tiktok³ÉÈË°æ

All Countries
Data Privacy
DPA Agreement

DPA Agreement Template for New Zealand

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your DPA Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

DPA Agreement

"I need a DPA Agreement for my New Zealand-based software company that will be processing customer data for a local healthcare provider, with the agreement to commence on March 1, 2025, including specific provisions for handling sensitive medical information and breach notification procedures."

Celebrated by
Collaborations with
Investors
Document background
A Data Processing Agreement (DPA) is required whenever an organization (the data controller) engages another organization (the data processor) to process personal data on its behalf. This document is essential for compliance with New Zealand's Privacy Act 2020 and is particularly crucial in the current digital landscape where data processing activities are increasingly outsourced. The DPA Agreement establishes clear accountability and transparency in data handling operations, defining specific responsibilities for both parties, security requirements, breach notification procedures, and data subject rights management. It becomes especially important when dealing with sensitive personal information, cross-border data transfers, or when engaging multiple sub-processors. The agreement helps organizations demonstrate their commitment to data protection and privacy compliance while managing risks associated with third-party data processing.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registration details

2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities

3. Definitions: Key terms including Personal Data, Processing, Data Subject, Controller, Processor, Applicable Data Protection Law, etc.

4. Scope and Purpose of Processing: Detailed description of the data processing activities, types of data, and purposes

5. Duration: Term of the agreement and processing activities

6. Obligations of the Data Controller: Controller's responsibilities, including lawful basis for processing, instructions, and compliance with privacy principles

7. Obligations of the Data Processor: Processor's duties including processing only on documented instructions, confidentiality, security measures, and sub-processor requirements

8. Data Security: Security measures and standards required to protect personal data

9. Data Breach Notification: Procedures for handling and reporting data breaches

10. Data Subject Rights: Procedures for handling data subject requests and assistance to the controller

11. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance

12. Return or Deletion of Data: Requirements for data handling upon agreement termination

13. Liability and Indemnities: Allocation of risks and responsibilities between parties

14. General Provisions: Standard contractual terms including governing law, jurisdiction, and entire agreement

Optional Sections

1. Cross-border Data Transfers: Required when personal data will be transferred outside New Zealand, detailing compliance with Privacy Act 2020 requirements

2. Sub-processing: Required when the processor intends to use sub-processors, detailing approval process and obligations

3. Business Continuity and Disaster Recovery: Required for critical data processing services, detailing backup and recovery procedures

4. Insurance Requirements: Optional section specifying required insurance coverage for data protection risks

5. Special Categories of Personal Data: Required when processing sensitive personal information, detailing additional safeguards

6. Data Protection Impact Assessment: Required for high-risk processing activities, detailing assessment requirements and cooperation

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Specific security measures and controls implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable

5. Schedule 5 - Service Level Agreement: Performance metrics and service levels for data processing activities

6. Appendix A - Data Breach Response Plan: Detailed procedures for responding to and reporting data breaches

7. Appendix B - Security Audit Requirements: Specific requirements and procedures for security audits and assessments

Authors

Alex Denne

Head of Growth (Open Source Law) @ tiktok³ÉÈË°æ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co
Relevant legal definitions



































Clauses






























Relevant Industries

Technology and Software

Healthcare

Financial Services

Professional Services

E-commerce

Education

Cloud Services

Telecommunications

Human Resources

Marketing and Advertising

Insurance

Government and Public Sector

Consulting

Relevant Teams

Legal

Compliance

Information Security

IT

Risk Management

Privacy

Data Protection

Procurement

Operations

Information Governance

Relevant Roles

Privacy Officer

Data Protection Officer

Chief Information Security Officer

Legal Counsel

Compliance Manager

IT Director

Risk Manager

Information Security Manager

Operations Manager

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Legal Officer

Privacy Manager

Data Governance Manager

Industries






Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Data Processing Agreement

A New Zealand law-governed agreement regulating intra-group personal data processing activities and ensuring Privacy Act 2020 compliance within corporate groups.

find out more

Pre Negotiation Agreement

A New Zealand law-governed agreement establishing terms for preliminary business negotiations, including confidentiality and non-binding provisions.

find out more

Product Development Non Disclosure Agreement

A New Zealand-law governed agreement protecting confidential information shared during product development activities.

find out more

Joint Controller Agreement

A New Zealand law-governed agreement establishing responsibilities and obligations between organizations that jointly control and process personal data under the Privacy Act 2020.

find out more

Data Processing Addendum

A New Zealand-compliant legal agreement governing the processing of personal information between a data controller and data processor under the Privacy Act 2020.

find out more

Data Agreement

A New Zealand-compliant agreement governing the terms and conditions for data handling between parties, ensuring alignment with local privacy laws and regulations.

find out more

Subprocessor Agreement

A New Zealand law-governed agreement that regulates the relationship between a data processor and subprocessor for handling personal data processing activities.

find out more

DPA Contract

A New Zealand-compliant Data Processing Agreement governing personal data handling between controllers and processors under NZ Privacy Act 2020.

find out more

Controller To Controller Data Processing Agreement

A New Zealand-compliant agreement governing personal data sharing between two independent data controllers, ensuring adherence to the Privacy Act 2020.

find out more

DPA Agreement

A New Zealand-compliant agreement governing the processing of personal data between a controller and processor, ensuring adherence to the Privacy Act 2020.

find out more

Data Transfer Addendum

A New Zealand law-compliant addendum governing cross-border personal data transfers under the Privacy Act 2020, establishing security measures and compliance requirements.

find out more

International Data Transfer Agreement

A New Zealand law-governed agreement establishing requirements and safeguards for international transfer of personal and business data, ensuring compliance with NZ Privacy Act 2020.

find out more

Data Protection Addendum

A legal document under New Zealand law that establishes data protection obligations and privacy compliance requirements between parties processing personal information.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

³Ò±ð²Ô¾±±ð’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.