Content

To obtain advanced access to these permissions, tell us about your data handling practices. We recommend you consult legal, policy, and data handling experts within your organization for guidance on how to answer these questions. Learn about our data handling guidelines.

“Personal data” is any data you receive from Meta that is related to an identifiable person. For examples, refer to the definitions in the General Data Protection Regulation (GDPR) and the UK Information Commissioner’s Office.

  • Name of data controller. This could be a natural or legal person, a public authority, an agency or other body.
    • Please write the name of your data controller.
  • List all data processors, including your own companies, that will have access to the personal data of users that you obtain from Meta. A data processor is a person or business that provides you with services to help you process personal data you obtain from Meta. This may include Service Providers as defined in Meta’s Platform Terms.

    • Click ‘+ Add data processor’ and answer the questions below for each data processor you add.

      • Please write the name of the processor
      • For which category of services will this data processor process the personal data of users received from Meta? Select all that apply.

        • [ ] Analytics and measurements
        • [ ] Advertising
        • [ ] Goods and services for purchase
        • [ ] IT solutions and services, including cloud storage and processing
        • [ ] Research and academics
        • [ ] Legal and law enforcement
        • [ ] Other
      • List all countries where this data processor will process the personal data of users received from Meta. Include locations from which the data processor will access the data remotely, via the internet. Select all that apply. Many data processors provide this information on their corporate website.

        • [ ] Select all countries that apply from a dropdown list
  • Have you provided the personal data of users to public authorities in response to national security requests in the past 12 months? This does not include requests related to search warrants or court orders associated with criminal investigations.
    • [ ] No
    • [ ] Yes, we have shared the personal data of approximately 10 or fewer users
    • [ ] Yes, we have shared the personal data of about 11-100 users
    • [ ] Yes, we have shared the personal data of about 101-1,000 users
    • [ ] Yes, we have shared the personal data of more than 1,000 users
    • [ ] We are prohibited by law or company policy from answering this question
  • Which of the following policies or processes do you have in place regarding requests from public authorities for the personal data of users? Check all that apply.
    • [ ] Required review of the legality of these requests.
    • [ ] Provisions for challenging these requests if they are considered unlawful.
    • [ ] Data minimization policy—the ability to disclose the minimum information necessary.
    • [ ] Documentation of these requests, including your responses to the requests and the legal reasoning and actors involved.
    • [ ] We are prohibited by law or company policy from answering this question
    • [ ] None of the above