Templates Compliance Regulatory Data Processing Addendum (Short Form) - California
California Compliance Regulatory
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
Ready to Edit
Data Processing Addendum (Short Form) - California - Free Editor

DATA PROCESSING ADDENDUM (SHORT FORM)

1. ROLES AND SCOPE

Controller: [CUSTOMER]; Processor: [PROVIDER]. Purpose: [PURPOSE]. Categories of data/subjects: see Annex A.

2. PROCESSING INSTRUCTIONS

Processor will process personal data only per Controller's documented instructions and this DPA.

3. CONFIDENTIALITY

Processor ensures personnel are bound by confidentiality regarding personal data.

4. SECURITY

Processor implements appropriate technical and organizational measures (Annex B). Breach notice to Controller without undue delay (target: [X] hours).

5. SUBPROCESSORS

Processor may engage subprocessors listed in Annex C; new subprocessors require [PRIOR APPROVAL / NOTICE + OBJECTION WINDOW].

6. DATA SUBJECT REQUESTS

Processor will assist Controller in responding to access, deletion, correction, and opt-out requests under applicable privacy laws.

7. RETURN/DELETION

On termination or Controller's request, Processor will delete or return personal data (unless retention required by law).

8. AUDITS

Controller may review Processor's compliance via reports, questionnaires, or on-site audits (on reasonable notice, during business hours).

9. CROSS-BORDER TRANSFERS

If data is transferred outside its origin jurisdiction, parties will implement required safeguards (e.g., SCCs/IDTA/Data Privacy Framework).

10. LIABILITY

Cap and exclusions follow the master agreement unless expressly modified here. Consider separate cap for data incidents: $[AMOUNT] or [X]x fees.

11. TERM

Effective as of [DATE]; coterminous with master agreement.

ANNEX A - Data/Processing Description
ANNEX B - Security Measures (encryption, access controls, logging, DR/BCP, vendor oversight)
ANNEX C - Subprocessor List (name, purpose, region)

12. CALIFORNIA PRIVACY ADDENDUM (CPRA)

The parties agree that, to the extent the CPRA applies:
a. Processor acts as a service provider/contractor and will process personal information only for the business purpose(s) described in Annex A and this DPA.
b. Processor will not sell or share personal information, retain, use, or disclose it for any purpose other than the specified business purpose(s), or combine it with other data except as permitted by law.
c. Processor will assist Controller with CPRA consumer requests (access, deletion, correction, opt-out of sale/share, limitation of sensitive data use) and provide information reasonably necessary to respond.
d. Processor will notify Controller if it determines it can no longer meet CPRA obligations and will allow reasonable assessments or audits.
e. Subprocessors will be bound by written terms at least as protective as this DPA.

[// GUIDANCE: If Controller is a business subject to CPRA, ensure required "service provider/contractor" restrictions are reflected in the master agreement and subprocessor terms.]

AI Legal Assistant

Data Processing Addendum (Short Form) - California

Download this template free, or draft it 10x faster with Ezel.

Stop spending hours on:

  • Searching for the right case law
  • Manually tracking changes in Word
  • Checking citations one by one
  • Hunting through emails for client documents

Ezel is the complete legal workspace:

  • Case Law Search — All 50 states + federal, natural language
  • Document Editor — Word-compatible track changes
  • Citation Checking — Verify every case before you file
  • Matters — Organize everything by client or case