A Data Privacy Addendum is a critical legal document required whenever a business entity shares, processes, or handles personal data through third-party service providers in India. This document supplements the main service agreement by incorporating specific data protection requirements mandated by Indian law, including the Information Technology Act, 2000, and associated rules. It becomes particularly important in light of India's evolving data protection landscape, especially with the introduction of the Digital Personal Data Protection Act, 2023. The addendum details responsibilities regarding data security, breach notification, cross-border transfers, and compliance with Indian regulatory requirements. It is essential for businesses operating in India or handling data of Indian residents, as it provides the necessary legal framework for data protection compliance and risk management.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the data controller/business and data processor/service provider, including their registered addresses and company details
2. Background: Context of the DPA, reference to the main agreement, and purpose of this addendum
3. Definitions: Key terms including Personal Data, Sensitive Personal Data, Processing, Data Subject, Security Breach, etc., aligned with Indian law
4. Scope and Purpose of Processing: Details of what personal data will be processed and for what purposes
5. Obligations of the Data Processor: Core responsibilities including processing only on documented instructions, confidentiality, security measures, and breach notification
6. Data Security Requirements: Specific security measures required under Indian IT Rules and industry standards
7. Data Breach Notification: Procedures and timeframes for reporting and handling data breaches
8. Rights of Data Subjects: Procedures for handling data subject requests and ensuring their rights
9. Audit and Compliance: Rights of the controller to audit and processor's obligations to demonstrate compliance
10. Term and Termination: Duration of the DPA and conditions for termination
11. Return or Deletion of Data: Obligations regarding data handling upon termination
12. Governing Law and Jurisdiction: Specification of Indian law as governing law and jurisdiction for disputes
1. Cross-Border Data Transfers: Required when personal data will be transferred outside India, including mechanisms for ensuring adequate protection
2. Sub-Processing: Include when the processor may engage sub-processors, detailing authorization requirements and obligations
3. Sector-Specific Compliance: Required for regulated industries like healthcare or financial services
4. Data Localization Requirements: Include for financial data subject to RBI requirements or other sector-specific data localization rules
5. Insurance Requirements: Specific insurance obligations for data protection, if required
6. Business Continuity and Disaster Recovery: Detailed requirements for ensuring data availability and recovery
7. Special Categories of Data: Additional provisions for processing sensitive personal data as defined under Indian law
1. Schedule 1 - Details of Processing: Detailed description of data processing activities, categories of data subjects, types of personal data
2. Schedule 2 - Technical and Organizational Security Measures: Specific security measures implemented to protect personal data
3. Schedule 3 - Authorized Sub-Processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Data Transfer Mechanisms: Details of cross-border transfer mechanisms and safeguards
5. Appendix A - Security Breach Response Plan: Detailed procedures for handling and reporting security breaches
6. Appendix B - Compliance Checklist: Checklist of compliance requirements under Indian data protection laws
Authors
Find the document you need
Pre Negotiation Agreement
An Indian law-governed agreement establishing confidentiality and framework for business negotiations, with binding and non-binding elements.
Download
Controller To Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between independent data controllers, ensuring compliance with DPDP Act 2023.
Download
Joint Controller Data Processing Agreement
An Indian law-compliant agreement establishing roles and responsibilities between joint controllers for personal data processing activities.
Download
Data Addendum
An Indian law-governed document that sets out data processing terms and compliance requirements under Indian data protection legislation.
Download
International Data Protection Agreement
An Indian law-governed agreement regulating international personal data transfers and processing, ensuring compliance with India's data protection regulations.
Download
Intra Group Data Transfer Agreement
A comprehensive agreement governing intra-group data transfers in India, ensuring compliance with Indian data protection laws and establishing data handling protocols between group entities.
Download
Data Controller To Data Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between two independent data controllers, ensuring compliance with Indian data protection regulations.
Download
Commissioned Data Processing Agreement
An Indian law-governed agreement establishing terms for commissioned data processing, ensuring compliance with Indian data protection regulations.
Download
Intercompany Data Processing Agreement
An Indian law-governed agreement regulating intra-group personal data processing activities, ensuring compliance with Indian data protection regulations.
Download
DPA Agreement
An Indian law-compliant agreement governing the processing of personal data between a controller and processor, ensuring compliance with the Digital Personal Data Protection Act, 2023.
Download
Data Transfer Addendum
A legal addendum governing data transfers under Indian law, ensuring compliance with the DPDP Act 2023 and establishing data protection requirements between parties.
Download
Personal Data Protection Agreement
Indian law-compliant Personal Data Protection Agreement governing the processing of personal data between parties under DPDP Act 2023.
Download
Data Protection Agreement For Employees
An India-compliant agreement governing the protection and processing of employee personal data under Indian data protection laws.
Download
Affiliate Addendum
An India-compliant addendum governing affiliate marketing relationships, specifying commission structures and regulatory compliance requirements under Indian law.
Download
Data Privacy Addendum
An Indian law-compliant addendum governing personal data processing and protection obligations between contracting parties.
Download
Sub Processing Agreement
An Indian law-compliant agreement governing data handling between a processor and sub-processor, ensuring adherence to Indian data protection regulations.
Download
International Data Transfer Agreement
An Indian law-governed agreement for secure and compliant international transfer of personal data, ensuring adherence to the Digital Personal Data Protection Act, 2023.
Download
Data Protection Addendum
A legal document under Indian law that sets out data protection obligations and requirements between parties handling personal data, ensuring compliance with the DPDP Act 2023.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
