Create a bespoke document in minutes, Â or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Personal Data Protection Agreement
"I need a Personal Data Protection Agreement for my Hong Kong technology company that will be transferring customer data to our cloud service providers in Singapore and Japan, with implementation planned for March 2025."
1. Parties: Identification of the data user and data processor/controller, including full legal names and registered addresses
2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities
3. Definitions: Key terms used in the agreement, aligned with PDPO definitions and including specific technical terms
4. Scope and Purpose: Detailed description of permitted data processing activities and purposes
5. Data Protection Principles: Implementation of the six Data Protection Principles under the PDPO
6. Data Security Measures: Specific security requirements and standards for protecting personal data
7. Data Breach Notification: Procedures and timeframes for reporting and handling data breaches
8. Rights of Data Subjects: Procedures for handling data access and correction requests
9. Confidentiality: Obligations regarding confidentiality of personal data
10. Audit Rights: Rights and procedures for auditing compliance with the agreement
11. Term and Termination: Duration of the agreement and termination provisions
12. Return or Destruction of Data: Obligations regarding personal data upon termination
13. General Provisions: Standard contractual terms including governing law, jurisdiction, and entire agreement
1. International Data Transfers: Provisions for transferring data outside Hong Kong, required when cross-border transfers are contemplated
2. Direct Marketing: Specific provisions for direct marketing activities, required when personal data will be used for direct marketing
3. Sub-processing: Terms governing the appointment and oversight of sub-processors, needed when sub-processors may be engaged
4. Special Categories of Data: Additional protections for sensitive personal data, required when processing sensitive data
5. Data Protection Impact Assessment: Requirements for DPIAs, recommended for high-risk processing activities
6. Insurance Requirements: Specific insurance obligations, recommended for high-value or high-risk processing
7. Business Continuity: Business continuity and disaster recovery requirements, recommended for critical processing activities
1. Schedule 1: Categories of Personal Data: Detailed list of personal data types being processed
2. Schedule 2: Processing Activities: Detailed description of specific processing activities permitted under the agreement
3. Schedule 3: Technical and Organizational Measures: Detailed security measures and controls to be implemented
4. Schedule 4: Approved Sub-processors: List of approved sub-processors and their processing activities
5. Schedule 5: Data Transfer Mechanisms: Details of mechanisms used for international data transfers
6. Appendix A: Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
7. Appendix B: Data Subject Request Procedures: Procedures for handling data subject access and correction requests
Authors
Financial Services
Healthcare
Technology
E-commerce
Education
Professional Services
Insurance
Telecommunications
Retail
Human Resources
Marketing and Advertising
Healthcare Technology
Banking
Consulting
Legal
Compliance
Information Security
Information Technology
Risk Management
Privacy Office
Operations
Data Protection
Information Governance
Technology Operations
Security Operations
Data Management
Chief Privacy Officer
Data Protection Officer
Chief Information Security Officer
Privacy Manager
Compliance Officer
Legal Counsel
IT Security Manager
Risk Manager
Operations Director
Chief Technology Officer
Information Security Analyst
Privacy Analyst
Compliance Manager
Data Protection Specialist
Information Governance Manager
Find the exact document you need
Data Protection Contract
A Hong Kong law-governed data protection contract establishing data processing obligations and compliance requirements under the PDPO.
Personal Data Privacy Notice
A privacy notice compliant with Hong Kong's PDPO, detailing an organization's personal data handling practices and data subject rights.
Data Privacy Consent Form For Survey
A Hong Kong PDPO-compliant privacy consent form for collecting and processing personal data through surveys.
Data Security Agreement
A Hong Kong law-governed agreement establishing data security obligations and protection measures between contracting parties.
Personal Data Protection Agreement
A Hong Kong law-governed agreement establishing data protection obligations and compliance requirements under the PDPO between data controllers and processors.
Data Protection Notice
A Hong Kong PDPO-compliant notice outlining an organization's personal data collection and processing practices.
Download our whitepaper on the future of AI in Legal
³Ò±ð²Ô¾±±ð’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.