Templates Compliance Regulatory Data Processing Addendum (Short Form) - New York
New York Compliance Regulatory
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
Ready to Edit
Data Processing Addendum (Short Form) - New York - Free Editor

DATA PROCESSING ADDENDUM (SHORT FORM)

1. ROLES AND SCOPE

Controller: [CUSTOMER]; Processor: [PROVIDER]. Purpose: [PURPOSE]. Categories of data/subjects: see Annex A.

2. PROCESSING INSTRUCTIONS

Processor will process personal data only per Controller's documented instructions and this DPA.

3. CONFIDENTIALITY

Processor ensures personnel are bound by confidentiality regarding personal data.

4. SECURITY

Processor implements appropriate technical and organizational measures (Annex B). Breach notice to Controller without undue delay (target: [X] hours).

5. SUBPROCESSORS

Processor may engage subprocessors listed in Annex C; new subprocessors require [PRIOR APPROVAL / NOTICE + OBJECTION WINDOW].

6. DATA SUBJECT REQUESTS

Processor will assist Controller in responding to access, deletion, correction, and opt-out requests under applicable privacy laws.

7. RETURN/DELETION

On termination or Controller's request, Processor will delete or return personal data (unless retention required by law).

8. AUDITS

Controller may review Processor's compliance via reports, questionnaires, or on-site audits (on reasonable notice, during business hours).

9. CROSS-BORDER TRANSFERS

If data is transferred outside its origin jurisdiction, parties will implement required safeguards (e.g., SCCs/IDTA/Data Privacy Framework).

10. LIABILITY

Cap and exclusions follow the master agreement unless expressly modified here. Consider separate cap for data incidents: $[AMOUNT] or [X]x fees.

11. TERM

Effective as of [DATE]; coterminous with master agreement.

ANNEX A - Data/Processing Description
ANNEX B - Security Measures (encryption, access controls, logging, DR/BCP, vendor oversight)
ANNEX C - Subprocessor List (name, purpose, region)

12. NEW YORK DATA SECURITY ADDENDUM

The parties agree that, to the extent New York law applies:
a. Processor will maintain reasonable administrative, technical, and physical safeguards to protect private information, consistent with the NY SHIELD Act.
b. Processor will promptly notify Controller of any security incident affecting New York private information and will cooperate with investigation and mitigation.
c. Processor will assist Controller with regulator inquiries and breach notification obligations where required by law.

[// GUIDANCE: If Controller is subject to sectoral rules (e.g., NYDFS 23 NYCRR 500), include any required cybersecurity control or reporting commitments.]

AI Legal Assistant

Data Processing Addendum (Short Form) - New York

Download this template free, or draft it 10x faster with Ezel.

Stop spending hours on:

  • Searching for the right case law
  • Manually tracking changes in Word
  • Checking citations one by one
  • Hunting through emails for client documents

Ezel is the complete legal workspace:

  • Case Law Search — All 50 states + federal, natural language
  • Document Editor — Word-compatible track changes
  • Citation Checking — Verify every case before you file
  • Matters — Organize everything by client or case