Data processing agreement (processor-sub-processor)

This agreement can be used to enable the transfer of personal data from data processors to sub-processors in a way that complies - or may comply - with the GDPR or General Data Protection Regulation (Regulation (EU) 2016/679) and/or with the GDPR as transposed into UK law.

This document can sit alongside a services agreement, and can be used to supplement a services agreement that has been previously executed.

The substantive terms are similar to those in our controller-to-processor data processing agreement.

Under Article 28(4) of the GDPR, processors have an obligation to impose upon sub-processors "the same" obligations as those imposed upon the processor in the controller-processor contract. It goes without saying that those obligations may diverge from the specific language of the GDPR. Accordingly, this document may need to be adapted to fit the specific language of the relevant controller-processor contract(s).

This document does not expressly grant any rights to the relevant data controller(s) in relation to the processing of the personal data. Instead, it anticipates that controller rights would be exercised through the processor.

Ask about this document

Data processing agreement (processor-sub-processor) contents

Definitions: definitions.
Supplemental:
Agreement
supplements main contract; definitions in main contract; conflict between
Agreement
and main contract; breach of
Agreement
deemed to be breach of main contract; breach of main contract deemed to be breach of
Agreement
; termination with main contract; main contract termination.
Term: commencement of term; end of term.
Data protection: compliance with data protection laws; warranty of
Processor
's right to disclose personal data (GDPR); details of personal data processed by
the Sub-Processor
(GDPR); purposes of processing of personal data by
the Sub-Processor
(GDPR); duration of personal data processing by
Sub-Processor
(GDPR); personal data processed by
Sub-Processor
on instructions (GDPR); authorised international transfers of personal data (GDPR); informing
Processor
of illegal instructions (GDPR); personal data processed by
Sub-Processor
as required by law (GDPR); confidentiality obligations on
Sub-Processor
persons processing personal data (GDPR); security of personal data processed by
Sub-Processor
(GDPR); appointment of sub-processor by
Sub-Processor
(GDPR); authorisation for
Sub-Processor
to appoint sub-processors (GDPR);
Sub-Processor
to assist with exercise of data subject rights (GDPR);
Sub-Processor
to assist with compliance (GDPR); obligation to notify
Processor
of personal data breach (GDPR);
Sub-Processor
to provide data protection compliance information (GDPR); deletion of personal data by
Sub-Processor
(GDPR);
Sub-Processor
to allow audit (GDPR); changes to data protection law.
Limits upon exclusions of liability: caveats to limits of liability.
Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
Effects of termination: surviving provisions upon termination; termination does not affect accrued rights.
Notices: methods and deemed receipt of contractual notices; contact details for contractual notices; substitute contact details for notices.
General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.

SCHEDULE 1 (DATA PROCESSING INFORMATION)

Categories of data subject: prompt for categories of data subject.
Types of Personal Data: prompt for types of personal data.
Purposes of processing: prompt for personal data processing purposes.
Security measures for Personal Data: prompt for security measures for personal data.
Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.

SCHEDULE 2 (STANDARD CONTRACTUAL CLAUSES)

Prompt for standard contractual clauses.

Data processing agreement (processor-sub-processor) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Data processing agreement (processor-sub-processor) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.4
First published	28 Feb 2018
Last updated	23 Jan 2023
Law	English law and EU law
Language	English (UK)
^†Word count	5,379
^†Template pages	9

† These figures are approximations.

Privacy law Data protection law Software services Agreement

Data processing agreements

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.

Data processing agreement (processor-sub-processor)

This agreement can be used to enable the transfer of personal data from data processors to sub-processors in a way that complies - or may comply - with the GDPR or General Data Protection Regulation (Regulation (EU) 2016/679) and/or with the GDPR as transposed into UK law.

Data processing agreement (processor-sub-processor) contents

Data processing agreements

Related documents