tiktok³ÉÈË°æ

All Countries
Data Privacy
Subprocessor Agreement

Subprocessor Agreement Template for New Zealand

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Subprocessor Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Subprocessor Agreement

"I need a Subprocessor Agreement for my New Zealand-based software company to engage a cloud storage provider in Australia who will process our clients' personal data, with the agreement to commence from March 1, 2025."

Celebrated by
Collaborations with
Investors
Document background
The Subprocessor Agreement is a critical document used when a data processor needs to engage another entity (subprocessor) to carry out specific data processing activities on its behalf. This agreement is particularly important in the New Zealand legal context, where the Privacy Act 2020 requires organizations to ensure appropriate safeguards when handling personal information. The document outlines specific obligations for data handling, security measures, confidentiality requirements, and compliance with both New Zealand and relevant international data protection laws. It is typically used in scenarios where organizations outsource data processing functions, cloud services, or other technical operations involving personal data. The agreement ensures clear accountability, establishes data protection standards, and helps organizations maintain compliance with their legal obligations while engaging third-party service providers.
Suggested Sections

1. Parties: Identification of the main parties: the processor (appointing party) and the subprocessor

2. Background: Context of the agreement, relationship to the main processing agreement, and purpose of the subprocessing arrangement

3. Definitions: Definitions of key terms used throughout the agreement, including technical and legal terminology

4. Appointment and Scope: Formal appointment of the subprocessor and detailed scope of processing activities authorized

5. Subprocessor Obligations: Core obligations including processing instructions, confidentiality, security measures, and compliance requirements

6. Data Protection and Security: Specific requirements for protecting personal data, including security measures and breach notification procedures

7. Audit Rights: Processor's rights to audit the subprocessor's compliance and data processing activities

8. Personnel and Confidentiality: Requirements for personnel handling data and confidentiality obligations

9. International Transfers: Rules and requirements for any international data transfers

10. Liability and Indemnities: Allocation of liability and indemnification obligations between parties

11. Term and Termination: Duration of the agreement, termination rights, and consequences of termination

12. General Provisions: Standard contractual provisions including governing law, dispute resolution, and entire agreement

Optional Sections

1. Sub-subprocessing: Include when the subprocessor may need to engage additional processors

2. Insurance Requirements: Include when specific insurance coverage needs to be maintained

3. Service Levels: Include when specific performance metrics need to be maintained for processing activities

4. Business Continuity: Include when specific disaster recovery and business continuity requirements are needed

5. Specialized Compliance: Include when processing involves specific regulated industries or types of data

6. Fees and Payment: Include when payment terms are not covered in a separate services agreement

7. Migration Assistance: Include when specific requirements for transitioning data processing to another provider are needed

Suggested Schedules

1. Description of Processing: Detailed description of authorized processing activities, categories of data, and purposes

2. Technical and Organizational Measures: Specific security measures and controls implemented by the subprocessor

3. Approved Sub-subprocessors: List of pre-approved sub-subprocessors if applicable

4. Data Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Service Levels and KPIs: Detailed performance metrics and measurement methods if applicable

6. Privacy Impact Assessment: Assessment of privacy risks and mitigation measures

7. Incident Response Plan: Detailed procedures for handling data breaches and security incidents

Authors

Alex Denne

Head of Growth (Open Source Law) @ tiktok³ÉÈË°æ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co
Relevant legal definitions













































Clauses
































Relevant Industries

Technology and Software

Financial Services

Healthcare

Professional Services

E-commerce

Telecommunications

Cloud Services

Marketing and Advertising

Education

Insurance

Manufacturing

Logistics and Supply Chain

Research and Development

Consulting Services

Relevant Teams

Legal

Compliance

Information Security

Privacy

Information Technology

Procurement

Risk Management

Operations

Vendor Management

Data Governance

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Legal Counsel

Privacy Manager

Compliance Officer

Information Security Manager

IT Director

Procurement Manager

Contract Manager

Risk Manager

Operations Director

Chief Technology Officer

Chief Information Security Officer

Vendor Management Officer

Data Governance Manager

Industries








Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Data Processing Agreement

A New Zealand law-governed agreement regulating intra-group personal data processing activities and ensuring Privacy Act 2020 compliance within corporate groups.

find out more

Pre Negotiation Agreement

A New Zealand law-governed agreement establishing terms for preliminary business negotiations, including confidentiality and non-binding provisions.

find out more

Product Development Non Disclosure Agreement

A New Zealand-law governed agreement protecting confidential information shared during product development activities.

find out more

Joint Controller Agreement

A New Zealand law-governed agreement establishing responsibilities and obligations between organizations that jointly control and process personal data under the Privacy Act 2020.

find out more

Data Processing Addendum

A New Zealand-compliant legal agreement governing the processing of personal information between a data controller and data processor under the Privacy Act 2020.

find out more

Data Agreement

A New Zealand-compliant agreement governing the terms and conditions for data handling between parties, ensuring alignment with local privacy laws and regulations.

find out more

Subprocessor Agreement

A New Zealand law-governed agreement that regulates the relationship between a data processor and subprocessor for handling personal data processing activities.

find out more

DPA Contract

A New Zealand-compliant Data Processing Agreement governing personal data handling between controllers and processors under NZ Privacy Act 2020.

find out more

Controller To Controller Data Processing Agreement

A New Zealand-compliant agreement governing personal data sharing between two independent data controllers, ensuring adherence to the Privacy Act 2020.

find out more

DPA Agreement

A New Zealand-compliant agreement governing the processing of personal data between a controller and processor, ensuring adherence to the Privacy Act 2020.

find out more

Data Transfer Addendum

A New Zealand law-compliant addendum governing cross-border personal data transfers under the Privacy Act 2020, establishing security measures and compliance requirements.

find out more

International Data Transfer Agreement

A New Zealand law-governed agreement establishing requirements and safeguards for international transfer of personal and business data, ensuring compliance with NZ Privacy Act 2020.

find out more

Data Protection Addendum

A legal document under New Zealand law that establishes data protection obligations and privacy compliance requirements between parties processing personal information.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

³Ò±ð²Ô¾±±ð’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.