Templates Contracts Agreements Short-Form DPA and Transfer Addendum
Universal
Contracts Agreements
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
Short-Form DPA and Transfer Addendum
Ready to Edit
Short-Form DPA and Transfer Addendum - Free Editor

SHORT-FORM DATA PROCESSING AND TRANSFER ADDENDUM

1. ROLES AND SCOPE

  • Customer is Controller; Provider is Processor (or Subprocessor) for limited contact and usage data to provide the Services under the [Agreement].
  • No special categories of data processed. If sensitive/special categories are introduced, parties must upgrade to the comprehensive DPA before processing.

2. INSTRUCTIONS AND DURATION

  • Provider processes Personal Data solely on documented instructions; duration coterminous with the Agreement plus wind-down.

3. SUBPROCESSORS

  • Provider may use subprocessors listed at [URL/Annex]; new subprocessors notified with [X] days’ prior notice; Customer may object on reasonable grounds. Provider remains liable for subprocessors.

4. SECURITY MEASURES

  • Provider maintains appropriate technical and organizational measures (TOMs) including access controls, encryption in transit/at rest, logging/monitoring, vulnerability management, backup/DR, and secure SDLC. Summary available on request or at [URL].

5. DATA SUBJECT REQUESTS

  • Provider will assist Customer with DSRs (access, deletion, correction, portability) within required timelines; Provider will not respond directly unless required by law.

6. BREACH NOTIFICATION

  • Provider will notify Customer without undue delay and within [X] hours of confirming a Personal Data Breach, including nature, scope, and mitigation steps.

7. RETURN AND DELETION

  • Upon termination/expiry, Provider will delete Customer Personal Data within [X] days unless Customer requests return/export first; legal retention carved out as required.

8. AUDITS

  • Evidence-based audits via current SOC/ISO reports or equivalent summaries; if insufficient, Customer may conduct a focused audit once annually with reasonable notice, subject to confidentiality and time/materials fees for on-site audits.

9. TRANSFERS (SCC/UK ADDENDUM)

  • If transferring from EEA/UK/Switzerland: SCCs [Module 2 Controller-Processor or Module 3 Processor-Processor] are incorporated by reference with Annexes completed; UK Addendum/IDTA attached for UK transfers.
  • Provider will conduct transfer impact assessments and implement supplementary measures if required.

10. US STATE PRIVACY

  • Provider acts as “Service Provider”/“Processor” under CCPA/CPRA and other applicable US state privacy laws; no selling/sharing of Personal Information; no secondary use beyond providing Services.

11. ORDER OF PRECEDENCE

  • This Addendum controls over conflicting privacy/security terms in the Agreement; otherwise, the Agreement controls.

12. SIGNATURES

Customer:
By: _________________________
Name: _______________________
Title: ________________________
Date: ________________________

Provider:
By: _________________________
Name: _______________________
Title: ________________________
Date: ________________________

AI Legal Assistant

Welcome to Short-Form DPA and Transfer Addendum

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • Universal jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync