter.

Processing operations

The personal data transferred will be subject to the following basic processing activities:

  • Scope of Processing. The Clauses reflect the parties’ agreement with respect to the processing and transfer of personal data specified in this Appendix pursuant to the provision of the Services. Personal data may be processed only to comply with Instructions (as defined in the Data Processing and Security Terms). The Data Exporter instructs the Data Importer to process personal data in countries in which the Data Importer or its Subprocessors maintain facilities.
  • Term of Data Processing. Data processing will be for the period specified in the Data Processing and Security Terms. Such period will automatically terminate upon the deletion by the Data Importer of all data as described in the Data Processing and Security Terms.
  • Data Deletion. During the term of the Services Agreement, the Data Importer will provide the Data Exporter with the ability to delete the Data Exporter’s personal data from the Services in accordance with the Services Agreement. After termination or expiry of the Services Agreement, the Data Importer will delete the Data Exporter’s personal data in accordance with the Data Processing and Security Terms.
  • Access to Data. During the term of the Services Agreement, the Data Importer will provide the Data Exporter with access to, and the ability to rectify, restrict processing of and export the Data Exporter’s personal data from the Services in accordance with the Services Agreement.
  • Subprocessors. The Data Importer may engage Subprocessors to provide parts of the Services and TSS (as defined in the Services Agreement). The Data Importer will ensure Subprocessors only access and use the Data Exporter’s personal data to provide the Services and TSS and not for any other purpose.

Appendix 2

to the Standard Contractual Clauses

This Appendix forms part of the Clauses.

Description of the technical and organisational security measures implemented by the Data Importer in accordance with Clauses 4(c) and 5(c) (or document/legislation attached): The Data Importer currently abides by the security standards in this Appendix 2. The Data Importer may update or modify these security standards from time to time provided such updates and modifications will not result in a degradation of the overall security of the Services during the term of the Services Agreement.

1.Data Center & Network Security.

(a) Data Centers.

Infrastructure. The Data Importer maintains geographically distributed data centers. The Data Importer stores all production data in physically secure data centers.

Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow the Data Importer to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard change process according to documented procedures.

Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.

Server Operating Systems. The Data Importer servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy. The Data Importer employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.

Businesses Continuity. The Data Importer replicates data over multiple systems to help to protect against accidental destruction or loss. The Data Importer has designed and regularly plans and tests its business continuity planning/disaster recovery programs.

(b) Networks and Transmission.

Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers.This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. The Data Importer transfers data via Internet standard protocols.

External Attack Surface. The Data Importer employs multiple layers of network devices and intrusion detection to protect its external attack surface. The Data Importer considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.

Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. The Data Importer intrusion detection involves:

  1. tightly controlling the size and make-up of the Data Importer’s attack surface through preventative measures;
  2. employing intelligent detection controls at data entry points; and
  3. employing technologies that automatically remedy certain dangerous situations.

Incident Response. The Data Importer monitors a variety of communication channels for security incidents, and The Data Importer’s security personnel will react promptly to known incidents.

Encryption Technologies. The Data Importer makes HTTPS encryption (also referred to as SSL or TLS connection) available. Google servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough.

2. Access and Site Controls.

(a) Site Controls.

On-site Data Center Security Operation. The Data Importer’s data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor closed circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly.

Data Center Access Procedures. The Data Importer maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made through e-mail, and require the approval of the requestor’s manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved.

On-site Data Center Security Devices. The Data Importer’s data centers employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centers connect the CCTV equipment. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for up to 30 days based on activity.

(b) Access Control.

Infrastructure Security Personnel. The Data Importer has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. The Data Importer’s infrastructure security personnel are responsible for the ongoing monitoring of the Data Importer’s security infrastructure, the review of the Services, and responding to security incidents.

Access Control and Privilege Management. The Data Exporter’s administrators must authenticate themselves via a central authentication system or via a single sign on system in order to administer the Services.

Internal Data Access Processes and Policies – Access Policy. The Data Importer’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. The Data Importer designs its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access.The Data Importer employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide the Data Importer with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. The Data Importer requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with The Data Importer’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), the Data Importer uses hardware tokens.

3. Data.

(a) Data Storage, Isolation and Logging.

The Data Importer stores data in a multi-tenant environment on the Data Importer-owned servers. The data and file system architecture are replicated between multiple geographically dispersed data centers. The Data Importer also logically isolates the Data Exporter’s data, and the Data Exporter will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable the Data Exporter to determine the product sharing settings applicable to end users for specific purposes. The Data Exporter may choose to make use of certain logging capability that the Data Importer may make available via the Services.

(b) Decommissioned Disks and Disk Erase Policy.

Disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Disk”). Every Decommissioned Disk is subject to a series of data destruction processes (the “Disk Erase Policy”) before leaving the Data Importer’s premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk’s serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Disk Erase Policy.

4. Personnel Security.

The Data Importer personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. The Data Importer conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.

Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, the Data Importer’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling customer data are required to complete additional requirements appropriate to their role (eg., certifications). The Data Importer’s personnel will not process customer data without authorization.

5. Subprocessor Security.

Before onboarding Subprocessors, the Data Importer conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once the Data Importer has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms as described in Section 11.3 of the Data Processing and Security Terms.

6. The Data Importer’s Cloud Data Protection Team.

The Data Importer’s Cloud Data Protection Team can be contacted at https://support.google.com/cloud/contact/dpo (and/or via such other means as Google may provide from time to time).

*Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.

  • Why Google

    • Choosing Google Cloud
    • Trust and security
    • Modern Infrastructure Cloud
    • Multicloud
    • Global infrastructure
    • Customers and case studies
    • Analyst reports
    • Whitepapers
  • Products and pricing

    • See all products
    • See all solutions
    • Google Cloud for Startups
    • Google Cloud Marketplace
    • Google Cloud pricing
    • Contact sales
  • Support

    • Community forums
    • Support
    • Release Notes
    • System status
  • Resources

    • GitHub
    • Getting Started with Google Cloud
    • Google Cloud documentation
    • Code samples
    • Cloud Architecture Center
    • Training and Certification
    • Developer Center
  • Engage

    • Blog
    • Events
    • X (Twitter)
    • Google Cloud on YouTube
    • Google Cloud Tech on YouTube
    • Become a Partner
    • Google Cloud Affiliate Program
    • Press Corner
  • About Google
  • Privacy
  • Site terms
  • Google Cloud terms
  • Manage cookies
  • Our third decade of climate action: join us
  • Sign up for the Google Cloud newsletter Subscribe
  • English
  • Deutsch
  • Español – América Latina
  • Français
  • Português – Brasil
  • 中文 – 简体
  • 日本語
  • 한국어