A Sub Processing Agreement is essential when a data processor needs to engage another entity (sub-processor) to process personal data on its behalf. This agreement type is particularly relevant in India's growing digital economy and outsourcing industry, where data processing chains are common. The document ensures compliance with Indian data protection laws, including the IT Act 2000, IT Rules 2011, and the Digital Personal Data Protection Act, 2023. It should be used whenever a processor delegates data processing activities to another entity, detailing security measures, confidentiality obligations, liability allocation, and compliance requirements. The agreement is crucial for maintaining data protection standards throughout the processing chain and demonstrating regulatory compliance.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
Alternatively...
1. Parties: Identification of the main processor and sub-processor, including their registered addresses and company details
2. Background: Context of the agreement, reference to the main processing agreement, and the need for sub-processing services
3. Definitions: Definitions of key terms including Personal Data, Processing, Data Principal, Security Breach, etc. aligned with Indian law
4. Scope of Sub-Processing: Detailed description of the processing activities to be carried out by the sub-processor
5. Duration and Termination: Term of the agreement and conditions for termination
6. Sub-Processor Obligations: Core obligations including compliance with instructions, confidentiality, and security measures
7. Technical and Organizational Measures: Specific security measures required under Indian law and industry standards
8. Data Protection and Security: Compliance with Indian data protection laws and security requirements
9. Confidentiality: Confidentiality obligations and restrictions on data use
10. Audit Rights: Rights of the processor to audit the sub-processor's compliance
11. Data Breach Notification: Procedures for handling and reporting data breaches
12. Liability and Indemnification: Allocation of liability and indemnification obligations
13. General Provisions: Standard contractual provisions including governing law, jurisdiction, and dispute resolution
1. Cross-Border Data Transfers: Required when data processing involves transfer of data outside India
2. Industry-Specific Compliance: Required when processing data in regulated industries like healthcare or financial services
3. Sub-Sub-Processors: Required when the sub-processor may need to engage additional sub-processors
4. Business Continuity: Optional section detailing disaster recovery and business continuity requirements
5. Insurance Requirements: Optional section specifying required insurance coverage
6. Exit Management: Optional detailed procedures for termination and transition of services
1. Schedule 1 - Processing Activities: Detailed description of the processing activities, including types of data, purposes, and duration
2. Schedule 2 - Technical and Security Measures: Detailed specifications of required security measures and controls
3. Schedule 3 - Service Levels: Performance metrics and service level requirements
4. Schedule 4 - Fee Schedule: Pricing and payment terms for the sub-processing services
5. Appendix A - Data Processing Instructions: Specific instructions for data processing activities
6. Appendix B - Authorized Sub-Sub-Processors: List of approved further sub-processors if applicable
7. Appendix C - Contact Details: Key contacts for operational, technical, and legal matters
Authors
Find the document you need
Pre Negotiation Agreement
An Indian law-governed agreement establishing confidentiality and framework for business negotiations, with binding and non-binding elements.
Download
Controller To Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between independent data controllers, ensuring compliance with DPDP Act 2023.
Download
Joint Controller Data Processing Agreement
An Indian law-compliant agreement establishing roles and responsibilities between joint controllers for personal data processing activities.
Download
Data Addendum
An Indian law-governed document that sets out data processing terms and compliance requirements under Indian data protection legislation.
Download
International Data Protection Agreement
An Indian law-governed agreement regulating international personal data transfers and processing, ensuring compliance with India's data protection regulations.
Download
Intra Group Data Transfer Agreement
A comprehensive agreement governing intra-group data transfers in India, ensuring compliance with Indian data protection laws and establishing data handling protocols between group entities.
Download
Data Controller To Data Controller Agreement
An Indian law-governed agreement establishing terms for personal data sharing between two independent data controllers, ensuring compliance with Indian data protection regulations.
Download
Commissioned Data Processing Agreement
An Indian law-governed agreement establishing terms for commissioned data processing, ensuring compliance with Indian data protection regulations.
Download
Intercompany Data Processing Agreement
An Indian law-governed agreement regulating intra-group personal data processing activities, ensuring compliance with Indian data protection regulations.
Download
DPA Agreement
An Indian law-compliant agreement governing the processing of personal data between a controller and processor, ensuring compliance with the Digital Personal Data Protection Act, 2023.
Download
Data Transfer Addendum
A legal addendum governing data transfers under Indian law, ensuring compliance with the DPDP Act 2023 and establishing data protection requirements between parties.
Download
Personal Data Protection Agreement
Indian law-compliant Personal Data Protection Agreement governing the processing of personal data between parties under DPDP Act 2023.
Download
Data Protection Agreement For Employees
An India-compliant agreement governing the protection and processing of employee personal data under Indian data protection laws.
Download
Affiliate Addendum
An India-compliant addendum governing affiliate marketing relationships, specifying commission structures and regulatory compliance requirements under Indian law.
Download
Data Privacy Addendum
An Indian law-compliant addendum governing personal data processing and protection obligations between contracting parties.
Download
Sub Processing Agreement
An Indian law-compliant agreement governing data handling between a processor and sub-processor, ensuring adherence to Indian data protection regulations.
Download
International Data Transfer Agreement
An Indian law-governed agreement for secure and compliant international transfer of personal data, ensuring adherence to the Digital Personal Data Protection Act, 2023.
Download
Data Protection Addendum
A legal document under Indian law that sets out data protection obligations and requirements between parties handling personal data, ensuring compliance with the DPDP Act 2023.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your data is private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
