¶¶Òõ¶ÌÊÓƵ

All Countries
Data Privacy
Controller To Controller Data Processing Agreement

Controller To Controller Data Processing Agreement Template for Hong Kong

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller Data Processing Agreement

"I need a Controller to Controller Data Processing Agreement governed by Hong Kong law for sharing customer financial data between our bank and an overseas wealth management partner, with the agreement to commence from March 1, 2025 and include specific provisions for cross-border transfers to Singapore."

Celebrated by
Collaborations with
Investors
Document background
The Controller To Controller Data Processing Agreement is essential when two organizations, both acting as data controllers under Hong Kong's Personal Data (Privacy) Ordinance, need to share personal data for specific business purposes. This document is particularly crucial in situations where regular data sharing occurs between independent organizations, each maintaining separate control over the processing of personal data. The agreement ensures compliance with Hong Kong's data protection requirements, including the six data protection principles under the PDPO and guidelines issued by the Privacy Commissioner for Personal Data. It establishes clear protocols for data security, breach notification, data subject rights, and liability allocation. The document should be used whenever two controllers engage in systematic or regular sharing of personal data, regardless of whether the sharing is reciprocal or one-way.
Suggested Sections

1. Parties: Identification of the data controllers entering into the agreement, including their registered addresses and company details

2. Background: Context of the agreement, explaining the data sharing relationship between the controllers and their respective roles

3. Definitions: Definitions of key terms used in the agreement, including those from the PDPO and relevant technical terms

4. Scope and Purpose: Detailed description of the personal data to be shared and the specific purposes for which it may be processed

5. Obligations of the Parties: Core obligations of both controllers regarding data protection, including compliance with PDPO principles

6. Data Protection Measures: Security measures and safeguards required to protect personal data during processing and transfer

7. Data Subject Rights: Procedures for handling data subject requests and ensuring compliance with PDPO rights

8. Data Breach Notification: Protocol for notifying the other party and relevant authorities of data breaches

9. Confidentiality: Obligations regarding confidentiality of shared personal data and business information

10. Term and Termination: Duration of the agreement and circumstances under which it can be terminated

11. Liability and Indemnities: Allocation of liability between parties and indemnification provisions

12. Governing Law and Jurisdiction: Specification of Hong Kong law as governing law and jurisdiction for disputes

Optional Sections

1. Cross-border Transfers: Provisions for transfers of personal data outside Hong Kong, required if either party may transfer data internationally

2. Sub-processing: Terms governing the appointment of sub-processors, needed if either controller may engage third parties

3. Data Protection Impact Assessments: Procedures for conducting DPIAs, relevant for high-risk processing activities

4. Audit Rights: Rights and procedures for conducting audits of data protection compliance, useful for higher-risk relationships

5. Insurance: Requirements for maintaining specific insurance coverage, relevant for high-value or high-risk data processing

6. Cost Allocation: Provisions for sharing costs related to compliance and data subject requests, relevant when significant costs anticipated

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories to be shared between the controllers

2. Schedule 2 - Purposes of Processing: Comprehensive list of approved processing purposes and activities

3. Schedule 3 - Technical and Organizational Measures: Detailed security measures and controls implemented by both parties

4. Schedule 4 - Data Subject Rights Procedures: Detailed procedures for handling data subject requests

5. Schedule 5 - Breach Response Plan: Detailed protocol for responding to and managing data breaches

6. Appendix A - Contact Details: Key contacts for operational, legal, and breach notification purposes

7. Appendix B - Standard Forms: Templates for regular communications, including breach notifications and data subject request handling

Authors

Alex Denne

Head of Growth (Open Source Law) @ ¶¶Òõ¶ÌÊÓƵ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co
Relevant legal definitions


































Clauses


























Relevant Industries

Financial Services

Healthcare

Insurance

Technology

E-commerce

Telecommunications

Professional Services

Education

Real Estate

Retail

Marketing and Advertising

Human Resources Services

Relevant Teams

Legal

Privacy

Compliance

Information Security

Information Technology

Risk Management

Data Governance

Operations

Commercial

Procurement

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Legal Officer

Privacy Counsel

Compliance Manager

Information Security Manager

Chief Information Security Officer

Chief Technology Officer

Risk Manager

Commercial Contract Manager

Legal Counsel

Privacy Manager

Chief Operating Officer

IT Director

Data Governance Manager

Industries





Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

International Data Transfer Addendum

A Hong Kong law-governed addendum that establishes terms for international personal data transfers, ensuring compliance with PDPO and international data protection standards.

find out more

Data Privacy Risk Assessment

A structured assessment of privacy risks and compliance requirements under Hong Kong's PDPO, evaluating data protection measures and providing risk mitigation strategies.

find out more

Personal Data Agreement

A Hong Kong law-governed agreement establishing terms for personal data processing between data users and processors, ensuring PDPO compliance.

find out more

Data Controller Agreement

A Hong Kong law-governed agreement establishing data controller obligations and responsibilities under the PDPO.

find out more

Order Of Meeting Minutes

A legal record of corporate meeting proceedings and decisions that complies with Hong Kong Companies Ordinance requirements.

find out more

Data Processing Addendum

A Hong Kong law-governed addendum establishing terms for personal data processing between controllers and processors, ensuring PDPO compliance.

find out more

Data Confidentiality Agreement

A Hong Kong law-governed agreement establishing confidentiality obligations and data protection requirements between parties sharing sensitive information.

find out more

Contributor Licence Agreement

A Hong Kong law-governed agreement establishing terms for licensing intellectual property rights from contributors to a project maintainer.

find out more

Joint And Several Promissory Note

A Hong Kong law-governed financial instrument where multiple borrowers jointly and severally promise to repay a specified sum to a lender.

find out more

Data Processing Addendum DPA

A Hong Kong law-governed agreement that establishes terms for personal data processing, ensuring compliance with PDPO requirements.

find out more

International Contract Of Sale

A Hong Kong law-governed agreement for international sale of goods, covering delivery, payment, and trade compliance terms.

find out more

Controller To Controller Data Processing Agreement

A Hong Kong law-governed agreement between two data controllers establishing terms for sharing and processing personal data in compliance with the PDPO.

find out more

Intercompany Credit Agreement

A Hong Kong law-governed agreement establishing credit arrangements between related companies within the same corporate group, setting out loan terms, conditions, and regulatory compliance requirements.

find out more

Intra Company Loan Agreement

Hong Kong law-governed agreement establishing loan terms between related companies within the same corporate group.

find out more

Sub Loan Agreement

A Hong Kong law-governed agreement documenting terms for the on-lending of funds from a primary loan to a subsequent borrower.

find out more

Data Protection Addendum

A Hong Kong law-governed addendum that sets out data protection obligations between controllers and processors, ensuring PDPO compliance.

find out more

Commission Split Agreement Between Agents

A Hong Kong law-governed agreement establishing commission sharing arrangements between licensed real estate agents, including split ratios and payment terms.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

³Ò±ð²Ô¾±±ð’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.