All Countries
Data Privacy
Data Processing Addendum

Data Processing Addendum Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Processing Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Processing Addendum

"I need a Data Processing Addendum for our cloud software company based in Manila, which will be processing customer data for multiple EU-based clients starting January 2025; the document must comply with both Philippine data protection laws and include provisions for international data transfers."

Celebrated by
Collaborations with
Investors
Document background
The Data Processing Addendum (DPA) is a critical legal document required whenever an organization (data controller) engages another party (data processor) to process personal data on its behalf in the Philippines. This document supplements the main service agreement between parties and ensures compliance with the Philippine Data Privacy Act of 2012 and its implementing rules. The DPA becomes particularly important in contexts involving outsourcing, cloud services, or any third-party data processing arrangements. It details specific requirements for data security, breach notification procedures, cross-border transfers, and data subject rights management. The document is essential for demonstrating compliance with Philippine privacy laws and protecting both parties' interests in data processing activities.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including their registered addresses and authorized representatives

2. Background: Context of the relationship between parties and reference to the main agreement this DPA supplements

3. Definitions: Key terms used in the agreement, aligned with definitions from the Data Privacy Act of 2012

4. Scope and Purpose: Details of the data processing activities covered by the agreement

5. Obligations of the Data Processor: Core responsibilities of the processor including security measures, confidentiality, and processing limitations

6. Obligations of the Data Controller: Responsibilities of the controller including lawful basis for processing and instructions

7. Data Subject Rights: Procedures for handling data subject requests and ensuring compliance with their rights

8. Data Security: Required security measures and protocols for protecting personal data

9. Data Breach Notification: Procedures and timeframes for reporting and handling data breaches

10. Audit Rights: Controller's rights to audit the processor's compliance and related procedures

11. Cross-border Data Transfers: Rules and safeguards for international data transfers

12. Term and Termination: Duration of the agreement and conditions for termination

13. Return or Deletion of Data: Obligations regarding personal data upon contract termination

14. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. Sub-processors: Rules for engaging sub-processors - include when the processor may need to engage third parties

2. Insurance Requirements: Specific insurance obligations - include for high-risk processing activities

3. Limitation of Liability: Specific liability caps and exclusions - include when standard terms need modification

4. Business Continuity: Business continuity and disaster recovery requirements - include for critical processing activities

5. Costs and Fees: Financial terms specific to data processing - include when separate from main agreement

6. Data Protection Impact Assessment: DPIA requirements - include for high-risk processing activities

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data and purposes

2. Schedule 2 - Technical and Organizational Measures: Specific security measures and controls implemented by the processor

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Appendix A - Security Breach Response Plan: Detailed procedures for handling and reporting security breaches

6. Appendix B - Data Subject Request Procedure: Process flow for handling data subject rights requests

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Authorized Sub-processor
Business Day
Confidential Information
Controller
Cross-border Transfer
Data Breach
Data Privacy Act
Data Protection Impact Assessment
Data Protection Laws
Data Protection Officer
Data Subject
Data Subject Rights
Information and Communications System
International Data Transfer
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Personal Information Controller
Personal Information Processor
Processing
Processor
Restricted Transfer
Security Measures
Sensitive Personal Information
Services
Sub-processor
Technical and Organizational Measures
Term
Third Party
Transfer Mechanisms
Clauses
Definitions
Scope
Data Processing Obligations
Processing Instructions
Confidentiality
Security Measures
Data Subject Rights
Data Breach Notification
Sub-processing
Cross-border Transfers
Audit Rights
Liability
Indemnification
Insurance
Term and Termination
Data Return and Deletion
Governing Law
Dispute Resolution
Force Majeure
Assignment
Severability
Entire Agreement
Notices
Amendments
Regulatory Compliance
Personnel Obligations
Documentation Requirements
Business Continuity
Data Protection Impact Assessment
Breach Reporting
Relevant Industries

Technology and Software

Healthcare

Financial Services

E-commerce

Education

Business Process Outsourcing

Telecommunications

Professional Services

Manufacturing

Retail

Insurance

Real Estate

Travel and Hospitality

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Privacy

Risk Management

Procurement

Vendor Management

Operations

Data Governance

Corporate Affairs

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Chief Information Security Officer

Privacy Manager

Risk Manager

Procurement Manager

Vendor Management Officer

Chief Technology Officer

Operations Director

Chief Legal Officer

Contract Manager

Industries
Republic Act No. 10173: Data Privacy Act of 2012 - The primary legislation governing personal data protection in the Philippines, establishing the rights of data subjects and obligations of personal information controllers and processors
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements for data processing, security measures, and compliance procedures
NPC Circular No. 16-01: Security of Personal Data in Government Agencies - Provides guidelines on security measures for data protection, relevant for contracts involving government entities
NPC Circular No. 2020-03: Guidelines on Personal Data Breach Management - Important for including breach notification procedures in the DPA
Republic Act No. 386: Civil Code of the Philippines - Provides the general framework for contracts and obligations, which applies to the formal requirements of the DPA as a contract
NPC Advisory No. 2019-001: Guidelines on Data Sharing Agreements - Provides requirements for agreements involving the sharing of personal data between entities
NPC Circular No. 2020-01: Guidelines on Outsourcing and Subcontracting of Personal Data Processing - Specific rules for outsourcing arrangements involving personal data
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.