A Data Privacy Addendum is essential when one party processes personal data on behalf of another under Austrian jurisdiction. This document is typically used to supplement existing commercial agreements (such as service agreements, software licenses, or consulting contracts) where personal data processing is involved. It ensures compliance with the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), establishing clear protocols for data handling, security measures, and breach notifications. The addendum becomes particularly crucial when engaging service providers, implementing new data processing systems, or when Austrian organizations work with international partners. It should be customized based on the specific data processing activities, the sensitivity of the data involved, and any sector-specific requirements under Austrian law.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor, including their registered details and representatives
2. Background: Context of the relationship between parties and reference to the main agreement this DPA supplements
3. Definitions: Key terms used in the DPA, aligned with GDPR and Austrian DSG definitions
4. Scope and Purpose: Details of the personal data processing activities covered by the agreement
5. Roles and Responsibilities: Clear delineation of parties' roles (controller/processor) and their respective obligations
6. Processing Instructions: Specific instructions for data processing, including permitted purposes and processing boundaries
7. Data Security Measures: Technical and organizational measures required to ensure appropriate security of personal data
8. Confidentiality: Obligations regarding confidentiality and training of personnel with data access
9. Sub-processing: Conditions and requirements for engaging sub-processors
10. Data Subject Rights: Procedures for handling data subject requests and required cooperation
11. Data Breach Notification: Procedures and timeframes for reporting personal data breaches
12. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance
13. Term and Termination: Duration of the DPA and procedures for termination
14. Return or Deletion of Data: Obligations regarding personal data upon termination of services
15. Governing Law and Jurisdiction: Specification of Austrian law as governing law and jurisdiction for disputes
1. International Data Transfers: Required when personal data will be transferred outside the EEA, including mechanisms for lawful transfers
2. Special Categories of Data: Include when processing sensitive personal data, specifying additional safeguards
3. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals
4. Joint Controller Provisions: Include when parties act as joint controllers rather than controller-processor
5. Industry-Specific Requirements: Include provisions specific to regulated industries (e.g., healthcare, financial services)
6. Works Council Requirements: Include when processing employee data requiring works council approval under Austrian law
1. Schedule 1 - Processing Details: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented to protect personal data
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Standard Contractual Clauses: EU SCCs for international data transfers, if applicable
5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Appendix A - Contact Details: Contact information for data protection officers and key representatives
Find the exact document you need
Intra Group Agreement Data Protection
An Austrian law-governed agreement regulating data protection practices and compliance between group companies under GDPR and local data protection requirements.
Download
Joint Controller Data Sharing Agreement
An Austrian law-governed agreement establishing joint controller arrangements for data sharing and processing under GDPR and local data protection requirements.
Download
Commissioned Data Processing Agreement
An Austrian law-governed data processing agreement establishing controller-processor relationships under GDPR and local data protection requirements.
Download
Data Privacy Addendum
An Austrian law-governed Data Privacy Addendum ensuring GDPR and Austrian DSG compliance for personal data processing activities.
Download
Non Disclosure Agreement Data Protection
Austrian-law governed NDA with GDPR compliance focus, combining confidentiality and data protection requirements.
Download
Data Protection Addendum
An Austrian law-governed addendum that establishes GDPR-compliant terms for personal data processing between controllers and processors.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)