All Countries
Compliance
Joint Controller Data Processing Agreement

Joint Controller Data Processing Agreement Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Joint Controller Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Joint Controller Data Processing Agreement

"I need a Joint Controller Data Processing Agreement for a collaboration between a Philippine healthcare provider and a medical research institution, with specific provisions for processing sensitive health data and managing joint research projects starting March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Joint Controller Data Processing Agreement is essential when two or more organizations jointly determine the purposes and means of processing personal data in the Philippines. This document is required for compliance with the Data Privacy Act of 2012 and its Implementing Rules and Regulations, as well as relevant National Privacy Commission (NPC) circulars. The agreement should be used when organizations share decision-making authority over data processing activities, such as joint research projects, shared service platforms, or collaborative marketing initiatives. It details the allocation of responsibilities, data protection measures, breach notification procedures, and mechanisms for handling data subject requests. The document ensures clear accountability and transparency in joint processing operations while protecting both the controllers' interests and data subjects' rights under Philippine law.
Suggested Sections

1. Parties: Identification of the joint controllers entering into the agreement

2. Background: Context of the joint processing relationship and purpose of the agreement

3. Definitions: Definitions of key terms used in the agreement, including those from the Data Privacy Act

4. Scope and Purpose: Detailed description of the joint processing activities and their purposes

5. Roles and Responsibilities: Clear allocation of responsibilities between joint controllers, including primary points of contact

6. Data Protection Principles: Commitment to comply with data protection principles under Philippine law

7. Legal Basis for Processing: Identification of legal grounds for processing under the Data Privacy Act

8. Data Subject Rights: Procedures for handling data subject requests and allocation of responsibilities

9. Data Security: Security measures to be implemented by both parties

10. Personal Data Breach Management: Procedures for handling and reporting data breaches

11. Confidentiality: Obligations regarding confidentiality of personal data and business information

12. Liability and Indemnification: Allocation of liability and indemnification obligations between parties

13. Term and Termination: Duration of the agreement and termination provisions

14. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required if personal data will be transferred outside the Philippines

2. Sub-processing: Include if either party may engage sub-processors

3. Insurance: Include if specific insurance requirements are needed for data protection

4. Audit Rights: Include if parties require mutual audit rights beyond statutory obligations

5. Data Protection Impact Assessment: Include if high-risk processing requires regular DPIAs

6. Joint Controller Point of Contact: Include if designating a single point of contact for data subjects

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being processed

2. Schedule 2 - Processing Activities: Detailed description of processing activities and purposes

3. Schedule 3 - Technical and Organizational Measures: Specific security measures implemented by both parties

4. Schedule 4 - Data Subject Rights Procedure: Detailed procedures for handling data subject requests

5. Schedule 5 - Breach Notification Procedure: Detailed procedures for breach notification and management

6. Schedule 6 - Contact Details: Key contacts for both parties for various purposes under the agreement

7. Appendix A - Data Processing Register: Template for maintaining records of processing activities

8. Appendix B - Sub-processor List: Current list of approved sub-processors (if applicable)

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Law
Authorized Personnel
Breach Notification
Business Day
Confidential Information
Consent
Data Protection Laws
Data Privacy Act
Data Protection Impact Assessment
Data Subject
Data Subject Rights
Effective Date
Force Majeure
Information and Communications System
Implementing Rules and Regulations
Joint Controllers
Joint Processing Activities
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Personal Information Controller
Personal Information Processor
Privacy Impact Assessment
Processing
Processing Records
Privileged Information
Regulatory Authority
Security Incident
Security Measures
Sensitive Personal Information
Services
Sub-processor
Technical and Organizational Measures
Term
Third Party
Working Day
Relevant Industries

Technology

Healthcare

Education

Financial Services

Government

Research & Development

Marketing & Advertising

Telecommunications

Insurance

Professional Services

E-commerce

Manufacturing

Retail

Non-profit

Transportation & Logistics

Relevant Teams

Legal

Compliance

Information Security

Information Technology

Risk Management

Operations

Data Protection

Privacy

Information Governance

Procurement

Business Development

Corporate Affairs

Executive Leadership

Relevant Roles

Data Protection Officer

Chief Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

Risk Manager

Chief Information Officer

Chief Technology Officer

Operations Director

Project Manager

Business Development Manager

Contract Manager

Chief Executive Officer

Chief Operating Officer

Privacy Manager

Information Governance Manager

Industries
Data Privacy Act of 2012 (Republic Act No. 10173): The primary data protection law in the Philippines that establishes the requirements for processing personal data, rights of data subjects, and obligations of personal information controllers and processors
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements for compliance, including guidelines for data sharing and joint processing arrangements
NPC Circular No. 16-02: Guidelines on Data Sharing Agreements, providing specific requirements for agreements involving sharing of personal data between controllers
Civil Code of the Philippines (Republic Act No. 386): Governs contractual relationships and obligations, providing the legal framework for creating valid and enforceable agreements
NPC Privacy Policy Office Advisory Opinion No. 2018-063: Provides guidance on joint personal information controllers and their obligations under the Data Privacy Act
NPC Circular No. 2020-03: Guidelines on Personal Data Breach Management, relevant for establishing joint responsibility and procedures for breach notification
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Data Processing Agreement

A Philippine law-compliant agreement establishing responsibilities between joint controllers for personal data processing under the Data Privacy Act.

find out more

DPA Data Protection Agreement

A Data Protection Agreement compliant with Philippine privacy laws (RA 10173), governing the relationship between data controllers and processors in handling personal data.

find out more

Joint Controller Data Sharing Agreement

A Philippine law-compliant agreement establishing terms and responsibilities between joint controllers for sharing and processing personal data under the Data Privacy Act of 2012.

find out more

Confidentiality IP And Data Protection Agreement

A Philippine law-governed agreement combining confidentiality, IP rights, and data protection obligations, ensuring comprehensive protection of sensitive information and compliance with local regulations.

find out more

Personal Data Protection Agreement

A legal agreement governing personal data processing and protection under Philippine data privacy laws, establishing rights and obligations for handling personal information.

find out more

Confidentiality Agreement Data Protection

Philippine-law governed agreement combining confidentiality obligations with data protection requirements under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.