All Countries
Data Privacy
Controller Processor Agreement

Controller Processor Agreement Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller Processor Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller Processor Agreement

"I need a Controller Processor Agreement for my healthcare technology company acting as a data processor for multiple hospitals in the Philippines, with specific provisions for handling sensitive medical data and cross-border transfers to our backup servers in Singapore."

Celebrated by
Collaborations with
Investors
Document background
The Controller Processor Agreement is essential for organizations operating in the Philippines that engage in the processing of personal data through third parties. This document is required under the Philippine Data Privacy Act of 2012 whenever a data controller delegates processing activities to a data processor. The agreement must detail the scope of processing activities, security requirements, confidentiality obligations, and compliance mechanisms. It serves as a crucial compliance tool, ensuring that both parties understand their obligations under Philippine data protection law and establishing clear accountability for data processing operations. The document typically includes specific provisions for data security measures, breach notification procedures, audit rights, and data subject rights management, all tailored to meet Philippine regulatory requirements.
Suggested Sections

1. Parties: Identification of the Data Controller and Data Processor, including their registered addresses and authorized representatives

2. Background: Context of the agreement, relationship between parties, and purpose of the data processing arrangement

3. Definitions: Key terms used in the agreement, including those defined in the Data Privacy Act and additional contract-specific terms

4. Scope and Purpose of Processing: Detailed description of the processing activities, categories of data, and purposes of processing

5. Duration of Processing: Term of the agreement and processing activities, including conditions for renewal

6. Obligations of the Data Controller: Controller's responsibilities including providing instructions, ensuring legal basis for processing, and maintaining compliance

7. Obligations of the Data Processor: Processor's duties including processing only on documented instructions, maintaining confidentiality, and implementing security measures

8. Technical and Organizational Measures: Security measures required to protect personal data during processing

9. Sub-processing: Conditions and requirements for engaging sub-processors

10. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations

11. Personal Data Breach Management: Procedures for breach notification and management

12. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

13. Data Return and Deletion: Requirements for handling data upon termination of services

14. Liability and Indemnification: Allocation of responsibility and liability between parties

15. Termination: Conditions and procedures for terminating the agreement

16. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. Cross-border Data Transfers: Required when personal data will be transferred outside the Philippines, detailing compliance with cross-border transfer requirements

2. Special Categories of Data: Required when processing sensitive personal information as defined in the Data Privacy Act

3. Industry-Specific Requirements: Include when processing data in regulated sectors like healthcare or financial services

4. Insurance Requirements: Specific insurance obligations for high-risk processing activities

5. Business Continuity: Detailed business continuity and disaster recovery requirements for critical processing activities

6. Change Management: Procedures for managing changes to processing activities or security measures

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including data categories, purposes, and processing operations

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures and controls implemented by the processor

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable

5. Schedule 5 - Service Levels: Performance metrics and service levels for processing activities

6. Appendix A - Contact Details: Contact information for key personnel and data protection officers

7. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Law
Authorized Personnel
Authorized Sub-processor
Confidential Information
Controller
Data Protection Laws
Data Privacy Act
Data Subject
Data Subject Rights
Data Protection Officer
Information and Communications System
Implementing Rules and Regulations
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Processing
Processor
Processing Instructions
Sensitive Personal Information
Services
Security Measures
Sub-processor
Technical and Organizational Measures
Term
Third Party
Transfer
Privacy Impact Assessment
Data Protection Impact Assessment
Privileged Information
Cross-border Transfer
Consent
Data Portability
Privacy by Design
Privacy by Default
Record of Processing Activities
Security Incident
Data Retention Period
Data Protection Requirements
Regulatory Authority
Clauses
Interpretation
Obligations
Compliance
Data Processing
Data Security
Confidentiality
Audit Rights
Sub-processing
Data Transfer
Service Levels
Liability
Indemnification
Insurance
Force Majeure
Term and Termination
Data Return and Deletion
Breach Notification
Access Rights
Amendment
Assignment
Severability
Entire Agreement
Notices
Governing Law
Dispute Resolution
Data Subject Rights
Privacy Impact Assessment
Record Keeping
Personnel
Security Measures
Regulatory Cooperation
Warranties
Cost Allocation
Intellectual Property
Representation and Warranties
Relevant Industries

Information Technology

Healthcare

Financial Services

Education

E-commerce

Telecommunications

Business Process Outsourcing

Insurance

Real Estate

Professional Services

Retail

Manufacturing

Government Services

Non-profit Organizations

Research and Development

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Risk Management

Data Protection

Privacy

Operations

Procurement

Information Governance

Vendor Management

Corporate Governance

Regulatory Affairs

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Chief Information Officer

Risk Manager

Operations Manager

Contract Manager

Privacy Manager

Chief Technology Officer

General Counsel

Procurement Manager

Information Governance Manager

Data Protection Specialist

Privacy Analyst

Compliance Officer

Industries
Data Privacy Act of 2012 (Republic Act No. 10173): The primary legislation governing personal data protection in the Philippines, establishing the rights of data subjects and obligations of personal information controllers and processors
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements for data processing agreements and compliance obligations
NPC Circular No. 16-01: Security of Personal Data in Government Agencies, providing guidelines on data protection measures that may be relevant for processors handling government data
NPC Circular No. 2016-03: Personal Data Breach Management, outlining requirements for breach notification and management that should be addressed in the agreement
Civil Code of the Philippines: Provides the general framework for contracts and obligations in the Philippines, which applies to the formal requirements and enforcement of the agreement
E-Commerce Act of 2000 (Republic Act No. 8792): Relevant for electronic data processing and digital signatures if the agreement involves electronic processing or will be executed electronically
Cybercrime Prevention Act of 2012 (Republic Act No. 10175): Relevant for security measures and cybercrime prevention obligations in data processing activities
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.