The Data Processing Agreement (DPA) is essential for organizations operating in Hong Kong that outsource the processing of personal data to third parties. This agreement is required to comply with the Personal Data (Privacy) Ordinance (PDPO) and ensures appropriate safeguards are in place for data protection. The DPA should be implemented whenever a data controller engages a data processor to handle personal data on their behalf, whether for cloud services, HR processing, marketing activities, or other data processing services. It sets out crucial terms including processing scope, security measures, confidentiality obligations, breach reporting procedures, and mechanisms for demonstrating compliance. The agreement is particularly important given Hong Kong's status as a major business hub and the frequent need for cross-border data transfers.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
Alternatively...
1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses
2. Background: Context of the agreement, relationship between parties, and purpose of the data processing arrangement
3. Definitions: Definitions of key terms used in the agreement, including 'personal data', 'processing', 'data subject', 'controller', 'processor', etc.
4. Scope and Purpose of Processing: Detailed description of the authorized processing activities, types of personal data, and purposes of processing
5. Duration: Term of the agreement and conditions for renewal or termination
6. Obligations of the Data Processor: Core responsibilities of the processor including processing only on documented instructions, confidentiality, security measures, and subprocessing restrictions
7. Data Security: Technical and organizational security measures required to protect personal data
8. Confidentiality: Confidentiality obligations regarding the processed data and business information
9. Subprocessing: Conditions and requirements for engaging subprocessors
10. Data Subject Rights: Procedures for handling data subject requests and processor's assistance obligations
11. Data Breach Notification: Procedures and timeframes for reporting and handling personal data breaches
12. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance
13. Return or Deletion of Data: Obligations regarding data handling upon agreement termination
14. Liability and Indemnification: Allocation of liability and indemnification obligations
15. General Provisions: Standard contractual provisions including governing law, jurisdiction, and amendment procedures
1. Cross-border Data Transfers: Required when personal data will be transferred outside Hong Kong, detailing transfer mechanisms and safeguards
2. Industry-Specific Requirements: Additional provisions for regulated industries (e.g., financial services, healthcare)
3. Data Protection Impact Assessment: Procedures for conducting DPIAs when required for high-risk processing
4. Business Continuity: Provisions for ensuring continuous data processing services and disaster recovery
5. Insurance Requirements: Specific insurance obligations for data protection and cyber risks
6. Joint Controller Provisions: Required when multiple parties jointly determine processing purposes and means
1. Schedule 1: Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2: Technical and Organizational Measures: Detailed security measures and controls implemented by the processor
3. Schedule 3: Authorized Subprocessors: List of approved subprocessors and their processing activities
4. Schedule 4: Data Transfer Mechanisms: Details of cross-border transfer mechanisms and safeguards if applicable
5. Schedule 5: Service Levels: Performance metrics and service levels for data processing services
6. Appendix A: Contact Details: Contact information for key personnel and data protection officers
7. Appendix B: Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
Authors
Find the document you need
Commission Payment Agreement
A Hong Kong law-governed agreement establishing commission payment terms and conditions between a company and its agents/representatives.
Download
Intra Group Transfer Agreement
A Hong Kong law-governed agreement facilitating transfers between entities within the same corporate group.
Download
DPA Agreement
A Hong Kong law-governed agreement between a data controller and processor establishing terms for personal data processing in compliance with the PDPO.
Download
Referral Agent Agreement
A Hong Kong law-governed agreement establishing terms for referral arrangements between a principal and an agent, including compensation and compliance requirements.
Download
Funding Term Sheet
A preliminary document under Hong Kong law that outlines key terms and conditions for a proposed investment, serving as a framework for final investment agreements.
Download
Commission Confirmation Letter
A Hong Kong law-governed letter confirming commission arrangements between parties, specifying rates, calculation methods, and payment terms.
Download
Independent Sales Rep Agreement
A Hong Kong law-governed agreement establishing terms between a company and an independent sales representative, defining commission structure, territories, and responsibilities.
Download
Commission Share Agreement
A Hong Kong law-governed agreement establishing terms for commission sharing between parties, including calculation methods, payment terms, and obligations.
Download
Broker Fee Agreement
A Hong Kong law-governed agreement establishing broker services terms and fee arrangements between licensed brokers and their clients.
Download
Commission Distribution Agreement
A Hong Kong law-governed agreement establishing commission-based distribution arrangements between a principal and distributor, including territory rights and performance terms.
Download
Sales Representative Agreement
A Hong Kong law-governed agreement establishing the terms and conditions between a company and its sales representative, including appointment, territory rights, and compensation structure.
Download
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your data is private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
