The Data Processing Agreement (DPA) is a crucial legal document required under Swiss data protection law when an organization (controller) engages another party (processor) to process personal data on its behalf. This agreement type is mandatory under the Swiss Federal Data Protection Act and often needs to consider GDPR requirements for international operations. The DPA Data Privacy Agreement establishes clear responsibilities, outlines security requirements, defines data handling procedures, and ensures compliance with Swiss privacy laws. It becomes particularly important in situations involving cross-border data transfers, cloud services, or any scenario where personal data processing is outsourced. The document addresses key aspects such as data security measures, breach notification requirements, sub-processor engagement, and data subject rights, while incorporating specific Swiss legal requirements and international data transfer mechanisms.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the data controller and data processor, including full legal names, registration details, and addresses
2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities
3. Definitions: Key terms used in the agreement, including those from FADP and GDPR where relevant
4. Scope and Purpose of Processing: Detailed description of what personal data will be processed and for what specific purposes
5. Duration of Processing: Timeline for data processing activities, including start date and termination conditions
6. Nature and Purpose of Processing: Detailed specification of processing activities and their legitimate business purposes
7. Categories of Data Subjects: Specification of whose personal data will be processed
8. Processor Obligations: Core obligations of the processor including security measures, confidentiality, and compliance requirements
9. Controller Obligations: Responsibilities and obligations of the controller, including lawful basis for processing
10. Sub-processing: Conditions and requirements for engaging sub-processors
11. International Data Transfers: Rules and safeguards for transferring data across borders
12. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights
13. Data Breach Notification: Procedures and timelines for reporting and handling data breaches
14. Audit Rights: Controller's rights to audit processor's compliance and related procedures
15. Termination: Conditions for termination and data handling upon termination
16. Liability and Indemnification: Allocation of risks and responsibilities between parties
17. Governing Law and Jurisdiction: Specification of Swiss law application and jurisdiction for disputes
1. Special Categories of Data: Additional provisions when processing sensitive personal data as defined under Swiss law and GDPR
2. Insurance Requirements: Specific insurance obligations when required by industry standards or client requirements
3. Business Continuity: Additional provisions for ensuring continuous data processing capabilities in crisis situations
4. Industry-Specific Compliance: Additional requirements for specific industries (e.g., healthcare, financial services)
5. Data Protection Impact Assessment: Procedures for conducting DPIAs when processing poses high risks
6. Joint Controller Provisions: Additional provisions when parties act as joint controllers rather than controller-processor
7. Specific Security Requirements: Additional security measures beyond standard requirements for high-risk processing
1. Schedule 1 - Processing Activities: Detailed list of specific processing activities, including data categories, purposes, and retention periods
2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented to protect personal data
3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers
5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Appendix A - Contact Details: Key contacts for both parties for operational and emergency matters
7. Appendix B - Standard Contractual Clauses: If required, incorporation of relevant SCCs for international transfers
Find the exact document you need
Joint Controller Data Processing Agreement
A Swiss law-governed agreement between joint controllers defining their respective responsibilities and obligations in joint personal data processing activities.
Download
DPA Data Privacy Agreement
Swiss law-governed Data Processing Agreement defining terms for personal data processing between controller and processor, ensuring FADP compliance with GDPR considerations.
Download
Data Controller DPA
Swiss law-governed Data Processing Agreement defining terms for handling personal data between controller and processor, compliant with Swiss FADP and relevant international standards.
Download
Commissioned Data Processing Agreement
A Swiss law-governed agreement establishing terms for commissioned processing of personal data, ensuring compliance with FADP/DSG requirements.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)