¶¶Òõ¶ÌÊÓƵ

All Countries
Data Privacy
Data Processing Addendum

Data Processing Addendum Template for Hong Kong

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Processing Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Processing Addendum

"I need a Data Processing Addendum under Hong Kong law for my fintech company acting as a data processor for several banks, with specific provisions for financial data security and sub-processor management, to be effective from March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Data Processing Addendum is a critical legal document used when one organization (the data processor) processes personal data on behalf of another organization (the data controller) under Hong Kong law. This document supplements the main service agreement and ensures compliance with the Personal Data (Privacy) Ordinance (PDPO) and guidelines issued by the Privacy Commissioner for Personal Data. It is essential for businesses operating in Hong Kong or processing data of Hong Kong residents, particularly given the territory's strict data protection requirements and its status as an international business hub. The addendum covers crucial aspects such as security measures, data breach procedures, cross-border transfers, and sub-processor arrangements, while addressing specific Hong Kong regulatory requirements.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses

2. Background: Context of the agreement, reference to the main service agreement, and the purpose of this addendum

3. Definitions: Definitions of key terms including 'Personal Data', 'Processing', 'Data Subject', 'Controller', 'Processor' as per PDPO and other relevant terms

4. Scope and Purpose of Processing: Detailed description of the authorized processing activities, types of personal data, and categories of data subjects

5. Obligations of the Processor: Core processor obligations including processing only on documented instructions, confidentiality, security measures, and sub-processor requirements

6. Security Measures: Technical and organizational measures required to protect personal data

7. Sub-processing: Conditions and requirements for engaging sub-processors, including notification and approval processes

8. Data Subject Rights: Processor's obligations to assist the controller in responding to data subject requests

9. Data Breach Notification: Procedures and timeframes for notifying the controller of any personal data breaches

10. Audit Rights: Controller's rights to audit the processor's compliance and processor's obligations to demonstrate compliance

11. Term and Termination: Duration of the DPA and circumstances for termination

12. Return or Deletion of Data: Obligations regarding personal data upon termination of services

Optional Sections

1. Cross-border Transfers: Requirements for transferring data outside Hong Kong - include when international data transfers are contemplated

2. Processor Personnel: Specific requirements for processor's staff handling personal data - include for high-sensitivity processing

3. Insurance Requirements: Specific insurance obligations for the processor - include for high-risk processing activities

4. Industry-Specific Requirements: Additional requirements for specific sectors (e.g., healthcare, finance) - include when processing regulated sector data

5. Data Protection Impact Assessments: Cooperation in conducting DPIAs - include for high-risk processing activities

6. Liability and Indemnification: Specific liability provisions for data protection breaches - include when not covered in main agreement

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including types of data, purposes, and duration

2. Schedule 2 - Security Measures: Detailed technical and organizational security measures to be implemented

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Data Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable

5. Appendix A - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix B - Audit Procedures: Detailed procedures for conducting compliance audits

Authors

Alex Denne

Head of Growth (Open Source Law) @ ¶¶Òõ¶ÌÊÓƵ | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

alex.den.21@genieai.co
Relevant legal definitions


































Clauses



























Relevant Industries

Financial Services

Technology

Healthcare

E-commerce

Professional Services

Insurance

Education

Telecommunications

Real Estate

Retail

Manufacturing

Logistics and Supply Chain

Relevant Teams

Legal

Compliance

Information Technology

Information Security

Privacy

Risk Management

Procurement

Vendor Management

Operations

Data Governance

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Privacy Counsel

Compliance Manager

IT Director

Legal Counsel

Risk Manager

Information Security Manager

Operations Director

Procurement Manager

Vendor Management Officer

Chief Technology Officer

Chief Legal Officer

Privacy Manager

Industries







Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

International Data Transfer Addendum

A Hong Kong law-governed addendum that establishes terms for international personal data transfers, ensuring compliance with PDPO and international data protection standards.

find out more

Data Privacy Risk Assessment

A structured assessment of privacy risks and compliance requirements under Hong Kong's PDPO, evaluating data protection measures and providing risk mitigation strategies.

find out more

Personal Data Agreement

A Hong Kong law-governed agreement establishing terms for personal data processing between data users and processors, ensuring PDPO compliance.

find out more

Data Controller Agreement

A Hong Kong law-governed agreement establishing data controller obligations and responsibilities under the PDPO.

find out more

Order Of Meeting Minutes

A legal record of corporate meeting proceedings and decisions that complies with Hong Kong Companies Ordinance requirements.

find out more

Data Processing Addendum

A Hong Kong law-governed addendum establishing terms for personal data processing between controllers and processors, ensuring PDPO compliance.

find out more

Data Confidentiality Agreement

A Hong Kong law-governed agreement establishing confidentiality obligations and data protection requirements between parties sharing sensitive information.

find out more

Contributor Licence Agreement

A Hong Kong law-governed agreement establishing terms for licensing intellectual property rights from contributors to a project maintainer.

find out more

Joint And Several Promissory Note

A Hong Kong law-governed financial instrument where multiple borrowers jointly and severally promise to repay a specified sum to a lender.

find out more

Data Processing Addendum DPA

A Hong Kong law-governed agreement that establishes terms for personal data processing, ensuring compliance with PDPO requirements.

find out more

International Contract Of Sale

A Hong Kong law-governed agreement for international sale of goods, covering delivery, payment, and trade compliance terms.

find out more

Controller To Controller Data Processing Agreement

A Hong Kong law-governed agreement between two data controllers establishing terms for sharing and processing personal data in compliance with the PDPO.

find out more

Intercompany Credit Agreement

A Hong Kong law-governed agreement establishing credit arrangements between related companies within the same corporate group, setting out loan terms, conditions, and regulatory compliance requirements.

find out more

Intra Company Loan Agreement

Hong Kong law-governed agreement establishing loan terms between related companies within the same corporate group.

find out more

Sub Loan Agreement

A Hong Kong law-governed agreement documenting terms for the on-lending of funds from a primary loan to a subsequent borrower.

find out more

Data Protection Addendum

A Hong Kong law-governed addendum that sets out data protection obligations between controllers and processors, ensuring PDPO compliance.

find out more

Commission Split Agreement Between Agents

A Hong Kong law-governed agreement establishing commission sharing arrangements between licensed real estate agents, including split ratios and payment terms.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: /our-research
Oops! Something went wrong while submitting the form.

³Ò±ð²Ô¾±±ð’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; ³Ò±ð²Ô¾±±ð’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our for more details and real-time security updates.

Read our Privacy Policy.