Data Processing Addendum (Outline)
This outlines the standard DPA we execute with clients. A DOCX template is available below.
Trusted, NZ-compliant AI solutions
- Aligned to NZ Privacy Act 2020 and MBIE AI guidance.
- Culturally attuned to Aotearoa and local data expectations.
- Versioned and transparent—no black boxes.
📋 Every NZGPTS engagement starts with a robust, plain-English Data Processing Agreement—no surprises for you or your legal team.
Key Terms
- Roles: Client = Controller; NZGPTS = Processor.
- Purpose: Provide advisory, audits, workflow automation, and deliverables per SOW.
- Data Types: Business operational data; limited personal information where necessary.
- Security: Encryption at rest/in transit; least-privilege; audit logs.
- Sub-processors: Disclosed list (AI vendors, hosting). We notify material changes.
- Cross-border: Only with comparable safeguards and client approval.
- Retention/Deletion: Default 90 days post-project unless otherwise agreed.
- Data Subject Rights: We assist Client to respond to access/correction/erasure requests.
- Incident Response: Notify without undue delay; cooperate with remediation.
- Audits: Reasonable audit rights on notice.
Download PIA Template (DOCX) · DPIA Checklist (PDF)
Need a signed DPA? Get in touch for a countersigned copy.