All Countries
Data Privacy
Joint Controller Agreement

Joint Controller Agreement Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Joint Controller Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Joint Controller Agreement

"I need a Joint Controller Agreement for a medical research collaboration between ABC Hospital and XYZ Research Institute in Manila, starting March 2025, covering the sharing of patient data for cancer research, compliant with Philippine healthcare regulations."

Celebrated by
Collaborations with
Investors
Document background
The Joint Controller Agreement is essential when two or more organizations jointly determine the purposes and means of processing personal data in the Philippines. This document is required for compliance with the Data Privacy Act of 2012 and its Implementing Rules and Regulations, as well as relevant National Privacy Commission circulars. It becomes necessary when organizations collaborate on projects or initiatives involving shared data processing responsibilities, such as joint research projects, shared service platforms, or collaborative business ventures. The agreement must clearly delineate each party's responsibilities for compliance with data protection obligations, including security measures, data subject rights management, and breach notification procedures. This document is particularly crucial as it helps organizations avoid ambiguity in their respective roles and ensures clear accountability in their joint data processing activities.
Suggested Sections

1. Parties: Identification of the joint controllers entering into the agreement, including their legal names, registration details, and principal places of business

2. Background: Context of the agreement, description of the joint processing activities, and the relationship between the parties

3. Definitions: Definitions of key terms used in the agreement, including those from the Data Privacy Act and other relevant legislation

4. Scope and Purpose: Detailed description of the joint processing activities, categories of personal data, and purposes of processing

5. Roles and Responsibilities: Clear allocation of responsibilities between joint controllers for compliance with data protection obligations

6. Data Subject Rights: Procedures for handling data subject requests and designation of contact points for data subjects

7. Security Measures: Technical and organizational measures implemented by both parties to ensure data protection

8. Data Breach Notification: Procedures for notifying each other and the NPC of personal data breaches

9. Liability and Indemnification: Allocation of liability between parties and indemnification provisions

10. Term and Termination: Duration of the agreement and circumstances for termination

11. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the Philippines, including mechanisms for ensuring adequate protection

2. Subprocessing: Include when either party may engage subprocessors for the joint processing activities

3. Insurance: Include when parties require specific insurance coverage for data protection risks

4. Audit Rights: Include when parties want specific rights to audit each other's compliance

5. Business Continuity: Include when the joint processing activities are critical and require specific business continuity measures

6. Data Protection Impact Assessment: Required when processing is likely to result in high risks to data subjects

Suggested Schedules

1. Description of Processing Activities: Detailed description of processing activities, including data categories, purposes, and processing operations

2. Technical and Organizational Measures: Detailed security measures implemented by both parties

3. Contact Points and Responsible Persons: List of key contacts, including Data Protection Officers and operational contacts

4. Data Subject Rights Procedure: Detailed procedures for handling data subject requests

5. Data Breach Response Plan: Detailed procedures for responding to and managing data breaches

6. Approved Subprocessors: List of approved subprocessors and their processing activities, if applicable

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Law
Business Day
Confidential Information
Consent
Data Breach
Data Protection Laws
Data Protection Officer
Data Subject
Data Subject Rights
Force Majeure
Implementing Rules and Regulations
Joint Controllers
Joint Processing Activities
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Personal Information Controller
Personal Information Processor
Privacy Impact Assessment
Processing
Sensitive Personal Information
Security Measures
Subprocessor
Technical and Organizational Measures
Term
Third Party
Working Day
Data Sharing
Material Breach
Permitted Purpose
Point of Contact
Privacy Notice
Processing Purposes
Records of Processing
Regulatory Authority
Security Standards
Shared Personal Data
Relevant Industries

Healthcare

Education

Financial Services

Technology

Telecommunications

Government

Research and Development

Retail

Professional Services

Insurance

Manufacturing

Transportation and Logistics

Relevant Teams

Legal

Compliance

Information Security

Data Protection

Information Technology

Risk Management

Operations

Business Development

Corporate Governance

Privacy Office

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

Chief Information Officer

Chief Technology Officer

Project Manager

Business Development Manager

Operations Director

Chief Executive Officer

Contract Manager

Privacy Analyst

Information Governance Manager

Industries
Republic Act No. 10173: Data Privacy Act of 2012 - The primary legislation governing data privacy and protection in the Philippines, establishing the requirements for processing personal data and the rights of data subjects
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements for data protection, privacy impact assessments, and data sharing arrangements
NPC Circular No. 16-02: Data Sharing Agreements - Provides specific guidelines on the mandatory contents of data sharing agreements and the requirements for sharing of personal data between controllers
Republic Act No. 386: Civil Code of the Philippines - Provides the general framework for contracts and obligations, including principles of contract formation, validity, and enforcement
NPC Advisory No. 2019-01: Guidelines on Data Sharing Agreements Involving Government Agencies - Relevant if any party to the joint controller agreement is a government entity
NPC Circular No. 2020-01: Guidelines on Security of Personal Data in a Work-From-Home Arrangement - Important for defining security measures in modern working arrangements between joint controllers
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.