All Countries
Data Privacy
Joint Controller Agreement

Joint Controller Agreement Template for New Zealand

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Joint Controller Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Joint Controller Agreement

"I need a Joint Controller Agreement for a partnership between our healthcare software company and a medical research institute in New Zealand, with specific provisions for handling sensitive health data and research findings to be implemented by March 2025."

Celebrated by
Collaborations with
Investors
Document background
This Joint Controller Agreement template is designed for use under New Zealand law when two or more organizations need to formalize their relationship as joint controllers of personal data. The document becomes necessary when multiple entities collaborate in determining the purposes and means of processing personal information, requiring clear allocation of responsibilities under the Privacy Act 2020. It addresses key aspects such as data protection compliance, security measures, breach notification procedures, and the handling of data subject rights. The agreement is particularly important in contexts where organizations share data processing activities, such as joint ventures, partnerships, or collaborative projects, and need to ensure compliance with New Zealand's privacy framework while maintaining transparent and efficient data processing operations.
Suggested Sections

1. Parties: Identification of the joint controllers entering into the agreement, including their full legal names, registration numbers, and registered addresses

2. Background: Context of the joint processing relationship, description of the shared processing activities, and purpose of the agreement

3. Definitions: Definitions of key terms used throughout the agreement, including technical terms and references to applicable privacy laws

4. Scope and Purpose: Detailed description of the joint processing activities, categories of personal data, and purposes of processing

5. Roles and Responsibilities: Clear allocation of responsibilities between joint controllers for compliance with privacy obligations

6. Data Subject Rights: Procedures for handling data subject requests and allocation of responsibilities for responding to such requests

7. Security Measures: Required technical and organizational measures to ensure appropriate security of personal data

8. Data Breach Notification: Procedures for identifying, reporting, and managing personal data breaches

9. Liability and Indemnification: Allocation of liability between joint controllers and indemnification provisions

10. Term and Termination: Duration of the agreement, renewal terms, and termination rights

11. General Provisions: Standard contractual provisions including governing law, dispute resolution, and entire agreement clause

Optional Sections

1. Cross-border Transfers: Required when personal data is transferred outside New Zealand, specifying transfer mechanisms and safeguards

2. Specific Industry Requirements: Additional provisions required for specific sectors (e.g., healthcare, financial services)

3. Sub-processing: Procedures for engaging sub-processors, if applicable to the joint processing activities

4. Insurance: Requirements for maintaining specific insurance coverage related to data processing activities

5. Audit Rights: Provisions for conducting audits of compliance with privacy obligations

6. Business Continuity: Procedures for ensuring continuity of processing activities in case of disruption

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Security Measures: Specific technical and organizational security measures implemented by each controller

3. Schedule 3 - Data Subject Rights Procedures: Detailed procedures for handling data subject requests and associated timeframes

4. Schedule 4 - Contact Points: Key contacts for operational matters, privacy queries, and breach notifications

5. Schedule 5 - Sub-processors: List of approved sub-processors and their processing activities, if applicable

6. Appendix A - Data Flow Diagram: Visual representation of data flows between joint controllers and any third parties

7. Appendix B - Privacy Notice Template: Template for privacy notices to be provided to data subjects

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Law
Authorized Personnel
Business Day
Confidential Information
Consent
Controller
Data Breach
Data Processing
Data Protection Laws
Data Subject
Data Subject Rights
Effective Date
Information Privacy Principles
Joint Controllers
Joint Processing Activities
Notice
Personal Information
Privacy Act
Privacy Commissioner
Processing Purposes
Representatives
Security Measures
Sensitive Information
Services
Sub-processor
Technical and Organizational Measures
Term
Third Party
Working Hours
Relevant Industries

Technology and Software

Healthcare and Medical Services

Financial Services

Education

Retail and E-commerce

Professional Services

Telecommunications

Insurance

Research and Development

Government and Public Sector

Marketing and Advertising

Transportation and Logistics

Relevant Teams

Legal

Compliance

Information Security

Privacy

Information Technology

Risk Management

Data Governance

Operations

Corporate Affairs

Procurement

Information Management

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Privacy Manager

Legal Counsel

Compliance Officer

Information Security Manager

Risk Manager

Chief Information Officer

Chief Technology Officer

Chief Operating Officer

Data Governance Manager

Privacy Analyst

Contracts Manager

IT Director

Business Development Manager

Industries
Privacy Act 2020: New Zealand's primary privacy legislation that sets out the privacy principles, obligations for handling personal information, and cross-border data transfer requirements. This is crucial for defining the joint controllers' obligations and responsibilities.
Contract and Commercial Law Act 2017: Provides the legal framework for forming and enforcing contracts in New Zealand, which is essential for the validity and enforceability of the joint controller agreement.
Fair Trading Act 1986: Ensures fair trading practices and prohibits misleading conduct in trade. Relevant for transparency obligations and representations made in the agreement about data handling practices.
Consumer Guarantees Act 1993: May be relevant if the joint processing activities involve services to consumers, establishing certain guarantees and rights that cannot be contracted out of.
Electronic Transactions Act 2002: Relevant for electronic execution of the agreement and electronic communications between joint controllers, particularly important if the agreement is executed or managed digitally.
Unsolicited Electronic Messages Act 2007: Important if the joint processing activities involve electronic marketing or communications, setting out requirements for consent and opt-out mechanisms.
GDPR Considerations: While not NZ legislation, the EU General Data Protection Regulation should be considered if either party processes EU residents' data or has EU operations, as it has specific requirements for joint controller arrangements.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Data Processing Agreement

A New Zealand law-governed agreement regulating intra-group personal data processing activities and ensuring Privacy Act 2020 compliance within corporate groups.

find out more

Pre Negotiation Agreement

A New Zealand law-governed agreement establishing terms for preliminary business negotiations, including confidentiality and non-binding provisions.

find out more

Product Development Non Disclosure Agreement

A New Zealand-law governed agreement protecting confidential information shared during product development activities.

find out more

Joint Controller Agreement

A New Zealand law-governed agreement establishing responsibilities and obligations between organizations that jointly control and process personal data under the Privacy Act 2020.

find out more

Data Processing Addendum

A New Zealand-compliant legal agreement governing the processing of personal information between a data controller and data processor under the Privacy Act 2020.

find out more

Data Agreement

A New Zealand-compliant agreement governing the terms and conditions for data handling between parties, ensuring alignment with local privacy laws and regulations.

find out more

Subprocessor Agreement

A New Zealand law-governed agreement that regulates the relationship between a data processor and subprocessor for handling personal data processing activities.

find out more

DPA Contract

A New Zealand-compliant Data Processing Agreement governing personal data handling between controllers and processors under NZ Privacy Act 2020.

find out more

Controller To Controller Data Processing Agreement

A New Zealand-compliant agreement governing personal data sharing between two independent data controllers, ensuring adherence to the Privacy Act 2020.

find out more

DPA Agreement

A New Zealand-compliant agreement governing the processing of personal data between a controller and processor, ensuring adherence to the Privacy Act 2020.

find out more

Data Transfer Addendum

A New Zealand law-compliant addendum governing cross-border personal data transfers under the Privacy Act 2020, establishing security measures and compliance requirements.

find out more

International Data Transfer Agreement

A New Zealand law-governed agreement establishing requirements and safeguards for international transfer of personal and business data, ensuring compliance with NZ Privacy Act 2020.

find out more

Data Protection Addendum

A legal document under New Zealand law that establishes data protection obligations and privacy compliance requirements between parties processing personal information.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.