Legal Templates
Data Privacy Addendum

Data Privacy Addendum Template for Hong Kong

This document is a comprehensive Data Privacy Addendum governed by Hong Kong law, specifically compliant with the Personal Data (Privacy) Ordinance (PDPO). It establishes the framework for personal data processing between parties, detailing obligations for data handling, security measures, and breach notification procedures. The addendum incorporates Hong Kong's specific requirements for data protection, including cross-border data transfer provisions and consideration of interface with mainland China's data protection regime. It serves as a crucial supplement to main service agreements where personal data processing is involved.

Your data doesn't train Genie's AI

You keep IP ownership of your information

Generate a Bespoke Document

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Download a Standard Template

Get our Hong Kong-compliant Data Privacy Addendum

4.6 / 5
4.8 / 5
Access for free
OR

Alternatively: Run an advanced review of an existing
Data Privacy Addendum

Let Genie AI's market-leading legal AI identify missing terms, unusual language, compliance issues and more - in just seconds.
Upload your Doc

What is a Data Privacy Addendum?

The Data Privacy Addendum is essential for businesses operating in or with Hong Kong that engage in personal data processing activities. This document supplements primary service agreements where one party processes personal data on behalf of another, ensuring compliance with Hong Kong's Personal Data (Privacy) Ordinance and related regulations. It becomes necessary when organizations outsource data processing activities, use cloud services, or engage third-party service providers who will have access to personal data. The addendum defines crucial aspects such as data handling responsibilities, security requirements, breach notification procedures, and cross-border transfer mechanisms. It's particularly important given Hong Kong's unique position as a global business hub and its data protection requirements that bridge international standards with local and regional considerations, including interaction with mainland China's data protection regime.

What sections should be included in a Data Privacy Addendum?

1. Parties: Identification of the parties, including their roles as data controller(s) and/or data processor(s)

2. Background: Context of the addendum, reference to the main agreement, and purpose of the data processing relationship

3. Definitions: Key terms aligned with PDPO definitions, including Personal Data, Processing, Data Subject, Data User, Data Processor

4. Scope and Purpose of Processing: Detailed description of the personal data to be processed and permitted processing purposes

5. Obligations of the Data Processor: Specific duties including security measures, confidentiality, breach notification, and compliance with data protection principles

6. Obligations of the Data Controller: Responsibilities including lawful instructions, cooperation, and compliance with PDPO requirements

7. Cross-border Data Transfers: Rules and safeguards for transferring data outside Hong Kong

8. Security Measures: Technical and organizational measures required to protect personal data

9. Data Breach Notification: Procedures and timeframes for reporting data breaches

10. Audit Rights: Controller's rights to verify compliance and processor's obligations to demonstrate compliance

11. Term and Termination: Duration of the addendum and specific termination provisions

12. Return or Deletion of Data: Obligations regarding personal data upon termination of services

13. Governing Law and Jurisdiction: Confirmation of Hong Kong law governance and jurisdiction

What sections are optional to include in a Data Privacy Addendum?

1. Sub-processing: Terms for engaging sub-processors, to be included when sub-processing is permitted

2. Data Subject Rights: Procedures for handling data subject requests, necessary when processor assists with such requests

3. Mainland China Compliance: Additional provisions for PIPL compliance, required when data flows to/from mainland China

4. Insurance Requirements: Specific insurance obligations for data protection, included for high-risk processing

5. Joint Controller Provisions: Additional terms needed when parties act as joint controllers rather than controller-processor

What schedules should be included in a Data Privacy Addendum?

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data types being processed

2. Schedule 2 - Authorized Processing Activities: Specific processing operations and purposes permitted under the agreement

3. Schedule 3 - Technical and Organizational Security Measures: Detailed security requirements and standards

4. Schedule 4 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

5. Schedule 5 - Data Transfer Mechanisms: Specific mechanisms and safeguards for international data transfers

6. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

7. Appendix B - Compliance Checklist: Checklist of key PDPO compliance requirements and responsibilities

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image

Jurisdiction

Hong Kong

Publisher

Genie AI

Document Type

Consent Form

Sector

Health & Safety

Cost

Free to use
Relevant legal definitions
Personal Data
Processing
Data User
Data Processor
Data Subject
Sub-processor
Data Protection Laws
PDPO
Privacy Commissioner
Data Protection Principles
Security Measures
Confidential Information
Data Breach
Cross-border Transfer
Authorized Persons
Services
Main Agreement
Technical and Organizational Measures
Special Categories of Personal Data
Controller-Processor Agreement
Data Protection Impact Assessment
Data Protection Officer
Processing Records
Permitted Purpose
Regulatory Authority
Third Party
Transfer Mechanism
Written Instructions
Appropriate Safeguards
Privacy Notice
Data Minimization
Data Subject Rights
Storage Limitation
Supervisory Authority
Mainland China Transfer
PIPL
Agreed Purposes
Business Day
Effective Date
Material Breach
Clauses
Definitions
Scope of Processing
Data Protection Compliance
Processing Obligations
Security Requirements
Confidentiality
Sub-processing
Cross-border Transfers
Data Breach Notification
Audit Rights
Data Subject Rights
Record Keeping
Liability
Indemnification
Insurance
Term and Termination
Data Return and Deletion
Governing Law
Dispute Resolution
Force Majeure
Assignment
Severability
Entire Agreement
Variation
Notices
Third Party Rights
Regulatory Compliance
Technical Measures
Organizational Measures
Personnel Obligations
Relevant Industries

Financial Services

Technology

Healthcare

E-commerce

Professional Services

Education

Insurance

Telecommunications

Retail

Banking

Consulting

Cloud Services

Digital Marketing

Human Resources Services

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Risk Management

Data Protection

Procurement

Vendor Management

Operations

Privacy

Relevant Roles

Data Protection Officer

Privacy Officer

Chief Information Security Officer

Legal Counsel

Compliance Manager

IT Director

Chief Technology Officer

Risk Manager

Information Security Manager

Operations Director

Chief Legal Officer

Chief Compliance Officer

Procurement Manager

Vendor Management Officer

Privacy Counsel

Industries
Personal Data (Privacy) Ordinance (Cap. 486): Hong Kong's primary legislation governing the collection, handling, processing and use of personal data. It sets out six data protection principles and establishes the office of the Privacy Commissioner for Personal Data.
PCPD Guidelines on Cross-border Data Transfers: Guidelines issued by the Privacy Commissioner for Personal Data regarding the transfer of personal data outside of Hong Kong, including requirements for ensuring adequate levels of protection in recipient jurisdictions.
PCPD Guidance on Data Processor Contracts: Specific guidance from the PCPD on contractual terms and conditions that should be included when engaging data processors, including security measures and processing restrictions.
China Personal Information Protection Law (PIPL) Interface: Consideration of mainland China's PIPL when data flows between Hong Kong and mainland China are involved, ensuring compliance with both jurisdictions.
Electronic Transactions Ordinance (Cap. 553): Relevant for electronic storage and transmission of personal data, providing legal recognition of electronic records and signatures.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

No matches found.

Therapy Client Intake Form

A Hong Kong-compliant therapy client intake form for collecting essential client information and consent for mental health services.

find out more

Photo Shoot Contract

A Hong Kong law-governed agreement between photographer and client establishing terms for professional photography services, including rights, responsibilities, and deliverables.

find out more

Partial Termination Of Contract

A Hong Kong law-governed agreement that terminates specific portions of an existing contract while keeping other parts in force.

find out more

Parent Guardian Authorization Letter

A Hong Kong-compliant legal document delegating temporary guardianship rights from parents to an authorized caregiver.

find out more

Letter Of Consent For Spouse To Travel

A Hong Kong-compliant legal document providing formal authorization from one spouse to another for travel purposes, including necessary identification and travel details.

find out more

Consent For Release

A Hong Kong law-compliant document that authorizes the collection, use, and sharing of personal data, governed by the Personal Data (Privacy) Ordinance.

find out more

Aesthetic Consent Form

A Hong Kong-compliant consent form for aesthetic medical procedures that documents informed patient consent and practitioner obligations under local healthcare regulations.

find out more

Housemaid Contract Agreement

A Hong Kong-compliant employment contract for domestic helpers, following the Standard Employment Contract (ID 407) format with mandatory employment terms and conditions.

find out more

Parent Authorization Letter For Minors

A Hong Kong law-compliant document authorizing temporary guardianship rights for minors when parents are unavailable.

find out more

Viatical Settlement Contract

A Hong Kong law-governed agreement for the sale of a life insurance policy from a policyholder to an investor, including medical disclosure and regulatory compliance terms.

find out more

Parental Consent Letter For Study Abroad

A Hong Kong law-governed parental consent letter authorizing a minor's participation in overseas study programs, including comprehensive permissions and emergency authorizations.

find out more

Written Notice To Vacate

A formal notice compliant with Hong Kong law used to inform landlords or tenants of the intention to terminate a lease or tenancy agreement.

find out more

Payment Confirmation Letter To Supplier

A formal business document used in Hong Kong to confirm payment details and execution to suppliers, providing legal documentation under Hong Kong commercial law.

find out more

Employee Confirmation Letter For Bank Loan

A Hong Kong-compliant employment confirmation letter issued to employees for bank loan applications, verifying employment status and compensation details.

find out more

Consent Permission Letter

A Hong Kong law-governed formal letter documenting explicit permission or consent granted by one party to another for specific activities or rights.

find out more

Consent Form For Social (Media)

A Hong Kong-compliant consent form for social media content usage and personal data handling on social platforms.

find out more

Electronic Banking Risk Assessment

A regulatory-compliant risk assessment framework for electronic banking operations in Hong Kong, aligned with HKMA requirements.

find out more

Waiver And Release Of Liability Form

A Hong Kong law-governed document where participants waive their right to sue for certain risks and injuries, commonly used in recreational, educational, and business activities.

find out more

Early Release Tenancy Agreement

A Hong Kong law-governed agreement enabling the early termination of a tenancy, specifying release terms and settlement conditions.

find out more

Patient Information Release Form

A Hong Kong-compliant form for authorized release of patient medical information, ensuring proper consent and data privacy protection under local regulations.

find out more

Photo Authorization Form

A legal document compliant with Hong Kong law that authorizes the taking, usage, and distribution of photographs, while protecting both photographer and subject rights.

find out more

Testimonial Agreement

A Hong Kong law-governed agreement that establishes terms for providing and using testimonials, ensuring legal compliance and protecting both parties' interests.

find out more

Discipline Letter For Inappropriate Behavior

A formal disciplinary letter under Hong Kong law addressing workplace misconduct, detailing incidents, consequences, and required behavioral improvements.

find out more

Photo Agreement

A Hong Kong-governed agreement establishing terms and conditions for professional photography services, including copyright, usage rights, and delivery specifications.

find out more

Permission Landlord Consent Letter

A Hong Kong legal document where a landlord formally grants specific permissions to a tenant under property lease arrangements.

find out more

Consent Letter For Students

A Hong Kong-compliant consent letter template for educational institutions to obtain permissions from students/guardians for school activities and data processing.

find out more

Legal Claim Letter

A formal pre-litigation document under Hong Kong law that outlines a legal claim, its basis, and demanded remedies.

find out more

Sports Waiver Form

A Hong Kong-compliant waiver form for sports activities that protects operators from liability while ensuring participant risk acknowledgment.

find out more

PSA Authorization Letter For Minor

A Hong Kong-governed authorization letter allowing parents/guardians to permit PSA to authenticate items on behalf of a minor.

find out more

Patient Consent For Publication

A Hong Kong-compliant consent form for publishing patient medical information in academic and professional contexts, aligned with local privacy laws and medical regulations.

find out more

Parent Consent Letter For Field Trip

A Hong Kong-compliant consent letter used by educational institutions to obtain parental authorization for student field trips, including trip details and safety information.

find out more

Dynamic SLA

A Hong Kong law-governed agreement establishing automatically adjusting service levels between providers and customers, with integrated monitoring and adjustment mechanisms.

find out more

Data Privacy Consent Form

A Hong Kong-compliant consent form for personal data collection and processing under the PDPO, enabling organizations to legally obtain consent from individuals.

find out more

Consent Form For Field Trip

A Hong Kong-compliant consent form for student field trips, establishing parental authorization and safety protocols for off-site educational activities.

find out more

Consent Authorization

A Hong Kong law-governed document obtaining explicit consent for personal data collection and processing, compliant with the Personal Data (Privacy) Ordinance.

find out more

Beautician Experience Letter

A Hong Kong-compliant formal letter documenting a beautician's employment history, duties, and professional experience with a specific employer.

find out more

Video Licensing Agreement

A Hong Kong law-governed agreement establishing terms for video content licensing, including usage rights, distribution terms, and compliance requirements.

find out more

Video Consent And Release Form

A Hong Kong law-governed consent form authorizing video recording and usage of an individual's image and likeness, ensuring compliance with local privacy and media regulations.

find out more

Sweat Equity Contract

A Hong Kong law-governed agreement establishing terms for services provided in exchange for company equity, including vesting schedules and performance requirements.

find out more

SOW Proposal

A Hong Kong law-governed Statement of Work Proposal detailing proposed services, deliverables, timelines, and commercial terms for client consideration.

find out more
See more related templates

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it

Generate Legal Docs Free

Create your first 2 documents for free
You keep IP ownership of your information
Your data doesn't train Genie's AI
2 Docs LeftAccess Now
*No registration required