UK Controller Addendum
This UK Controller Addendum applies when it is expressly incorporated by reference into terms for Meta Products, such as the Meta Business Tools Terms (any such terms, "Applicable Product Terms", any covered Meta Products, "applicable products"). Terms used but not defined in this UK Controller Addendum have the meanings given in the applicable product terms. In the event of any conflict between the applicable product terms and this UK Controller Addendum, this UK Controller Addendum will govern solely to the extent of the conflict.
Meta and you agree to the following:
  • Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, US ("Meta" or "we") and you (each a "party", together the "parties") are joint controllers in accordance with Article 26 UK GDPR for the joint processing specified by the applicable product terms. The scope of the joint processing and this UK Controller Addendum covers the collection of the personal data specified by the applicable product terms and its transmission to Meta; the subsequent processing of data by Meta does not form part of the joint processing. More information on the joint processing can be found in the applicable product terms.
  • This UK Controller Addendum determines Meta's and your responsibilities for compliance with the obligations under the UK GDPR with regard to the joint processing. The joint processing is subject to the provisions of this UK Controller Addendum. They apply to all activities in which the parties, their employees or their processors are involved in the joint processing.
  • You agree to follow the available documentation regarding the correct technical implementation of the applicable products into your websites or apps and their configuration.
  • Meta's and your responsibilities for compliance with the obligations under the UK GDPR with regard to the joint processing are determined as follows:

    No.Obligation under UK GDPRMetaYou
    1Article 6: Requirement of legal basis for joint processing X
    (regarding Meta's processing)    		X
    (regarding your own processing)
    2Articles 13,14: Providing information on joint processing of personal dataX
    This includes, as a minimum, the provision of the following information in addition to your standard data policy or similar document:
    That Meta is a joint controller of the joint processing and that the information required by Article 13(1)(a) and (b) UK GDPR can be found in Meta's Privacy Policy at https://www.facebook.com/about/privacy.
    The information that you use applicable products as well as the purposes for which the collection and transmission of personal data that constitutes the joint processing takes place as set out in the applicable product terms.
    That further information on how Meta processes personal data, including the legal basis that Meta relies on and the ways to exercise data subject rights against Meta, can be found in Meta's Privacy Policy at https://www.facebook.com/about/privacy.
    (please see Applicable Product Terms for further information on the joint processing)
    3Article 26(2): Making available the essence of this UK Controller AddendumX
    This includes, as a minimum, the provision of the following information:
    That you and Meta have:
    entered into this UK Controller Addendum to determine the respective responsibilities for compliance with the obligations under the UK GDPR with regard to the joint processing (as specified in the applicable product terms);
    agreed that you are responsible for providing data subjects as a minimum with the information listed under no. 2;
    agreed that between the parties, Meta is responsible for enabling data subjects' rights under Articles 15-20 of the UK GDPR with regard to the personal data stored by Meta after the joint processing.
    4Articles 15-20: Rights of the data subject with regard to the personal data stored by Meta after the joint processingX
    5Article 21: Right to object insofar as the joint processing is based on Article 6(1)(f) X
    (regarding Meta's processing)    		 X
    (regarding your own processing)
    6Article 32: Security of the joint processing X
    (regarding the security of the applicable products)    		 X
    (regarding the correct technical implementation and configuration of the applicable products)
    7Articles 33, 34: Personal data breaches concerning the joint processing X
    (insofar as a personal data breach concerns Meta's obligations under this UK Controller Addendum)    		 X
    (insofar as a personal data breach concerns your obligations under this UK Controller Addendum)

  • All other responsibilities for compliance with obligations under the UK GDPR regarding the joint processing remain with each Party individually.
  • With regard to Article 32 UK GDPR, the measures taken by Meta include the measures listed in Meta's Data Security Terms (as updated from time to time, for example to reflect technological developments) which are herewith expressly incorporated into this UK Controller Addendum. All employees of Meta involved in the joint processing are bound by appropriate obligations to maintain the confidentiality of the personal data subject to the joint processing.
  • This UK Controller Addendum does not grant you any right to request the disclosure of personal data of any Meta user that is processed in connection with Meta Products.
  • Data subjects can exercise their rights under Articles 15-21 UK GDPR with regard to their personal data processed by Meta directly against Meta. If data subjects exercise their rights under the UK GDPR with regard to the joint processing against you, or you are contacted by a supervisory authority with regard to the joint processing, each a "request", you will forward all relevant information regarding such request to us promptly but within a maximum of seven calendar days. For this purpose, you can submit this form. Meta agrees to answer requests from data subjects in accordance with our obligations under this UK Controller Addendum. You agree to take all reasonable endeavours in a timely manner to cooperate with us in answering any such request. You are not authorised to act or answer on Meta's behalf.
  • If you access or use applicable products for any business or commercial purpose, you agree that any claim, cause of action or dispute that you have against us, which arises out of or relates to this UK Controller Addendum, must be resolved exclusively in the courts of England and Wales, that you irrevocably submit to the jurisdiction of the courts of England and Wales for the purpose of litigating any such claim and that the laws of England and Wales will govern this UK Controller Addendum, without regard to conflict of law provisions. If you are a consumer who habitually resides in the United Kingdom, only 4.4 of the applicable Meta Terms of Service applies.
  • We may need to update this UK Controller Addendum from time to time. By continuing any use of applicable products after any notification of an update to this UK Controller Addendum, you agree to be bound by it. If you do not agree to the updated UK Controller Addendum, please stop all use of applicable products. If you are a consumer who habitually resides in the United Kingdom, only 4.1 of the applicable Terms of Service applies.
  • If any portion of this UK Controller Addendum is found to be unenforceable, the remaining portion will remain in full force and effect. If we fail to enforce any portion of this UK Controller Addendum, it will not be considered a waiver. Any amendment to or waiver of these terms requested by you must be made in writing and signed by us.
  • This UK Controller Addendum applies only to the processing of personal data within the scope of the UK GDPR (as defined in the UK's Data Protection Act 2018). "Personal data", "data subject", "(joint) controller", "processor" and "personal data breach" in this UK Controller Addendum have the meanings set out in the UK GDPR.

Effective date: 25 April 2023

English (UK)
Tiếng Việt
中文(台灣)
한국어
日本語
Français (France)
ภาษาไทย
Español
Português (Brasil)
Deutsch
Italiano