Legal Templates
DPA Contract

DPA Contract Template for New Zealand

Create a bespoke document in minutes, or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your DPA Contract

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

DPA Contract

"I need a DPA Contract for my New Zealand-based healthcare software company that will be processing patient data on behalf of multiple medical clinics, with implementation starting March 2025 and including provisions for sub-processors in Australia."

Celebrated by
Collaborations with
Investors

What is a DPA Contract?

The Data Processing Agreement (DPA Contract) is essential for organizations operating in New Zealand that process personal data on behalf of other entities. This document is required under the Privacy Act 2020 when a business engages another organization to process personal data on its behalf. The DPA Contract establishes the rights and obligations of both the data controller and processor, ensuring appropriate safeguards for personal data processing. It includes detailed provisions on data security, confidentiality, breach reporting, and compliance with New Zealand privacy laws. This agreement is particularly crucial for cross-border data transfers and when engaging third-party service providers, as it helps organizations demonstrate compliance with New Zealand's privacy principles and regulatory requirements.

What sections should be included in a DPA Contract?

1. Parties: Identification of the Data Controller and Data Processor, including full legal names and registered addresses

2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities

3. Definitions: Definitions of key terms including Personal Data, Processing, Data Subject, Controller, Processor, and other relevant terms

4. Scope and Purpose of Processing: Detailed description of what personal data will be processed and for what specific purposes

5. Duration: Term of the agreement and processing activities

6. Obligations of the Processor: Core responsibilities of the processor including processing only on documented instructions, confidentiality, security measures

7. Obligations of the Controller: Responsibilities of the controller including lawful basis for processing, accuracy of data

8. Security Measures: Technical and organizational security measures required to protect personal data

9. Data Breach Notification: Procedures and timeframes for reporting data breaches

10. Data Subject Rights: Procedures for handling data subject requests and providing assistance

11. Audit Rights: Controller's right to audit and processor's obligation to demonstrate compliance

12. Data Deletion/Return: Requirements for data deletion or return at the end of processing

13. Liability and Indemnities: Allocation of liability and indemnification provisions

14. Governing Law and Jurisdiction: Specification of New Zealand law and jurisdiction

What sections are optional to include in a DPA Contract?

1. Sub-processors: Terms for appointment and management of sub-processors - include if sub-processors will be used

2. International Transfers: Requirements for transferring data outside New Zealand - include if international transfers are contemplated

3. Special Categories of Data: Additional safeguards for sensitive data - include if processing sensitive personal data

4. Insurance Requirements: Specific insurance obligations - include for high-risk processing

5. Business Continuity: Business continuity and disaster recovery requirements - include for critical processing activities

6. Cost Allocation: Allocation of costs for compliance activities - include if significant compliance costs expected

What schedules should be included in a DPA Contract?

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Security Measures: Detailed technical and organizational security measures to be implemented

3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Schedule 5 - Contact Points: Key contacts for operational and emergency communications

6. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Authorised Person
Business Day
Commencement Date
Confidential Information
Controller
Data Breach
Data Protection Laws
Data Subject
Data Subject Rights
Force Majeure Event
Good Industry Practice
Intellectual Property Rights
International Transfer
Law Enforcement Request
Notice
Personal Data
Personal Information
Privacy Act
Privacy Commissioner
Processor
Processing
Professional Fees
Regulatory Authority
Representatives
Security Measures
Sensitive Information
Services
Special Categories of Personal Data
Sub-processor
Term
Technical and Organisational Measures
Third Party
Relevant Industries

Technology

Healthcare

Financial Services

Education

Professional Services

Cloud Computing

E-commerce

Telecommunications

Marketing Services

Human Resources

Insurance

Government Services

Research and Development

Consulting

Relevant Teams

Legal

Compliance

Information Security

IT

Risk Management

Privacy

Operations

Procurement

Information Governance

Data Management

Relevant Roles

Privacy Officer

Data Protection Officer

Chief Information Security Officer

Legal Counsel

Compliance Manager

IT Director

Risk Manager

Information Security Manager

Privacy Manager

Operations Director

Chief Technology Officer

Contract Manager

Procurement Manager

Information Governance Manager

Chief Legal Officer

Data Manager

Industries
Privacy Act 2020: New Zealand's primary privacy legislation that governs how personal information is collected, used, stored, and disclosed. Essential for DPA compliance.
Privacy (Cross-border Information) Amendment Act 2010: Regulates the transfer of personal information outside of New Zealand, crucial for international data processing arrangements.
Contract and Commercial Law Act 2017: Provides the legal framework for electronic transactions and contract formation in New Zealand.
Unsolicited Electronic Messages Act 2007: Regulates commercial electronic messages and may be relevant if the data processing involves electronic communications or marketing.
Health Information Privacy Code 2020: Specific rules for handling health information if the data processing involves health-related data.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Data Processing Agreement

A New Zealand law-governed agreement regulating intra-group personal data processing activities and ensuring Privacy Act 2020 compliance within corporate groups.

find out more

Pre Negotiation Agreement

A New Zealand law-governed agreement establishing terms for preliminary business negotiations, including confidentiality and non-binding provisions.

find out more

Product Development Non Disclosure Agreement

A New Zealand-law governed agreement protecting confidential information shared during product development activities.

find out more

Joint Controller Agreement

A New Zealand law-governed agreement establishing responsibilities and obligations between organizations that jointly control and process personal data under the Privacy Act 2020.

find out more

Data Processing Addendum

A New Zealand-compliant legal agreement governing the processing of personal information between a data controller and data processor under the Privacy Act 2020.

find out more

Data Agreement

A New Zealand-compliant agreement governing the terms and conditions for data handling between parties, ensuring alignment with local privacy laws and regulations.

find out more

Subprocessor Agreement

A New Zealand law-governed agreement that regulates the relationship between a data processor and subprocessor for handling personal data processing activities.

find out more

DPA Contract

A New Zealand-compliant Data Processing Agreement governing personal data handling between controllers and processors under NZ Privacy Act 2020.

find out more

Controller To Controller Data Processing Agreement

A New Zealand-compliant agreement governing personal data sharing between two independent data controllers, ensuring adherence to the Privacy Act 2020.

find out more

DPA Agreement

A New Zealand-compliant agreement governing the processing of personal data between a controller and processor, ensuring adherence to the Privacy Act 2020.

find out more

Data Transfer Addendum

A New Zealand law-compliant addendum governing cross-border personal data transfers under the Privacy Act 2020, establishing security measures and compliance requirements.

find out more

International Data Transfer Agreement

A New Zealand law-governed agreement establishing requirements and safeguards for international transfer of personal and business data, ensuring compliance with NZ Privacy Act 2020.

find out more

Data Protection Addendum

A legal document under New Zealand law that establishes data protection obligations and privacy compliance requirements between parties processing personal information.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.