All Countries
Data Privacy
Sub Processing Agreement

Sub Processing Agreement Template for Denmark

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Sub Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Sub Processing Agreement

Celebrated by
Collaborations with
Investors
Document background
This Sub Processing Agreement is essential when a processor (who processes personal data on behalf of a data controller) wishes to engage another entity (a sub-processor) to carry out specific processing activities. The agreement is specifically designed to comply with Danish legal requirements and the GDPR, particularly Article 28(4). It is used when the main processor wants to delegate some or all of its processing activities to another entity while ensuring that appropriate data protection safeguards are in place. The document includes detailed provisions on data security, confidentiality, data subject rights, breach notification, and audit requirements. It's particularly important in the Danish context as it must comply with both the Danish Data Protection Act (Databeskyttelsesloven) and broader EU requirements, making it suitable for both domestic and international sub-processing arrangements involving Danish entities.
Suggested Sections

1. Parties: Identification of the main processor (as customer) and the sub-processor (as service provider), including their legal representatives

2. Background: Context of the agreement, reference to the main processing agreement, and the purpose of engaging a sub-processor

3. Definitions: Key terms used in the agreement, including GDPR-specific terminology and agreement-specific definitions

4. Scope and Purpose: Detailed description of the processing activities to be carried out by the sub-processor

5. Duration: Term of the agreement, including commencement date and termination provisions

6. Sub-processor Obligations: Core obligations including processing only on documented instructions, confidentiality, security measures, and data breach notification requirements

7. Technical and Organizational Measures: Security measures implemented to ensure appropriate level of data protection

8. Assistance to Processor: Sub-processor's obligations to assist the main processor in fulfilling its obligations to the controller

9. Audit Rights: Provisions for conducting audits and inspections of sub-processor's facilities and practices

10. Data Breach Management: Procedures for handling and reporting personal data breaches

11. Data Transfer Mechanisms: Rules for international data transfers and ensuring adequate protection

12. Liability and Indemnification: Allocation of liability and indemnification obligations between parties

13. Termination: Conditions for termination and obligations upon termination including data deletion or return

14. Governing Law and Jurisdiction: Specification of Danish law as governing law and jurisdiction for disputes

Optional Sections

1. Sub-sub-processors: Include when the sub-processor may need to engage additional sub-processors, specifying authorization requirements and obligations

2. Special Categories of Data: Include when processing involves sensitive personal data, specifying additional safeguards

3. Data Protection Impact Assessment: Include when processing is likely to result in high risk to rights and freedoms of natural persons

4. Insurance Requirements: Include when specific insurance coverage is required for data processing activities

5. Business Continuity: Include when continuous service availability is critical, specifying disaster recovery and business continuity requirements

6. Exit Management: Include when complex transition arrangements are needed upon termination

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented by the sub-processor

3. Schedule 3 - Approved Sub-sub-processors: List of pre-approved sub-sub-processors, if any, including their locations and processing activities

4. Schedule 4 - Contact Points and Procedures: Contact details for key personnel and procedures for routine communications and emergencies

5. Schedule 5 - Audit Requirements: Specific procedures and requirements for conducting audits

6. Appendix A - Standard Contractual Clauses: If applicable, for international data transfers outside the EU/EEA

7. Appendix B - Service Level Agreement: Specific service levels and performance metrics for the sub-processing activities

Authors

Linkedin in social icon imageX social icon image
Relevant legal definitions
Agreement
Applicable Data Protection Law
Authorized Sub-processor
Business Day
Controller
Data Subject
Danish Data Protection Act
EEA
EU Standard Contractual Clauses
GDPR
Main Processing Agreement
Personal Data
Personal Data Breach
Processing
Processor
Processing Instructions
Restricted Transfer
Services
Special Categories of Personal Data
Sub-processor
Technical and Organizational Measures
Term
Third Country
Supervisory Authority
Data Protection Impact Assessment
Records of Processing Activities
Confidential Information
Data Protection Officer
Data Minimization
Security Incident
Processing Location
Authorized Personnel
Exit Plan
Force Majeure Event
Intellectual Property Rights
Clauses
Interpretation
Appointment
Duration
Scope of Processing
Processing Obligations
Confidentiality
Security
Data Protection
Sub-Processing
Audit Rights
Data Breach
International Transfers
Technical Requirements
Assistance and Cooperation
Record Keeping
Liability
Indemnification
Insurance
Force Majeure
Termination
Exit Management
Assignment
Notices
Variation
Severability
Entire Agreement
Governing Law
Jurisdiction
Data Subject Rights
Compliance
Warranties
Performance Standards
Business Continuity
Dispute Resolution
Relevant Industries
Relevant Teams
Relevant Roles
Industries
General Data Protection Regulation (GDPR): EU regulation 2016/679 that sets guidelines for the collection and processing of personal information of individuals within the European Union
Danish Data Protection Act (Databeskyttelsesloven): Act No. 502 of 23 May 2018 - Danish national legislation that implements GDPR and provides additional data protection requirements specific to Denmark
Danish Contracts Act (Aftaleloven): Consolidated Act No. 193 of 2 March 2016 on Contracts and Other Juristic Acts in the Field of Property Law - Governs the formation and validity of contracts in Denmark
Danish Business Authority Guidelines on Data Processing: Guidelines issued by the Danish Business Authority (Erhvervsstyrelsen) regarding requirements and best practices for data processing agreements
Danish Act on Processing of Personal Data in Employment Contexts: Regulations specific to the processing of employee personal data in workplace contexts, including requirements for handling employee information
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Agreement

find out more

DPA Contract

find out more

DPA Addendum

find out more

Data Processing Addendum DPA

find out more

Controller To Controller Data Processing Agreement

find out more

Data Controller To Data Controller Agreement

find out more

Intercompany Data Processing Agreement

find out more

Controller To Controller DPA

find out more

DPA Agreement

find out more

Data Transfer Addendum

find out more

Controller Processor Agreement

find out more

Sub Processing Agreement

find out more

International Data Transfer Agreement

find out more

Data Protection Addendum

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.