Data Handling Section

The following questions ask about your data handling practices. We recommend you consult legal, policy, and data handling experts within your organization for guidance on how to answer these questions.

Apps that have been published live with a use case, or that have advanced access to permissions or features, are required to complete these data handling questions.

processor-0

Do you have data processors or service providers, including your own companies, that will have access to the Platform Data that you obtain from Meta?

Data processors or service providers are separate entities that, on your behalf, process the Platform Data made accessible to you in order to provide you with a service. Please provide the names of any processors that will have access to the Platform Data made accessible to you through the requested permissions and features.

“Platform Data” is any data that you receive from Meta (e.g., Meta user ID, email address, profile picture, Meta API user access token, and app secret).

[ ] Yes

[ ] No

If you answer "yes", you will be asked the following additional questions:

processor-2

List all data processors or service providers, including your own companies, that will have access to the Platform Data that you obtain from Meta.

Please note that Platform Data may include a subset of personal data or personal information that relates to an identified or identifiable person.

processor-2a

For which category of services will this data processor or service provider process the Platform Data received from Meta? Select all that apply.

Please note that Platform Data may include a subset of personal data or personal information that relates to an identified or identifiable person.

[check all that apply]

[ ] Analytics and measurements

[ ] Advertising

[ ]Goods and services for purchase

[ ] IT solutions and services, including cloud storage and processing

[ ] Legal and law enforcement

[ ] Research and academics

[ ] Other

processor-2b List all countries where this data processor, or service provider, will process Platform Data received from Meta. Include locations from which the data processor, or service provider, will access the data remotely, via the internet. Select all that apply.

Many data processors and service providers provide this information on their corporate website.

responsible-1

Who is the person or entity that will be responsible for all Platform Data Meta shares with you?

Please provide the name of the legal entity that will control the data (i.e., determine the purposes and means of processing the data) made available to you by Meta through the requested permissions and/or features. This could be a natural or legal person, a public authority, an agency or other entity. In some regions this is called a data controller.

responsible-2

Select the country where this person or entity is located.

requests-3

Have you provided the personal data or personal information of users to public authorities in response to national security requests in the past 12 months?

This does not include requests related to search warrants or court orders associated with criminal investigations.

Personal data or personal information is any data you receive from Meta that relates to an identified or identifiable person.

[ ] No

[ ] Yes, we have shared the personal data or personal information of approximately 10 or fewer users.

[ ] Yes, we have shared the personal data or personal information of about 11–100 users.

[ ] Yes, we have shared the personal data or personal information of about 101–1,000 users. \ [ ] Yes, we have shared the personal data or personal information of more than 1,000 users.

[ ] We are prohibited by law or company policy from answering this question.

requests-4

Which of the following policies or processes do you have in place regarding requests from public authorities for the personal data or personal information of users? Check all that apply.

[ ]Required review of the legality of these requests.

[ ]Provisions for challenging these requests if they are considered unlawful.

[ ]Data minimization policy—the ability to disclose the minimum information necessary.

[ ] Documentation of these requests, including your responses to the requests and the legal reasoning and actors involved.

[ ] None of the above

[ ] We are prohibited by law or company policy from answering this question.