All Countries
Data Privacy
Data Protection Addendum

Data Protection Addendum Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Protection Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Protection Addendum

"I need a Data Protection Addendum for my Philippines-based software company that will be processing customer data across APEC countries starting January 2025, with particular emphasis on cross-border data transfers and sub-processor arrangements."

Celebrated by
Collaborations with
Investors
Document background
The Data Protection Addendum is essential for organizations operating in or providing services to entities in the Philippines where personal data processing is involved. This document is typically used when a service agreement or primary contract needs to be supplemented with specific data protection provisions to ensure compliance with the Philippine Data Privacy Act of 2012 and related regulations. It becomes particularly important in scenarios involving outsourced data processing, cloud services, or any business relationship where one party processes personal data on behalf of another. The addendum details crucial aspects such as security measures, data breach protocols, and data subject rights management, while also addressing requirements from the National Privacy Commission (NPC). It's especially relevant for businesses engaged in cross-border data transfers or those working with international partners while maintaining compliance with Philippine privacy laws.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including their registered addresses and representatives

2. Background: Context of the existing relationship between parties and purpose of this addendum

3. Definitions: Key terms used in the addendum, aligned with definitions from the Data Privacy Act of 2012

4. Scope and Purpose of Data Processing: Detailed description of the personal data to be processed and the specific purposes for processing

5. Obligations of the Data Processor: Core responsibilities including processing limitations, confidentiality, security measures, and compliance with instructions

6. Obligations of the Data Controller: Responsibilities including lawful basis for processing, accuracy of data, and providing clear instructions

7. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights under Philippine law

8. Data Security Measures: Technical and organizational security measures required under Philippine law

9. Data Breach Notification: Procedures and timeframes for reporting data breaches as per NPC requirements

10. Audit Rights: Controller's right to audit processor's compliance and processor's obligation to demonstrate compliance

11. Term and Termination: Duration of the addendum and circumstances for termination

12. Return or Deletion of Data: Obligations regarding personal data upon termination of services

13. Governing Law and Jurisdiction: Confirmation of Philippine law application and jurisdiction

Optional Sections

1. Cross-border Data Transfers: Required when personal data will be transferred outside the Philippines, including compliance with APEC CBPR requirements

2. Sub-processors: Include when the processor may engage sub-processors, detailing approval requirements and flow-down obligations

3. Data Protection Impact Assessment: Required for high-risk processing activities as defined by the NPC

4. Special Categories of Personal Data: Include when sensitive personal information as defined in the Data Privacy Act will be processed

5. Government Data Access Requests: Include when there's likelihood of government or law enforcement data access requests

6. Insurance Requirements: Include when specific insurance coverage for data protection incidents is required

7. Disaster Recovery: Include when business continuity and disaster recovery requirements are critical to the data processing

Suggested Schedules

1. Schedule 1 - Details of Processing: Detailed information about the categories of data subjects, types of personal data, and processing activities

2. Schedule 2 - Technical and Organizational Security Measures: Specific security controls and measures implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of authorized sub-processors and their processing activities, if applicable

4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable

5. Appendix A - Data Breach Response Plan: Detailed procedures for identifying, reporting, and managing data breaches

6. Appendix B - Compliance Checklist: Checklist of compliance requirements under Philippine data protection law

7. Appendix C - Data Subject Request Procedures: Detailed procedures for handling various types of data subject requests

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Confidential Information
Consent
Data Breach
Data Controller
Data Processor
Data Protection Laws
Data Protection Officer
Data Subject
Data Subject Rights
Information and Communications System
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Personal Information Controller
Personal Information Processor
Processing
Privileged Information
Security Incident
Security Measures
Sensitive Personal Information
Services
Sub-processor
Technical and Organizational Measures
Third Party
Transfer
Unauthorized Access
Data Protection Impact Assessment
Cross-border Transfer
Data Minimization
Privacy by Design
Privacy Impact Assessment
Processing System
Reasonable Security Measures
Record of Processing Activities
Special Categories of Personal Data
Clauses
Interpretation
Scope of Processing
Data Protection Compliance
Processing Obligations
Security Measures
Confidentiality
Sub-processing
Data Subject Rights
Cross-border Transfers
Audit Rights
Data Breach Notification
Liability and Indemnification
Term and Termination
Data Return and Deletion
Assignment
Notices
Force Majeure
Governing Law
Dispute Resolution
Severability
Data Minimization
Record Keeping
Impact Assessments
Personnel Obligations
Insurance
Amendments
Entire Agreement
Third Party Rights
Relevant Industries

Technology and Software

Healthcare

Financial Services

Education

Retail and E-commerce

Business Process Outsourcing

Professional Services

Manufacturing

Telecommunications

Insurance

Real Estate

Transportation and Logistics

Relevant Teams

Legal

Compliance

Information Security

IT

Privacy

Risk Management

Operations

Procurement

Data Protection

Information Governance

Contract Management

Corporate Affairs

Technology

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Chief Compliance Officer

Privacy Manager

Legal Counsel

IT Director

Compliance Manager

Risk Manager

Information Security Manager

Operations Director

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Operating Officer

Data Protection Specialist

Privacy Analyst

Information Governance Manager

Industries
Data Privacy Act of 2012 (Republic Act No. 10173): The primary legislation governing personal data protection in the Philippines, establishing the rights of data subjects and obligations of personal information controllers and processors
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements and procedures for compliance
NPC Circular No. 16-01 on Security of Personal Data in Government Agencies: Guidelines on personal data protection measures for government agencies, which may be relevant if one party is a government entity
NPC Circular No. 2020-03 on Data Sharing Agreements: Specific requirements and guidelines for agreements involving the sharing of personal data between entities
Electronic Commerce Act of 2000 (Republic Act No. 8792): Relevant for data protection provisions related to electronic transactions and data processing
Cybercrime Prevention Act of 2012 (Republic Act No. 10175): Pertinent to data security measures and prevention of unauthorized access to personal data
NPC Circular No. 2020-01 on Guidelines on Security of Personal Data in a Work-From-Home Arrangement: Specific guidelines for protecting personal data in remote working scenarios, which may be relevant for data processing activities
APEC Cross Border Privacy Rules System: International data protection framework that the Philippines follows for cross-border data transfers within the APEC region
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.