Templates Contracts Agreements Short-Form DPA and Transfer Addendum - New York
New York Contracts Agreements
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
Ready to Edit
Short-Form DPA and Transfer Addendum - New York - Free Editor

SHORT-FORM DATA PROCESSING AND TRANSFER ADDENDUM (NEW YORK)

1. ROLES AND SCOPE

  • Customer is Controller; Provider is Processor (or Subprocessor) for limited contact and usage data to provide the Services under the [Agreement].
  • No special categories of data processed. If sensitive or special categories are introduced, parties must upgrade to the comprehensive DPA before processing.

2. INSTRUCTIONS AND DURATION

  • Provider processes Personal Data solely on documented instructions; duration coterminous with the Agreement plus wind-down.

3. SUBPROCESSORS

  • Provider may use subprocessors listed at [URL/Annex]; new subprocessors notified with [X] days' prior notice; Customer may object on reasonable grounds. Provider remains liable for subprocessors.

4. SECURITY MEASURES

  • Provider maintains appropriate technical and organizational measures (TOMs) including access controls, encryption in transit/at rest, logging and monitoring, vulnerability management, backup/DR, and secure SDLC. Summary available on request or at [URL].

5. DATA SUBJECT REQUESTS

  • Provider will assist Customer with DSRs (access, deletion, correction, portability) within required timelines; Provider will not respond directly unless required by law.

6. BREACH NOTIFICATION

  • Provider will notify Customer without undue delay and within [X] hours of confirming a Personal Data Breach, including nature, scope, and mitigation steps.

7. RETURN AND DELETION

  • Upon termination or expiry, Provider will delete Customer Personal Data within [X] days unless Customer requests return or export first; legal retention carved out as required.

8. AUDITS

  • Evidence-based audits via current SOC/ISO reports or equivalent summaries; if insufficient, Customer may conduct a focused audit once annually with reasonable notice, subject to confidentiality and time/materials fees for on-site audits.

9. TRANSFERS (SCC/UK ADDENDUM)

  • If transferring from EEA/UK/Switzerland: SCCs [Module 2 Controller-Processor or Module 3 Processor-Processor] are incorporated by reference with Annexes completed; UK Addendum or IDTA attached for UK transfers.
  • Provider will conduct transfer impact assessments and implement supplementary measures if required.

10. US STATE PRIVACY (NEW YORK)

  • Provider will maintain reasonable safeguards consistent with the New York SHIELD Act, as applicable.
  • For other applicable US state privacy laws, Provider acts as a processor or service provider and will not sell or share Personal Data or use it beyond providing Services.

11. ORDER OF PRECEDENCE AND GOVERNING LAW

  • This Addendum controls over conflicting privacy or security terms in the Agreement; otherwise, the Agreement controls.
  • If the Agreement is silent on governing law or forum, New York law governs and the state and federal courts located in [COUNTY], New York have exclusive jurisdiction.

12. SIGNATURES

Customer:
By: _________________________
Name: _______________________
Title: ________________________
Date: ________________________

Provider:
By: _________________________
Name: _______________________
Title: ________________________
Date: ________________________

AI Legal Assistant

Short-Form DPA and Transfer Addendum - New York

Download this template free, or draft it 10x faster with Ezel.

Stop spending hours on:

  • Searching for the right case law
  • Manually tracking changes in Word
  • Checking citations one by one
  • Hunting through emails for client documents

Ezel is the complete legal workspace:

  • Case Law Search — All 50 states + federal, natural language
  • Document Editor — Word-compatible track changes
  • Citation Checking — Verify every case before you file
  • Matters — Organize everything by client or case