This Joint Controller Data Processing Agreement is essential when two or more entities jointly determine the purposes and means of processing personal data in Switzerland. It is particularly relevant following the implementation of the revised Swiss Federal Data Protection Act (FADP) in 2023, which introduced stricter requirements for data processing arrangements. The document should be used when organizations share decision-making authority over data processing activities, need to clearly define their respective responsibilities, and must ensure compliance with Swiss data protection requirements. It includes crucial provisions on data security, breach notification, liability allocation, and data subject rights management, while also considering potential GDPR implications for cross-border activities.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership聽of your docs
1. Parties: Identification of the joint controllers entering into the agreement
2. Background: Context of the joint processing activities and purpose of the agreement
3. Definitions: Definitions of key terms used in the agreement, including those from FADP and GDPR where applicable
4. Scope and Purpose: Detailed description of the joint processing activities and their purposes
5. Roles and Responsibilities: Specific allocation of responsibilities between joint controllers
6. Transparency and Data Subject Rights: How the parties will handle data subject requests and ensure transparency
7. Data Security Measures: Security requirements and measures to be implemented by both parties
8. Data Breach Notification: Procedures for handling and notifying data breaches
9. Liability and Indemnification: Allocation of liability between parties and indemnification provisions
10. Term and Termination: Duration of the agreement and termination provisions
11. Governing Law and Jurisdiction: Confirmation of Swiss law application and jurisdiction
1. International Data Transfers: Required if personal data will be transferred outside Switzerland or the EEA
2. Sub-processing: Include if either controller will engage sub-processors
3. Insurance Requirements: Include if specific insurance coverage is required from either party
4. Audit Rights: Include if parties want specific audit provisions beyond statutory requirements
5. Data Protection Impact Assessments: Include if joint processing activities require DPIAs
6. Industry-Specific Requirements: Include if processing involves regulated sectors (e.g., healthcare, financial services)
1. Schedule 1 - Processing Activities: Detailed description of processing activities, categories of data, and purposes
2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented by each controller
3. Schedule 3 - Data Subject Information: Template privacy notices and information to be provided to data subjects
4. Schedule 4 - Data Breach Response Plan: Detailed procedures for handling data breaches
5. Schedule 5 - Contact Points: Key contacts for operational matters and data protection concerns
6. Appendix A - Data Subject Request Procedure: Process flow for handling data subject requests
7. Appendix B - Sub-processor List: If applicable, list of approved sub-processors
Find the exact document you need
Joint Controller Data Processing Agreement
A Swiss law-governed agreement between joint controllers defining their respective responsibilities and obligations in joint personal data processing activities.
Download
DPA Data Privacy Agreement
Swiss law-governed Data Processing Agreement defining terms for personal data processing between controller and processor, ensuring FADP compliance with GDPR considerations.
Download
Data Controller DPA
Swiss law-governed Data Processing Agreement defining terms for handling personal data between controller and processor, compliant with Swiss FADP and relevant international standards.
Download
Commissioned Data Processing Agreement
A Swiss law-governed agreement establishing terms for commissioned processing of personal data, ensuring compliance with FADP/DSG requirements.
Download
骋别苍颈别鈥檚 Security Promise
Genie is the safest place to draft. Here鈥檚 how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; 骋别苍颈别鈥檚 AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
.png)