All Countries
Compliance
Data Privacy Addendum

Data Privacy Addendum Template for Austria

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Privacy Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Privacy Addendum

"I need a Data Privacy Addendum under Austrian law for my cloud software company that will process customer data across the EU and US, with implementation planned for March 2025; it must include provisions for international data transfers and cloud storage security measures."

Celebrated by
Collaborations with
Investors
Document background
A Data Privacy Addendum is essential when one party processes personal data on behalf of another under Austrian jurisdiction. This document is typically used to supplement existing commercial agreements (such as service agreements, software licenses, or consulting contracts) where personal data processing is involved. It ensures compliance with the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), establishing clear protocols for data handling, security measures, and breach notifications. The addendum becomes particularly crucial when engaging service providers, implementing new data processing systems, or when Austrian organizations work with international partners. It should be customized based on the specific data processing activities, the sensitivity of the data involved, and any sector-specific requirements under Austrian law.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including their registered details and representatives

2. Background: Context of the relationship between parties and reference to the main agreement this DPA supplements

3. Definitions: Key terms used in the DPA, aligned with GDPR and Austrian DSG definitions

4. Scope and Purpose: Details of the personal data processing activities covered by the agreement

5. Roles and Responsibilities: Clear delineation of parties' roles (controller/processor) and their respective obligations

6. Processing Instructions: Specific instructions for data processing, including permitted purposes and processing boundaries

7. Data Security Measures: Technical and organizational measures required to ensure appropriate security of personal data

8. Confidentiality: Obligations regarding confidentiality and training of personnel with data access

9. Sub-processing: Conditions and requirements for engaging sub-processors

10. Data Subject Rights: Procedures for handling data subject requests and required cooperation

11. Data Breach Notification: Procedures and timeframes for reporting personal data breaches

12. Audit Rights: Controller's audit rights and processor's obligations to demonstrate compliance

13. Term and Termination: Duration of the DPA and procedures for termination

14. Return or Deletion of Data: Obligations regarding personal data upon termination of services

15. Governing Law and Jurisdiction: Specification of Austrian law as governing law and jurisdiction for disputes

Optional Sections

1. International Data Transfers: Required when personal data will be transferred outside the EEA, including mechanisms for lawful transfers

2. Special Categories of Data: Include when processing sensitive personal data, specifying additional safeguards

3. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals

4. Joint Controller Provisions: Include when parties act as joint controllers rather than controller-processor

5. Industry-Specific Requirements: Include provisions specific to regulated industries (e.g., healthcare, financial services)

6. Works Council Requirements: Include when processing employee data requiring works council approval under Austrian law

Suggested Schedules

1. Schedule 1 - Processing Details: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Standard Contractual Clauses: EU SCCs for international data transfers, if applicable

5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Contact Details: Contact information for data protection officers and key representatives

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Austrian Data Protection Act
Austrian Data Protection Authority
Authorized Persons
Business Purpose
Controller
Data Subject
Data Subject Rights
Data Protection Impact Assessment
EEA
EU Standard Contractual Clauses
GDPR
Information Security Incident
International Transfer
Main Agreement
Personal Data
Personal Data Breach
Processing
Processor
Professional Secrecy
Regulatory Authority
Representatives
Restricted Transfer
Security Measures
Sensitive Personal Data
Services
Special Categories of Personal Data
Sub-processor
Supervisory Authority
Technical and Organizational Measures
Term
Third Country
Transfer Mechanism
Works Council
Clauses
Parties
Definitions
Scope of Processing
Controller Obligations
Processor Obligations
Sub-Processing
Data Security
Confidentiality
Data Subject Rights
Data Breach Notification
Cross-Border Transfers
Audit Rights
Liability
Indemnification
Compliance with Laws
Term and Termination
Data Deletion
Governing Law
Dispute Resolution
Assignment
Severability
Entire Agreement
Amendments
Notices
Force Majeure
Data Protection Impact Assessment
Records of Processing
Personnel Obligations
Technical Measures
Organizational Measures
Regulatory Cooperation
Insurance
Works Council Compliance
Relevant Industries

Technology

Healthcare

Financial Services

E-commerce

Manufacturing

Professional Services

Education

Telecommunications

Insurance

Retail

Marketing and Advertising

Cloud Services

Human Resources

Research and Development

Relevant Teams

Legal

Compliance

Information Security

IT

Risk Management

Operations

Procurement

Data Protection

Privacy

Vendor Management

Information Governance

Internal Audit

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Legal Counsel

Compliance Manager

Information Security Manager

IT Director

Risk Manager

Operations Manager

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Information Security Officer

Privacy Analyst

Data Protection Specialist

General Counsel

Head of Compliance

Chief Operating Officer

Vendor Manager

Industries
General Data Protection Regulation (GDPR): EU Regulation 2016/679 - The primary data protection legislation in the EU, directly applicable in Austria, governing the processing of personal data
Austrian Data Protection Act (DSG): National law implementing and supplementing the GDPR in Austria, including specific national requirements and derogations
Austrian Telecommunications Act (TKG 2021): Governs electronic communications and related data protection aspects in telecommunications
Austrian Data Protection Authority Guidelines: Official guidance and decisions from the Austrian Datenschutzbehörde that interpret and apply data protection laws
EU Standard Contractual Clauses (SCCs): Required for international data transfers outside the EEA, as implemented in Austrian context
Austrian Labor Constitutional Act: Relevant for employee data processing and works council requirements regarding data protection measures
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Intra Group Agreement Data Protection

An Austrian law-governed agreement regulating data protection practices and compliance between group companies under GDPR and local data protection requirements.

find out more

Joint Controller Data Sharing Agreement

An Austrian law-governed agreement establishing joint controller arrangements for data sharing and processing under GDPR and local data protection requirements.

find out more

Commissioned Data Processing Agreement

An Austrian law-governed data processing agreement establishing controller-processor relationships under GDPR and local data protection requirements.

find out more

Data Privacy Addendum

An Austrian law-governed Data Privacy Addendum ensuring GDPR and Austrian DSG compliance for personal data processing activities.

find out more

Non Disclosure Agreement Data Protection

Austrian-law governed NDA with GDPR compliance focus, combining confidentiality and data protection requirements.

find out more

Data Protection Addendum

An Austrian law-governed addendum that establishes GDPR-compliant terms for personal data processing between controllers and processors.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.