Customer agreement privacy & security schedules

Our data processing terms apply where we process personal data on behalf of our customers as a “data processor” or “service provider”, or similar under local applicable law. 

• Data Processing Schedule 
• CCPA Addendum 
  
• Description of Personal Data Processing 
• Information Security Standards Schedule  
  
• EU Standard Contractual Clauses + UK Addenda + EU Addenda

Moody’s customers only: to request copies of product-specific information security documentation, such as SOC2 reports, please contact your usual Moody’s representative, who will be happy to provide you with the available information security documentation for the contracted Moody’s products and services.

Separately, as a “data controller” or a “business”, or similar under local applicable law, in the course of providing our services, we collect the names and business contact details of customer’s employees as primary customer contacts. This personal data is processed for a number of our business purposes including account management, invoicing, collection of fees, and managing credentialled access to Moody’s content and services. For further information regarding how we handle personal data as a “data controller” or a “business”, please see Moody's Privacy Notice.