All Countries
Data Privacy
Data Transfer Addendum

Data Transfer Addendum Template for New Zealand

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Transfer Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Transfer Addendum

"I need a Data Transfer Addendum for my healthcare software company to transfer patient records to an AWS cloud storage facility in Singapore, ensuring compliance with New Zealand's Privacy Act 2020 and including specific provisions for handling sensitive medical data."

Celebrated by
Collaborations with
Investors
Document background
The Data Transfer Addendum is essential for organizations engaging in cross-border data transfers under New Zealand law. It supplements existing service agreements or contracts where personal information is transferred internationally, ensuring compliance with the Privacy Act 2020 and related regulations. This document becomes necessary when a New Zealand organization transfers personal data to overseas recipients or when foreign organizations handle New Zealand residents' data. The addendum includes detailed provisions for data protection, security measures, breach notification procedures, and audit rights. It's particularly crucial given New Zealand's strict requirements for international data transfers and the need to ensure equivalent privacy protections in recipient countries. The document should be customized based on the nature of data being transferred, the jurisdictions involved, and specific industry requirements.
Suggested Sections

1. Parties: Identification of the data exporter and data importer, including their registered addresses and authorized representatives

2. Background: Context of the data transfer relationship and reference to the main agreement this addendum supplements

3. Definitions: Key terms used throughout the addendum, aligned with Privacy Act 2020 terminology

4. Scope and Purpose: Details of the data transfer activities, including purposes for which data may be processed

5. Data Protection Obligations: Core obligations regarding data protection, including security measures and processing limitations

6. Cross-border Transfer Mechanisms: Specific mechanisms and safeguards for ensuring compliant cross-border data transfers

7. Security Requirements: Mandatory security measures and controls to be implemented by both parties

8. Data Breach Notification: Procedures and timeframes for reporting and handling data breaches

9. Audit Rights: Rights and procedures for conducting audits of data protection compliance

10. Term and Termination: Duration of the addendum and circumstances for termination

11. Return or Destruction of Data: Obligations regarding data handling upon termination

12. Governing Law and Jurisdiction: Confirmation of New Zealand law as governing law and jurisdiction for disputes

Optional Sections

1. Special Categories of Data: Additional provisions for handling sensitive personal information, required when sensitive data is involved

2. Sub-processor Arrangements: Provisions governing the appointment and oversight of sub-processors, needed when sub-processors will be involved

3. Data Protection Impact Assessment: Requirements for conducting impact assessments, recommended for high-risk processing activities

4. Cross-Border Privacy Rules Compliance: Specific provisions for APEC CBPR compliance, relevant when transfers involve APEC member countries

5. Government Access Requests: Procedures for handling government access requests, important for transfers to countries with intrusive government surveillance

6. Insurance Requirements: Specific insurance obligations for data protection, recommended for high-value or high-risk transfers

Suggested Schedules

1. Schedule 1: Description of Transfer: Detailed description of the data transfer including data categories, subjects, and processing purposes

2. Schedule 2: Technical and Organizational Security Measures: Specific security measures and controls to be implemented

3. Schedule 3: Authorized Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4: Transfer Impact Assessment: Assessment of risks and safeguards for the specific transfer context

5. Schedule 5: Standard Contractual Clauses: If applicable, incorporation of standard contractual clauses for international transfers

6. Appendix A: Contact Details: Contact information for privacy officers and key personnel responsible for data protection

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Addendum
Agency
Applicable Data Protection Laws
Authorised Person
Authorised Sub-processor
Business Day
Confidential Information
Data Breach
Data Exporter
Data Importer
Data Protection Impact Assessment
Data Subject
Exported Data
Information Privacy Principles
International Data Transfer
Main Agreement
Notifiable Privacy Breach
Overseas Recipient
Personal Information
Privacy Act
Privacy Commissioner
Processing
Processor
Protected Data
Recipient
Representatives
Security Measures
Sensitive Information
Services
Standard Contractual Clauses
Sub-processor
Technical and Organizational Measures
Term
Third Party
Transfer Impact Assessment
Relevant Industries

Technology

Healthcare

Financial Services

Professional Services

Education

Retail

Telecommunications

Manufacturing

Insurance

Research and Development

Government and Public Sector

Cloud Services

Consulting

Relevant Teams

Legal

Compliance

Information Security

IT Operations

Risk Management

Data Protection

Privacy

Information Management

Procurement

Operations

Data Governance

Enterprise Architecture

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Privacy Manager

Compliance Officer

Legal Counsel

IT Director

Risk Manager

Information Security Manager

Privacy Analyst

Data Governance Manager

Chief Technology Officer

Operations Manager

Contract Manager

Information Management Officer

Industries
Privacy Act 2020: The primary legislation governing privacy and data protection in New Zealand, including requirements for cross-border data transfers, information privacy principles, and mandatory breach notification requirements
Contract and Commercial Law Act 2017: Provides the general legal framework for contracts in New Zealand, including electronic transactions and legal requirements for valid contracts
Unsolicited Electronic Messages Act 2007: Regulates commercial electronic messages and may be relevant if the data transfer includes email addresses or electronic marketing data
Commerce Act 1986: May be relevant if the data transfer involves commercial information that could affect competition or market dynamics
APEC Cross-Border Privacy Rules System: While not legislation, New Zealand is a participant in this framework which provides guidelines for cross-border data flows between APEC economies
Official Information Act 1982: Relevant if any of the transferred data involves information from or relating to government agencies or public sector organizations
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Data Processing Agreement

A New Zealand law-governed agreement regulating intra-group personal data processing activities and ensuring Privacy Act 2020 compliance within corporate groups.

find out more

Pre Negotiation Agreement

A New Zealand law-governed agreement establishing terms for preliminary business negotiations, including confidentiality and non-binding provisions.

find out more

Product Development Non Disclosure Agreement

A New Zealand-law governed agreement protecting confidential information shared during product development activities.

find out more

Joint Controller Agreement

A New Zealand law-governed agreement establishing responsibilities and obligations between organizations that jointly control and process personal data under the Privacy Act 2020.

find out more

Data Processing Addendum

A New Zealand-compliant legal agreement governing the processing of personal information between a data controller and data processor under the Privacy Act 2020.

find out more

Data Agreement

A New Zealand-compliant agreement governing the terms and conditions for data handling between parties, ensuring alignment with local privacy laws and regulations.

find out more

Subprocessor Agreement

A New Zealand law-governed agreement that regulates the relationship between a data processor and subprocessor for handling personal data processing activities.

find out more

DPA Contract

A New Zealand-compliant Data Processing Agreement governing personal data handling between controllers and processors under NZ Privacy Act 2020.

find out more

Controller To Controller Data Processing Agreement

A New Zealand-compliant agreement governing personal data sharing between two independent data controllers, ensuring adherence to the Privacy Act 2020.

find out more

DPA Agreement

A New Zealand-compliant agreement governing the processing of personal data between a controller and processor, ensuring adherence to the Privacy Act 2020.

find out more

Data Transfer Addendum

A New Zealand law-compliant addendum governing cross-border personal data transfers under the Privacy Act 2020, establishing security measures and compliance requirements.

find out more

International Data Transfer Agreement

A New Zealand law-governed agreement establishing requirements and safeguards for international transfer of personal and business data, ensuring compliance with NZ Privacy Act 2020.

find out more

Data Protection Addendum

A legal document under New Zealand law that establishes data protection obligations and privacy compliance requirements between parties processing personal information.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.