Professional Documents
Culture Documents
TABLE OF CONTENTS
PARTIES
WHEREAS
This Data Protection Agreement (the Agreement) sets out the terms and conditions on
which the Recipient will process Personal Data on behalf of the Transferor.
IT IS AGREED:
Data Controller means the entity which determines the purposes for
which and the means by which Personal Data is
processed, and includes the term “organisation” as
defined in the PDPA;
[Style used is ‘Running heads’]
Data Processor has the same meaning as the term “data intermediary”
as defined in the PDPA;
Personal Data means data, whether true or not, about a Data Subject
who can be identified: (a) from that data alone; or (b)
from that data and other information which the
2
[Style used is ‘Running heads’]
(a) references to a person include any individual, firm, body corporate (wherever
incorporated), government, state or agency of a state or any joint venture,
association, partnership, works council or employee representative body (in
any case, whether or not it has separate legal personality);
(d) the singular shall include the plural and vice versa, and references to one
gender include all genders;
(e) any phrase introduced by the terms including, include, in particular or any
similar expression shall be construed as merely illustrative and shall not limit
the sense of the words preceding those terms; and
(f) any reference to a document in the agreed form is to the form of the
relevant document agreed between the Parties and, for the purpose of
identification, initialled for or by each of them (in each case with any
amendments that the Parties may agree).
3
[Style used is ‘Running heads’]
1.3 The Schedules comprise Schedules to this Agreement and form part of this
Agreement.
2.1 For the purposes of this Agreement, the Transferor has determined that Personal
Data is required to be subjected to the processing operations particularised in
paragraph 3.1 of Schedule I of this Agreement (Purposes).
2.2 The Parties acknowledge that for the purpose of the PDPA, the Transferor is the Data
Controller of the Personal Data and the Recipient is the Data Processor.
2.3 The Recipient hereby undertakes to only process Personal Data in accordance with
applicable legislation, including the PDPA, this Agreement and Transferor’s
instructions from time to time, and in particular, to:
(a) comply with the applicable Data Standards, and not do or permit anything to
be done which might cause the Transferor to breach such Data Standards;
(i) strictly for the purposes of fulfilling its obligations under this
Agreement and the Purposes;
(iii) when required by Law or an order of court, but shall notify the
Transferor as soon as practicable before complying with such Law or
order of court at its own costs;
(c) protect Personal Data in its possession or under its control by making
reasonable security arrangements to prevent unauthorised access, collection,
use, disclosure, copying, modification, disposal or processing, including such
measures as set out in Schedule II;
4
[Style used is ‘Running heads’]
(e) notify the Transferor of any notices, requests, orders or queries from Data
Subjects, any data protection or other Governmental Authority, law
enforcement agency, court order or tribunal, which the Transferor or
Recipient is obliged to comply with under the Data Standards to facilitate
timely resolution of any matter arising in connection with the foregoing or
any related investigation;
(f) prior to any transfer of Personal Data by the Recipient to third parties, to
obtain the written consent of the Transferor and enter into a data transfer
agreement with third parties and procure the compliance of such third
parties with the PDPA and the terms of this Agreement;
(g) prior to any transfer of Personal Data to a place outside of Singapore, obtain
the Transferor’s prior written consent and, if such consent is provided, the
Recipient shall ensure that the recipient of such Personal Data is under a
contractual obligation to provide a standard of protection that is comparable
to that under the PDPA;
(i) cease to retain the Personal Data, or remove the means by which the
Personal Data can be associated with particular Data Subjects as soon as it is
reasonable to assume that:
5
[Style used is ‘Running heads’]
(i) the Purposes are no longer being served by retention of the Personal
Data; and
(ii) the retention of the Personal Data is no longer necessary for any
business, regulatory, legal or audit purpose;
(j) verify that it has the legal authority to fulfil these undertakings set out in this
Clause; and
(k) not collect, use or disclose any Personal Data on behalf of the Transferor, or
hold itself out as doing so, unless it has obtained prior written authorisation
from the Transferor’s authorised representative.
2.4 Where the Transferor provides Personal Data to the Recipient, the Transferor shall
make reasonable efforts to ensure that the Personal Data is accurate and complete
before providing the same to the Recipient. The Recipient shall put in place adequate
measures to ensure that the Personal Data in its possession or control remain or is
otherwise accurate and complete.
2.5 The provisions of Clauses 2.3(h) and 2.3(i) shall survive the expiration or termination
of this Agreement.
3. Liability
3.1 The Recipient agrees to defend any claims brought against the Transferor, or its
Connected Persons by any person, including a Data Subject and any data protection
authority or other Governmental Authority, arising in connection with Recipient’s
breach of this Agreement or breach or non-compliance with any privacy or data
protection laws, including the PDPA.
3.2 The Recipient agrees to hold harmless and indemnify the Transferor, or its
Connected Persons against any and all third-party claims, demands, suits, liabilities,
losses, statutory penalties, damages, costs, and expenses (including legal costs on an
indemnity basis) arising out of or in connection with Recipient’s breach of this
6
[Style used is ‘Running heads’]
Agreement or any privacy and data protection laws, including the PDPA or any act,
omission or negligence of the Recipient that causes or results in the Transferor being
in breach of any privacy and data protection laws, including the PDPA.
3.3 The provisions of this Clause 3 shall survive the expiration or termination of this
Agreement.
4. Audit
Upon the Transferor’s reasonable request, the Recipient will permit the Transferor
and/or its third-party representatives to audit the Recipient’s compliance with its
obligations under this Agreement, on at least 20 days’ notice. The Recipient will
provide the Transferor and/or the Transferor’s third-party representatives all
necessary reasonable assistance to conduct such audits.
This Agreement shall enter into force upon the signing hereof by the Parties and
shall remain in force for as long as the Recipient processes the Personal Data or until
such time as the Transferor provides written notice of the termination of this
Agreement to the Recipient.
6. Miscellaneous
6.1 Assignment
(a) Except with the prior written consent of the other Party, neither Party may:
(i) assign, transfer, charge or otherwise deal with any of its rights or
obligations under this Agreement nor grant, declare, create or dispose
of any right or interest in it; or
(ii) sub contract the performance of any of its obligations under this
Agreement.
7
[Style used is ‘Running heads’]
(a) This Agreement sets out the whole agreement between the Parties in respect
of the subject matter of this Agreement and supersedes any previous draft,
agreement, arrangement or understanding, whether in writing or not,
relating to its subject matter. It is agreed that:
(i) no Party has relied on or shall have any claim or remedy arising under
or in connection with any statement, representation, warranty or
undertaking made by or on behalf of the other Party in relation to the
subject matter of this Agreement that is not expressly set out in this
Agreement;
(iii) save and except for any claim under Clause 3, the only right or
remedy of a Party in relation to any provision of this Agreement shall
be for breach of this Agreement; and
(b) Nothing in this Clause 6.2 shall limit any liability for (or remedy in respect of)
fraud or fraudulent misrepresentation.
(c) Each Party agrees to the terms of this Clause 6.2 on its own behalf and as
agent for each of its Connected Persons.
6.3 Counterparts
8
[Style used is ‘Running heads’]
This Agreement may be executed in any number of counterparts, and by each Party
on separate counterparts. Each counterpart is an original, but all counterparts shall
together constitute one and the same instrument. Delivery of a counterpart of this
Agreement by e-mail attachment shall be an effective mode of delivery.
6.4 Variations
(a) No variation of this Agreement shall be valid unless it is in writing and signed
by or on behalf of all of the Parties to it.
(i) the variation shall not constitute a general waiver of any provisions of
this Agreement;
(ii) the variation shall not affect any rights, obligations or liabilities under
this Agreement that have already accrued up to the date of variation;
and
(iii) the rights and obligations of the Parties under this Agreement shall
remain in force, except as, and only to the extent that, they are
varied.
6.5 Waivers
6.6 Notices
(a) Any notice to be given by one Party to the other Party in connection with this
Agreement shall be in writing in English and signed by or on behalf of the
9
[Style used is ‘Running heads’]
Party giving it. It shall be delivered by hand, email, registered post or courier
using an internationally recognised courier company.
(b) A notice shall be effective upon receipt and shall be deemed to have been
received (i) at the time of delivery, if delivered by hand, registered post or
courier or (ii) at the time of transmission if delivered by email. Where delivery
occurs outside Working Hours, notice shall be deemed to have been received
at the start of Working Hours on the next following Business Day.
(c) The addresses and email addresses of the Parties for the purpose of Clause
6.6 are:
(d) Each Party shall notify the other Party in writing of a change to its details in
Clause 6.6(c) from time to time.
(ii) would be valid, binding and enforceable if some part of the provision
were deleted or amended,
then the provision shall apply with the minimum modifications necessary to
make it valid, binding and enforceable and neither the validity or
10
[Style used is ‘Running heads’]
Except for the Connected Persons of the Transferor, a person who is not a Party to
this Agreement shall have no right under the Contracts (Rights of Third Parties) Act
(Cap 53B) of Singapore to enforce any of its terms.
The provisions of this Agreement, and the rights and remedies of the Parties under
this Agreement are cumulative and are without prejudice and in addition to any
rights or remedies a Party may have at law or in equity; no exercise by a Party of any
one right or remedy under this Agreement, or at law or in equity, shall operate so as
to hinder or prevent the exercise by it of any other such right or remedy.
This Agreement and any non-contractual obligations arising out of, or in connection
with it, shall be governed by, and interpreted in accordance with, Singapore law.
(a) Any dispute arising out of or in connection with this contract, including any
question regarding its existence, validity or termination, shall be referred to
and finally resolved by arbitration administered by the Singapore
International Arbitration Centre in accordance with the Arbitration Rules of
the Singapore International Arbitration Centre for the time being in force,
which rules are deemed to be incorporated by reference in this Clause.
(c) The Tribunal shall consist of [• insert odd number eg, 1 or 3] arbitrator(s).
11
[Style used is ‘Running heads’]
(e) The law for the arbitration agreement shall be Singapore law.
SIGNED )
for and on behalf of
[] )
Signature: …………………………
Name: …………………………
SIGNED )
for and on behalf of
[] )
Signature: …………………………
Name: …………………………
12
[Style used is ‘Running heads’]
Schedule I
(Details of processing)
1. Data Subjects
(a) The Personal Data to be processed by the Recipient relate to the following
categories of Data Subjects:
(i) [describe the persons whose Personal Data is processed]
2. Types of Personal Data
(a) The Personal Data to be processed by the Recipient consist of the following
types of Personal Data:
(i) [describe the types of Personal Data to be processed]
3. Processing operations
(a) The Personal Data to be processed by the Recipient will be subject to the
following processing activities:
(i) [describe how the Personal Data will be processed]
13
[Style used is ‘Running heads’]
Schedule II
(Description of technical and organisational security measures)
Disclaimer: This precedent (the “Precedent”) is intended to give legal information only
and has been developed specifically for use in Singapore. The Precedent is drafted based
on the applicable laws as at the date of publication. You acknowledge and agree that the
Precedent may not be up to date in accordance with changes to the law or market practice
and Singapore Academy of Law (“SAL”) and the contributor of the Precedent
(“Contributor”) are under no obligation to update it.
You acknowledge and agree that the making available of the Precedent to you by SAL
and Contributor does not constitute the provision of legal advice or other professional
advice by SAL and Contributor and you will not rely on such documents as legal advice.
You further agree and acknowledge that the Precedent has not been prepared with your
specific circumstances in mind, may not be suitable for use in your situation, may not be
exhaustive in respect of provisions that are to be included, and does not constitute legal
or tax advice. In relying on the Precedent, you assume all risks and liabilities that may
result.
You are strongly advised to advise your client of the implications of entering into such an
agreement and ensure appropriate customization of the provisions as set out in this
specimen to ensure that the terms and conditions required in light of the circumstances
faced by your client are included.
You should review the Precedent carefully for accuracy before using it. These terms and
the operations or availability of the Precedent may be changed by SAL, with or without
notice, at its sole discretion.
14