Joint controllers data sharing agreement (unilateral)

This agreement is for one-way or unilateral joint controller data sharing. In other words, it is designed for a situation one a controller is sharing personal data with another controller, and the parties will be joint controllers with respect to that other controller's processing of that shared personal data.

The data sharing agreement will help businesses acting as joint controllers to handle data in a manner compliant with the General Data Protection Regulation (GDPR) in both its EU and UK variant, and also to adhere to the data sharing guidelines published by the UK Information Commissioner's Office.

The central concept of this data sharing agreement is the idea of "relevant processing" that is some defined processing activities, taking place with respect to some defined categories of personal data, with respect to which the joint controllership rules apply. This allows that the parties to the contract might be independent controllers in some other respects, or indeed have a controller-processor relationship in relation to some other processing activities.

Ask about this document

Joint controllers data sharing agreement (unilateral) contents

Definitions: definitions; data protection terms.
Term: commencement of term; end of term.
Obligations to share Personal Data: obligation on
Supplier
to share personal data.
Data quality:
Supplier
to ensure data quality.
No special categories: no special categories of personal data to be shared by
Supplier
; no criminal conviction data to be shared by
Supplier
.
Parties acting as joint controllers: parties are joint controllers of
Supplier
personal data; purposes of processing
Supplier
personal data (joint controllers); legal bases of sharing first party personal data (joint controllers); joint controllership does not apply to all processing of data disclosed by
Supplier
.
Compliance with Data Protection Laws: compliance with data protection laws with respect to relevant processing;
Supplier
personal data collected in accordance with law; requirements relating to consent-based processing of personal data; responsibility for data protection transparency for relevant processing; data protection law compliance assistance for relevant processing.
Further disclosure of
Supplier
Personal Data:
Recipient
must not disclose personal data; obligations on disclosure of
Supplier
personal data; section does not prevent disclosure of anonymised data; section does not prevent disclosure of personal data to processors for relevant processing.
International transfers of
Supplier
Personal Data: prohibition on third country transfers of
Supplier
personal data; exceptions to prohibition on third country transfers of
Supplier
personal data; approved international transfer clauses take precedence over
Agreement
.
Relevant Processing by joint controllers and supervisory authorities: communications from supervisory authorities about relevant processing; cooperation in relation to supervisory authority action concerning relevant processing.
Relevant Processing and data subject rights: communications from data subjects about relevant processing; cooperation in relation to relevant processing and data subject rights; primary data subject contact for joint controllers.
Security of Relevant Processing: appropriate measures to secure relevant processing; particular security measures for relevant processing.
Data breaches involving
the Supplier
Personal Data: notification of data breaches involving
Supplier
personal data; assistance in relation to
Supplier
personal data breaches.
Retention and deletion: retention periods for
Supplier
personal data; section subject to effects of termination.
Compliance audit: right to audit compliance; notice of audit; cooperation in relation to audit; costs of licence audit; limits on audit right.
Changes to Data Protection Laws: changes to data protection law.
Recipient
confidentiality obligations:
Recipient
confidentiality undertaking; disclosure of confidential information by
Recipient
to certain persons; exceptions to
Recipient
confidentiality obligations; disclosures of
Supplier
confidential information mandated by law etc;
Recipient
to stop using confidential information upon termination;
Recipient
confidentiality obligations after termination.
Warranties: first party warranty of authority; second party warranty of authority; exclusion of implied warranties and representations.
Indemnities:
Supplier
indemnifies
Recipient
upon data protection breach;
Recipient
indemnifies
Supplier
upon data protection breach.
Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; per event liability cap.
Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
Effects of termination:
Recipient
to delete
Supplier
personal data; surviving provisions upon termination; termination does not affect accrued rights.
Notices: contractual notices must be in writing; methods of sending contractual notices; contact details for contractual notices; substitute contact details for notices; acknowledgement of notice by email; deemed receipt of contractual notices.
Data protection contacts:
Supplier
data protection contact;
Recipient
data protection contact.
General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
Interpretation: statutory references; section headings not affecting interpretation; no ejusdem generis.

SCHEDULE 1 (DATA PROTECTION INFORMATION NOTICE)

Recipient

SCHEDULE 2 (FORM OF CONSENT)

Recipient

SCHEDULE 3 (INTERNATIONAL TRANSFER CLAUSES)

Prompt for international transfer clauses.

SCHEDULE 4 (SECURITY MEASURES)

Supplier
security measures: prompt for details of
Supplier
security measures.
Recipient
security measures: prompt for details of
Recipient
security measures.

Joint controllers data sharing agreement (unilateral) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Joint controllers data sharing agreement (unilateral) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	1.0
First published	22 Mar 2024
Law	English law and EU law
Language	English (UK)
^†Word count	5,891
^†Template pages	13

† These figures are approximations.

Privacy law Data protection law Artificial intelligence Agreement

Data sharing agreements

We do not limit the number of copies of a template you can make on your own computer. Nor do they limit the number of times you can print and sign a document. We do however limit the number of copies of a template you can create in the Docular editor, and also the number of websites / digital products with respect to which a template may be used.

There are four different licences under which you can access a Docular template.

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.