All Countries
Data Privacy
Data Privacy Addendum

Data Privacy Addendum Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Privacy Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Privacy Addendum

"I need a Data Privacy Addendum for our cloud software service agreement with a US-based provider who will process Philippine customer data starting March 2025; must include cross-border transfer provisions and sub-processor requirements."

Celebrated by
Collaborations with
Investors
Document background
The Data Privacy Addendum is essential for organizations operating in or with the Philippines that engage in personal data processing activities. This document is required when one party (typically a service provider) processes personal data on behalf of another party under Philippine jurisdiction. It ensures compliance with the Data Privacy Act of 2012 and its implementing rules and regulations, as enforced by the National Privacy Commission. The addendum should be used whenever there is a primary agreement involving personal data processing, such as service agreements, cloud computing contracts, or outsourcing arrangements. It details critical aspects including security measures, data breach protocols, cross-border transfer requirements, and data subject rights management. The document is particularly important given the strict penalties for non-compliance with Philippine privacy laws and the increasing focus on data protection globally.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including their registered addresses and authorized representatives

2. Background: Context of the relationship between parties and purpose of the addendum in relation to the main agreement

3. Definitions: Key terms used in the addendum, aligned with definitions from the Philippine Data Privacy Act

4. Scope and Purpose of Processing: Detailed description of the personal data to be processed and the specific purposes for processing

5. Obligations of the Data Processor: Comprehensive list of processor's responsibilities including security measures, confidentiality, and compliance with instructions

6. Obligations of the Data Controller: Controller's responsibilities including providing clear instructions and ensuring lawful basis for processing

7. Data Security Measures: Required technical and organizational security measures in accordance with Philippine regulations

8. Confidentiality: Confidentiality obligations of both parties regarding personal data processed

9. Data Breach Notification: Procedures and timeframes for reporting data breaches as per NPC requirements

10. Audit Rights: Controller's rights to audit processor's compliance and processor's obligation to cooperate

11. Data Subject Rights: Procedures for handling data subject requests and respective responsibilities

12. Term and Termination: Duration of the addendum and conditions for termination

13. Return or Deletion of Data: Obligations regarding personal data upon termination of services

14. Liability and Indemnification: Allocation of liability and indemnification obligations between parties

15. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. Cross-Border Data Transfers: Required when personal data will be transferred outside the Philippines, specifying compliance with cross-border transfer requirements

2. Sub-processors: Include when the processor may engage sub-processors, specifying approval requirements and flow-down obligations

3. Industry-Specific Requirements: Additional provisions for specific industries (e.g., healthcare, banking) subject to additional regulatory requirements

4. Data Protection Impact Assessment: Include when processing activities require DPIA under Philippine law

5. Insurance Requirements: Specific insurance obligations for data privacy incidents, recommended for high-risk processing

6. Business Continuity and Disaster Recovery: Detailed requirements for ensuring data availability and recovery, recommended for critical services

Suggested Schedules

1. Schedule 1 - Details of Processing: Detailed description of data categories, processing activities, purposes, and duration

2. Schedule 2 - Technical and Organizational Security Measures: Specific security measures implemented by the processor

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Schedule 5 - Service Level Agreement for Privacy Operations: Specific performance metrics and requirements for privacy-related operations

6. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

7. Appendix B - Privacy Impact Assessment Template: Standard template for conducting privacy impact assessments

8. Appendix C - Compliance Checklist: Checklist of compliance requirements under Philippine data privacy laws

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Addendum
Applicable Data Protection Laws
Authorized Personnel
Authorized Sub-processor
Business Day
Confidential Information
Controller
Data Breach
Data Privacy Act
Data Protection Officer
Data Subject
Data Subject Rights
Information and Communications System
Main Agreement
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Personal Information Controller
Personal Information Processor
Processing
Processor
Sensitive Personal Information
Security Incident
Security Measures
Services
Sub-processor
Technical and Organizational Measures
Third Party
Transfer
Privileged Information
Processing System
Cross-border Transfer
Data Protection Impact Assessment
Privacy Impact Assessment
Privacy Management Program
Privacy Notice
Consent
Data Sharing
Direct Marketing
Information Security Incident
Material Breach
Privacy Framework
Records of Processing Activities
Regulatory Authority
Standard Contractual Clauses
Clauses
Interpretation
Scope of Processing
Data Protection Compliance
Processing Obligations
Security Measures
Confidentiality
Sub-processing
Data Subject Rights
Data Breach Notification
Cross-border Transfers
Audit Rights
Liability and Indemnification
Term and Termination
Data Deletion
Return of Data
Governing Law
Dispute Resolution
Force Majeure
Assignment
Severability
Entire Agreement
Amendment
Notices
Counterparts
Authority
Relationship of Parties
Insurance
Records and Documentation
Business Continuity
Regulatory Compliance
Relevant Industries

Technology and Software

Healthcare and Medical Services

Financial Services

Education

E-commerce and Retail

Business Process Outsourcing

Telecommunications

Insurance

Professional Services

Manufacturing

Real Estate

Transportation and Logistics

Government and Public Sector

Non-profit Organizations

Media and Entertainment

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Risk Management

Operations

Procurement

Privacy Office

Data Protection

Contract Management

Corporate Governance

Business Development

Project Management

Vendor Management

Internal Audit

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Legal Officer

Privacy Counsel

Compliance Manager

Information Security Officer

IT Director

Risk Manager

Operations Director

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Information Officer

Chief Compliance Officer

Legal Counsel

Privacy Manager

Information Governance Manager

Data Protection Manager

Business Development Manager

Project Manager

Industries
Republic Act No. 10173: Data Privacy Act of 2012 - The primary legislation governing personal data protection in the Philippines, establishing the fundamental principles, rights, and obligations related to data privacy
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that provide specific requirements and procedures for implementing the Data Privacy Act, including specific compliance obligations for personal information controllers and processors
NPC Circular No. 16-01: Security of Personal Data in Government Agencies - Provides guidelines on security measures for protecting personal information in government agencies, which may be relevant for contracts involving government entities
NPC Circular No. 2020-03: Guidelines on Personal Data Breach Management - Outlines requirements for data breach notification and management, which should be addressed in the DPA
NPC Advisory No. 2017-01: Designation of Data Protection Officers (DPO) - Guidelines on the mandatory appointment of DPOs and their responsibilities, which should be reflected in the agreement
NPC Circular No. 16-03: Personal Data Breach Management - Provides detailed rules on personal data breach management procedures and notification requirements
Joint Administrative Order No. 1, Series of 2018: Rules and Regulations Implementing the Ease of Doing Business Act - Includes provisions relevant to data sharing between government agencies and private entities
NPC Circular No. 2020-01: Guidelines on Security of Personal Data in Work-From-Home Arrangements - Important for addressing modern working arrangements and associated data protection requirements
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.