All Countries
Data Privacy
Controller To Controller Data Processing Agreement

Controller To Controller Data Processing Agreement Template for Austria

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Controller To Controller Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Controller To Controller Data Processing Agreement

"I need a Controller to Controller Data Processing Agreement under Austrian law for a financial services company sharing customer payment data with a marketing analytics provider, with particular emphasis on security measures and including provisions for international data transfers to Switzerland starting March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Controller To Controller Data Processing Agreement is essential when two organizations, acting as independent data controllers under EU GDPR and Austrian law, need to share personal data as part of their business operations. This document is crucial for establishing clear responsibilities and ensuring compliance with both the GDPR and the Austrian Data Protection Act (DSG). It should be used whenever two organizations independently determine the purposes and means of processing personal data and need to share that data with each other. The agreement covers critical aspects such as data security measures, breach notification procedures, data subject rights handling, and liability allocation. It's particularly important in the Austrian context as it incorporates specific national law requirements while maintaining GDPR compliance. The document serves as both a legal compliance tool and an operational framework for data sharing activities.
Suggested Sections

1. Parties: Identification of the two data controllers, including full legal names, registration details, and addresses

2. Background: Context of the agreement, nature of data sharing relationship, and general purpose of the processing activities

3. Definitions: Key terms used in the agreement, including those from GDPR and Austrian law, and agreement-specific definitions

4. Scope and Purpose of Data Processing: Detailed description of the data sharing arrangement, purposes of processing, and categories of data subjects and personal data

5. Roles and Responsibilities: Clear delineation of each controller's obligations, including primary processing responsibilities and compliance requirements

6. Legal Basis for Processing: Specification of the legal grounds under GDPR Article 6 for the processing activities of each controller

7. Data Protection Principles: Commitment to GDPR principles including lawfulness, fairness, transparency, purpose limitation, data minimization, and accuracy

8. Security Measures: Technical and organizational measures required to ensure appropriate security of the personal data

9. Data Subject Rights: Procedures for handling data subject requests and ensuring data subject rights are respected

10. Personal Data Breaches: Notification requirements and procedures in case of data breaches

11. Confidentiality: Obligations regarding confidentiality of shared personal data and business information

12. Term and Termination: Duration of the agreement and conditions for termination

13. Governing Law and Jurisdiction: Specification of Austrian law as governing law and jurisdiction for disputes

Optional Sections

1. Sub-processing: Include when either controller may engage sub-processors for the data processing activities

2. International Transfers: Include when personal data may be transferred outside the EEA

3. Audit Rights: Include when parties want specific rights to audit each other's compliance

4. Insurance: Include when parties require specific insurance coverage for data protection risks

5. Indemnification: Include when parties want specific indemnification provisions for data protection breaches

6. Joint Controller Arrangements: Include when certain processing activities involve joint controllership under Article 26 GDPR

7. Data Protection Impact Assessments: Include when high-risk processing requires DPIAs

8. Force Majeure: Include when parties want specific provisions for handling unforeseen circumstances

Suggested Schedules

1. Schedule 1 - Categories of Personal Data: Detailed list of personal data categories being processed and shared

2. Schedule 2 - Processing Activities: Detailed description of all processing activities, purposes, and legal bases

3. Schedule 3 - Technical and Organizational Measures: Detailed description of security measures implemented by both parties

4. Schedule 4 - Contact Points: List of key contacts for operational, legal, and data protection matters

5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Standard Operating Procedures: Operational procedures for day-to-day data sharing and processing

7. Appendix B - Data Subject Request Procedures: Detailed procedures for handling data subject rights requests

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Austrian Data Protection Act
Authorized Personnel
Business Day
Business Purpose
Confidential Information
Controller
Data Protection Impact Assessment
Data Protection Officer
Data Subject
Data Subject Rights
DSG
EEA
Effective Date
EU
Force Majeure Event
GDPR
Implementation Date
Information Security Incident
Joint Controllers
Member State
Notice
Personal Data
Personal Data Breach
Processing
Processor
Receiving Controller
Regulatory Authority
Representatives
Security Measures
Sensitive Personal Data
Services
Special Categories of Personal Data
Supervisory Authority
Technical and Organizational Measures
Term
Third Country
Third Party
Transfer
Transferring Controller
Clauses
Parties and Background
Definitions and Interpretation
Scope of Processing
Roles and Responsibilities
Legal Basis for Processing
Data Protection Compliance
Security Measures
Confidentiality
Data Subject Rights
Personal Data Breaches
Sub-processing
International Transfers
Audit Rights
Liability and Indemnification
Term and Termination
Data Retention and Deletion
Force Majeure
Assignment and Subcontracting
Notices
Severability
Entire Agreement
Amendments
Waiver
Third Party Rights
Governing Law and Jurisdiction
Dispute Resolution
Relevant Industries

Financial Services

Healthcare

Technology

E-commerce

Professional Services

Insurance

Telecommunications

Education

Real Estate

Manufacturing

Retail

Consulting

Marketing Services

Research and Development

Relevant Teams

Legal

Compliance

Data Protection

Information Security

Risk Management

Information Technology

Privacy

Operations

Business Development

Procurement

Information Governance

Contract Management

Relevant Roles

Data Protection Officer

Privacy Manager

Legal Counsel

Compliance Officer

Information Security Manager

Risk Manager

Chief Privacy Officer

Chief Information Security Officer

Chief Legal Officer

Chief Compliance Officer

Data Protection Specialist

Privacy Analyst

Information Governance Manager

Contract Manager

Business Development Manager

IT Director

Operations Manager

Industries
General Data Protection Regulation (GDPR): The fundamental EU regulation governing personal data processing, transfer, and protection. Particularly relevant are Article 26 (Joint Controllers) and Article 28 (Processor Obligations).
Austrian Data Protection Act (Datenschutzgesetz - DSG): The national law implementing and supplementing GDPR in Austria, providing specific requirements for data processing and protection in the Austrian context.
Austrian Civil Code (Allgemeines Bürgerliches Gesetzbuch - ABGB): Provides the basic framework for contract law in Austria, governing the formal requirements and validity of contracts.
Austrian Commercial Code (Unternehmensgesetzbuch - UGB): Governs commercial relationships and contracts between businesses in Austria.
Austrian Telecommunications Act (Telekommunikationsgesetz - TKG): Relevant if the data processing involves electronic communications or telecommunications services.
EU Standard Contractual Clauses (SCCs): While primarily for international transfers, these provide useful guidance on controller-to-controller data sharing arrangements.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Agreement On The Processing Of Personal Data

An Austrian law-governed agreement establishing terms for personal data processing between controller and processor, ensuring GDPR and DSG compliance.

find out more

Data Processing Contract

Austrian law-governed Data Processing Contract ensuring GDPR compliance for controller-processor relationships.

find out more

Joint Controller Agreement

An Austrian law-governed agreement defining responsibilities and obligations between parties jointly controlling personal data processing under GDPR Article 26.

find out more

Standard Data Processing Agreement

An Austrian law-governed Data Processing Agreement establishing GDPR-compliant terms between data controller and processor.

find out more

Order Data Processing Agreement

An Austrian law-governed Data Processing Agreement establishing terms for personal data processing under GDPR and national requirements.

find out more

Data Addendum

An Austrian law-governed data processing addendum ensuring GDPR and DSG compliance for controller-processor relationships.

find out more

Data Processing Addendum DPA

An Austrian law-governed Data Processing Addendum that establishes GDPR-compliant terms for personal data processing between controllers and processors.

find out more

Controller To Controller Data Processing Agreement

An Austrian law-governed agreement establishing data sharing arrangements between two independent data controllers, ensuring GDPR and DSG compliance.

find out more

Intercompany Data Processing Agreement

Austrian law-governed Intercompany Data Processing Agreement for GDPR-compliant data processing between group companies.

find out more

Controller To Controller DPA

An Austrian law-governed Data Processing Agreement between two independent data controllers, compliant with GDPR and DSG requirements.

find out more

Data Transfer Addendum

An Austrian law-governed addendum establishing terms for compliant personal data transfers between organizations, ensuring adherence to GDPR and Austrian data protection requirements.

find out more

Controller Processor Agreement

An Austrian law-governed agreement between a data controller and processor establishing GDPR-compliant terms for personal data processing.

find out more

Order Processing Agreement

Austrian law-governed Order Processing Agreement establishing GDPR-compliant terms for personal data processing between controller and processor.

find out more

Data Protection Agreement For Employees

An Austrian-law governed employee data protection agreement ensuring GDPR and DSG compliance in the employment relationship.

find out more

Affiliate Addendum

An Austrian law-governed addendum establishing terms and conditions for affiliate marketing relationships, including commission structures and compliance requirements.

find out more

Sub Processing Agreement

An Austrian law-governed agreement establishing terms for delegating personal data processing activities to a sub-processor, ensuring GDPR compliance.

find out more

International Data Transfer Agreement

An Austrian law-governed agreement for lawful transfer of personal data from EU/EEA to non-EU/EEA countries, ensuring GDPR compliance and appropriate data protection safeguards.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.