All Countries
Data Privacy
Personal Data Agreement

Personal Data Agreement Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Personal Data Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Personal Data Agreement

"I need a Personal Data Agreement for my software company based in Manila that will be outsourcing customer support services to a BPO provider in Cebu, with processing starting from March 2025 and involving customer contact details and service interaction records."

Celebrated by
Collaborations with
Investors
Document background
The Personal Data Agreement is a crucial document required when organizations in the Philippines engage in the processing of personal data, whether as data controllers or data processors. This agreement becomes necessary when one organization processes personal data on behalf of another, or when multiple parties need to establish clear terms for handling personal information. The document ensures compliance with the Philippines' Data Privacy Act of 2012 and its implementing rules, addressing key requirements such as data protection measures, breach notification procedures, and data subject rights. It is particularly important in contexts where sensitive personal information is processed, where cross-border data transfers occur, or where complex data processing arrangements need to be formalized. The agreement helps organizations demonstrate their commitment to data protection and provides a clear framework for compliance with Philippine privacy laws.
Suggested Sections

1. Parties: Identification of the data controller and data processor/other parties, including their registered addresses and authorized representatives

2. Background: Context of the agreement, relationship between parties, and purpose of data processing

3. Definitions: Definitions of key terms used in the agreement, aligned with the Data Privacy Act definitions

4. Scope and Purpose of Processing: Detailed description of what personal data will be processed and for what specific purposes

5. Data Protection Principles: Statement of compliance with the fundamental data protection principles under Philippine law

6. Rights of Data Subjects: Enumeration of data subject rights and procedures for exercising these rights

7. Security Measures: Technical and organizational measures to ensure data protection

8. Confidentiality Obligations: Confidentiality requirements for handling personal data

9. Data Breach Notification: Procedures for handling and reporting data breaches

10. Term and Termination: Duration of the agreement and conditions for termination

11. Return or Destruction of Data: Procedures for handling personal data upon agreement termination

12. Liability and Indemnification: Allocation of responsibilities and liabilities between parties

13. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. Cross-border Data Transfers: Required when personal data will be transferred outside the Philippines, specifying compliance with cross-border transfer requirements

2. Sub-processing: Include when the data processor may engage sub-processors, specifying conditions and requirements

3. Data Protection Impact Assessment: Required for high-risk processing activities or large-scale processing operations

4. Insurance Requirements: Include when specific insurance coverage for data protection incidents is required

5. Audit Rights: Optional section detailing the controller's right to audit the processor's compliance

6. Force Majeure: Include when specific provisions for handling data protection during force majeure events are needed

7. Special Categories of Data: Required when processing sensitive personal information as defined in the Data Privacy Act

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories to be processed

2. Schedule 2 - Technical and Organizational Security Measures: Specific security measures and controls implemented

3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their roles, if applicable

4. Schedule 4 - Data Processing Activities: Detailed description of processing activities and purposes

5. Schedule 5 - Contact Details and Escalation Procedures: Contact information for key personnel and escalation procedures

6. Appendix A - Data Subject Request Procedures: Detailed procedures for handling data subject requests

7. Appendix B - Data Breach Response Plan: Detailed procedures for responding to data breaches

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Confidential Information
Consent
Data Controller
Data Processor
Data Protection Officer
Data Subject
Data Subject Rights
Information and Communications System
National Privacy Commission
Personal Data
Personal Data Breach
Personal Information
Processing
Security Incident
Security Measures
Sensitive Personal Information
Services
Sub-processor
Technical and Organizational Measures
Term
Third Party
Transfer
Privileged Information
Data Protection Impact Assessment
Cross-border Transfer
Material Breach
Force Majeure
Legitimate Purpose
Privacy Notice
Processing System
Data Sharing
Direct Marketing
Anonymization
Pseudonymization
Data Portability
Storage Period
Minimum Security Requirements
Relevant Industries

Financial Services

Healthcare

Technology and Software

E-commerce

Education

Telecommunications

Business Process Outsourcing

Insurance

Real Estate

Retail

Professional Services

Human Resources Services

Marketing and Advertising

Tourism and Hospitality

Manufacturing

Relevant Teams

Legal

Compliance

Information Security

Information Technology

Privacy

Risk Management

Operations

Procurement

Human Resources

Data Governance

Vendor Management

Internal Audit

Corporate Affairs

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Chief Legal Officer

Chief Compliance Officer

Privacy Manager

Information Security Manager

Compliance Manager

Legal Counsel

IT Director

Risk Manager

Operations Director

Project Manager

Business Development Manager

Procurement Manager

Vendor Management Officer

Information Technology Manager

Human Resources Director

Industries
Republic Act No. 10173: Data Privacy Act of 2012 - The primary legislation governing personal data protection in the Philippines, establishing the fundamental principles and requirements for processing personal information
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that provide specific guidelines on how to implement the Data Privacy Act, including requirements for data protection officers, security measures, and data subject rights
NPC Circular No. 16-01: Security of Personal Data in Government Agencies - Provides guidelines on personal data protection specifically for government agencies
NPC Circular No. 2020-03: Guidelines on Personal Data Breach Management - Outlines the procedures for handling and reporting personal data breaches
Republic Act No. 8792: Electronic Commerce Act of 2000 - Relevant for personal data agreements involving electronic processing and storage of information
NPC Circular No. 2020-01: Guidelines on Security of Personal Information in Cloud Processing - Specific rules for processing personal data in cloud computing environments
BSP Circular No. 982: Enhanced Guidelines on Information Security Management - Relevant if the personal data agreement involves financial institutions or financial data
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.