The Sub Processing Agreement is essential when a primary data processor needs to delegate personal information processing activities to another entity (sub-processor) in South Africa. This document is required for compliance with the Protection of Personal Information Act (POPIA) and ensures proper data protection safeguards are in place. It becomes necessary when organizations outsource data processing functions, use cloud services, or engage third-party service providers for data handling. The agreement details processing scope, security measures, breach reporting obligations, and compliance requirements. It's particularly important in the South African context where POPIA imposes strict requirements on operators and responsible parties in the data processing chain.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
1. Parties: Identification of the primary processor (as client) and the sub-processor (as service provider), including their full legal names, registration numbers, and registered addresses
2. Background: Context of the agreement, reference to the main processing agreement, and the need for sub-processing services
3. Definitions: Definitions of key terms used in the agreement, including terms from POPIA such as 'personal information', 'processing', 'operator', and agreement-specific terms
4. Appointment and Scope: Formal appointment of the sub-processor and detailed description of the processing activities to be performed
5. Duration and Termination: Term of the agreement, termination rights and procedures, and consequences of termination
6. Sub-processor Obligations: Core obligations including compliance with POPIA, following instructions, confidentiality, security measures, and data breach reporting
7. Technical and Organizational Measures: Specific security measures and safeguards required for processing activities
8. Audit Rights: Primary processor's rights to audit the sub-processor's compliance and documentation requirements
9. Data Subject Rights: Procedures for handling data subject requests and supporting the primary processor in fulfilling these obligations
10. Breach Notification: Procedures and timeframes for reporting security incidents and data breaches
11. Liability and Indemnity: Allocation of liability and indemnification obligations between the parties
12. General Provisions: Standard contractual clauses including governing law, jurisdiction, entire agreement, and amendment procedures
1. Cross-border Data Transfers: Required when personal information will be processed outside South Africa, specifying compliance with POPIA's cross-border transfer requirements
2. Additional Sub-processors: Include when the sub-processor may need to engage additional sub-processors, specifying approval procedures and requirements
3. Intellectual Property Rights: Include when the processing activities involve creation or use of intellectual property
4. Insurance Requirements: Include when specific insurance coverage is required for the processing activities
5. Business Continuity: Include when the processing activities are critical and require specific disaster recovery and business continuity measures
1. Schedule 1 - Processing Activities: Detailed description of the processing activities, including categories of data subjects, types of personal information, and processing purposes
2. Schedule 2 - Technical and Security Measures: Detailed specifications of security measures, access controls, encryption standards, and other technical requirements
3. Schedule 3 - Service Levels: Performance metrics, response times, and service quality requirements for the processing activities
4. Schedule 4 - Fee Schedule: Pricing, payment terms, and fee calculation methods for the sub-processing services
5. Appendix A - Contact Details: Key contact persons and their details for operational matters, breach reporting, and notices
6. Appendix B - Approved Sub-processors: List of any pre-approved additional sub-processors (if applicable)
Find the exact document you need
International Data Transfer Addendum
A South African law-compliant addendum governing international transfers of personal information under POPIA requirements.
Download
Intra Group Data Processing Agreement
A South African law-governed agreement regulating personal information processing between entities within the same corporate group, ensuring POPIA compliance.
Download
Third Party Processing Agreement
A South African law-governed agreement regulating personal information processing between a responsible party and an operator under POPIA.
Download
Data Processing Addendum
A South African law-compliant agreement governing personal information processing between controllers and processors under POPIA.
Download
Intercompany Data Transfer Agreement
South African law-governed agreement regulating intra-group data transfers in compliance with POPIA and local data protection regulations.
Download
Data Management Agreement
A South African law-compliant agreement governing data management and processing activities between organizations, ensuring POPIA compliance and data protection.
Download
Data Controller To Data Controller Agreement
South African POPIA-compliant agreement governing personal information sharing between two data controllers, establishing mutual obligations and responsibilities.
Download
DPA Agreement
A South African law-compliant Data Processing Agreement establishing terms for handling personal information under POPIA regulations.
Download
Third Party Data Processing Agreement
A South African law-compliant agreement governing the processing of personal information by a third-party operator on behalf of a responsible party under POPIA.
Download
Personal Data Transfer Agreement
A POPIA-compliant agreement for transferring personal information between parties under South African law.
Download
Controller Processor Agreement
A South African law-governed agreement between a data controller and processor establishing terms for personal information processing under POPIA.
Download
Affiliate Addendum
A South African law-compliant addendum establishing terms and conditions for affiliate marketing relationships, including commission structures and compliance requirements.
Download
Sub Processing Agreement
A South African-compliant agreement governing the delegation of personal information processing activities to a sub-processor under POPIA requirements.
Download
International Data Transfer Agreement
A South African law-governed agreement for cross-border personal information transfers, ensuring POPIA compliance and data protection standards.
Download
Data Protection Addendum
A South African law-governed addendum establishing POPIA-compliant terms for personal information processing between parties.
Download
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)