All Countries
Data Privacy
Sub Processing Agreement

Sub Processing Agreement Template for Philippines

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Sub Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Sub Processing Agreement

"I need a Sub Processing Agreement for my Manila-based IT company to engage a cloud service provider in Singapore for processing customer data, with the agreement starting January 1, 2025, and including strict security measures and cross-border transfer provisions."

Celebrated by
Collaborations with
Investors
Document background
The Sub Processing Agreement is essential when a data processor needs to engage another entity (sub-processor) to perform specific data processing activities on their behalf. This document is particularly crucial in the Philippine context, where the Data Privacy Act of 2012 requires formal documentation of such arrangements. The agreement should be used whenever a processor delegates any part of their data processing obligations to another entity, ensuring compliance with Philippine privacy laws and regulations. It typically includes detailed provisions on data security, confidentiality, breach notification procedures, audit rights, and data subject rights protection. The document becomes especially important in industries with significant data processing activities, such as IT services, business process outsourcing, and financial services, where chain processing of personal data is common.
Suggested Sections

1. Parties: Identification of the main processor and sub-processor, including their legal details and registered addresses

2. Background: Context of the agreement, reference to the main processing agreement, and the purpose of engaging a sub-processor

3. Definitions: Definitions of key terms used in the agreement, including technical terms and references to applicable laws

4. Scope of Sub-Processing: Detailed description of the processing activities to be carried out by the sub-processor

5. Duration: Term of the agreement, including commencement date and conditions for renewal

6. Sub-Processor Obligations: Core obligations including data protection, security measures, and compliance with instructions

7. Technical and Organizational Measures: Required security measures and standards for data protection

8. Confidentiality: Confidentiality obligations and handling of sensitive information

9. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights

10. Personal Data Breach: Procedures for breach notification and incident response

11. Audit Rights: Rights of the processor to audit the sub-processor's compliance

12. Return or Destruction of Data: Requirements for data handling upon termination

13. Liability and Indemnification: Allocation of liability and indemnification obligations

14. Termination: Conditions and procedures for termination of the agreement

15. Governing Law and Jurisdiction: Specification of Philippine law as governing law and jurisdiction for disputes

Optional Sections

1. Further Sub-Processing: Include when the sub-processor may need to engage additional sub-processors

2. Cross-Border Transfers: Include when personal data may be transferred outside the Philippines

3. Insurance Requirements: Include when specific insurance coverage is required for the sub-processor

4. Business Continuity: Include when the processing activities are critical and require specific business continuity measures

5. Intellectual Property Rights: Include when the sub-processing involves creation or use of intellectual property

6. Service Levels: Include when specific performance metrics need to be maintained

7. Change Control: Include when formal procedures for changes to processing activities are required

Suggested Schedules

1. Description of Processing Activities: Detailed description of the nature and purpose of processing, categories of data subjects and personal data

2. Technical and Security Measures: Detailed specifications of required security measures and controls

3. Authorized Sub-Processors: List of any pre-approved further sub-processors (if applicable)

4. Data Transfer Mechanisms: Details of mechanisms for any international data transfers

5. Service Levels and KPIs: Detailed performance metrics and service level requirements

6. Fee Schedule: Breakdown of fees and payment terms for sub-processing services

7. Contact Details and Escalation Matrix: Key contacts and procedures for operational and emergency communications

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Persons
Business Day
Confidential Information
Controller
Data Privacy Act
Data Protection Officer
Data Subject
Data Subject Rights
Effective Date
Force Majeure Event
Information Security Incident
Intellectual Property Rights
Main Processing Agreement
National Privacy Commission
Personal Data
Personal Data Breach
Processing
Processor
Processing Instructions
Regulatory Authority
Sensitive Personal Information
Services
Sub-Processor
Sub-Processing Services
Technical and Organizational Measures
Term
Third Party
Working Day
Relevant Industries

Information Technology

Business Process Outsourcing

Healthcare

Financial Services

E-commerce

Telecommunications

Education

Insurance

Professional Services

Manufacturing

Relevant Teams

Legal

Compliance

Information Security

Information Technology

Operations

Procurement

Risk Management

Data Protection

Vendor Management

Privacy

Contract Administration

Relevant Roles

Data Protection Officer

Privacy Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Operations Manager

Procurement Manager

Contract Manager

Risk Manager

Chief Information Security Officer

Chief Technology Officer

Chief Operations Officer

Vendor Management Officer

Data Governance Manager

Industries
Data Privacy Act of 2012 (Republic Act No. 10173): The primary law governing personal data protection in the Philippines, establishing requirements for processing personal information and obligations of data controllers and processors
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed guidelines and requirements for implementing the Data Privacy Act, including specific obligations for data processors and sub-processors
Civil Code of the Philippines (Republic Act No. 386): Governs general contract formation, validity, and enforcement of contractual obligations in the Philippines
National Privacy Commission Circular No. 16-01: Guidelines on Security of Personal Data in Government Agencies, including requirements for data sharing and processing agreements
Business Process Outsourcing Services Regulations: Regulations specific to outsourcing services in the Philippines, including requirements for service agreements and data handling
E-Commerce Act of 2000 (Republic Act No. 8792): Relevant for electronic data transmission and digital contracts, particularly important for online or electronic processing activities
National Privacy Commission Circular No. 2020-01: Guidelines on outsourcing and sub-contracting of personal data processing, including requirements for written agreements and security measures
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Personal Information Processing Agreement

A Philippine law-compliant agreement governing personal data processing arrangements between controllers and processors under RA 10173.

find out more

Data Processing Contract

A Philippine law-compliant agreement governing personal data processing activities between controllers and processors under the Data Privacy Act 2012.

find out more

Joint Controller Agreement

A Philippine law-compliant agreement establishing rights and obligations between parties jointly controlling personal data processing under the Data Privacy Act.

find out more

Intra Group Data Sharing Agreement

Philippine law-governed agreement for regulated data sharing between group companies, ensuring compliance with local data privacy requirements.

find out more

Personal Data Agreement

A legally binding agreement under Philippine law that governs the processing of personal data between parties, ensuring compliance with the Data Privacy Act of 2012.

find out more

Standard Data Processing Agreement

A comprehensive data processing agreement compliant with Philippine data protection laws, establishing controller-processor obligations under the Data Privacy Act of 2012.

find out more

Data Processing Addendum

A Philippine law-compliant agreement establishing terms for personal data processing between controllers and processors, ensuring compliance with the Data Privacy Act of 2012.

find out more

DPA Data Privacy Agreement

A Philippine law-compliant data privacy agreement establishing data processing responsibilities and protections under RA 10173.

find out more

Third Party Processor Agreement

A Philippine law-compliant agreement governing the processing of personal data by a third party on behalf of a data controller, aligned with the Data Privacy Act of 2012.

find out more

Personal Data Collection Agreement

A Philippine law-compliant agreement governing the collection and processing of personal data under the Data Privacy Act of 2012.

find out more

Processor To Processor DPA

A Philippine law-compliant agreement between two data processors governing the terms of data processing activities and responsibilities under the Data Privacy Act.

find out more

Master Data Protection Agreement

A Philippines-compliant agreement establishing data protection obligations between parties under the Data Privacy Act of 2012.

find out more

Data Management Agreement

A Philippine law-governed agreement establishing terms for data management and processing between organizations, ensuring compliance with local data privacy regulations.

find out more

Data Controller To Data Controller Agreement

A Philippine law-compliant agreement governing personal data sharing between independent data controllers under the Data Privacy Act of 2012.

find out more

Controller To Controller DPA

A Philippine law-compliant agreement governing personal data sharing between two independent data controllers under the Data Privacy Act of 2012.

find out more

Intercompany Data Sharing Agreement

A Philippine law-governed agreement establishing protocols for secure data sharing between related companies, ensuring compliance with local data privacy regulations.

find out more

Supplier Data Processing Agreement

A Philippine law-compliant agreement governing the processing of personal data by a supplier on behalf of a company, ensuring compliance with the Data Privacy Act of 2012.

find out more

Controller Processor Agreement

A legal agreement under Philippine law governing personal data processing arrangements between controllers and processors, ensuring compliance with the Data Privacy Act.

find out more

Order Processing Agreement

A Philippine law-governed agreement establishing terms and conditions between a business client and order processing service provider, ensuring regulatory compliance and operational efficiency.

find out more

Data Protection Agreement For Employees

A Philippine-law compliant agreement governing the protection and processing of employee personal data under the Data Privacy Act of 2012.

find out more

Affiliate Addendum

A legal document governing affiliate marketing relationships under Philippine law, establishing terms, commissions, and compliance requirements.

find out more

Data Privacy Addendum

A Philippine law-governed addendum that establishes data privacy obligations and compliance requirements between data controllers and processors under the Data Privacy Act of 2012.

find out more

Sub Processing Agreement

A Philippine law-compliant agreement governing the relationship between a data processor and sub-processor for personal data handling activities.

find out more

Data Protection Addendum

A Philippine law-compliant addendum that establishes data protection obligations between data controllers and processors under the Data Privacy Act of 2012.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.