This DPA Agreement is essential when a company (controller) engages another party (processor) to process personal data on its behalf under Swiss jurisdiction. The agreement is required under the Swiss Federal Data Protection Act (FADP/DSG) and becomes particularly important when organizations handle personal data of Swiss residents or operate within Switzerland. It details the scope of data processing, security requirements, confidentiality obligations, and compliance measures. The document should be used whenever there's a controller-processor relationship, especially in cases involving systematic data processing, sensitive personal information, or cross-border data transfers. The agreement helps organizations demonstrate compliance with Swiss data protection laws while providing a framework for secure and lawful data processing operations.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
Alternatively...
1. Parties: Identification of the data controller and data processor, including full legal names and registered addresses
2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities
3. Definitions: Key terms used throughout the agreement, including specific Swiss law terminology and technical terms
4. Scope and Purpose of Processing: Detailed description of the authorized data processing activities and their specific purposes
5. Duration: Term of the agreement, including commencement date and termination provisions
6. Nature and Purpose of Processing: Specific details about how and why personal data will be processed
7. Types of Personal Data: Categories of personal data to be processed under the agreement
8. Categories of Data Subjects: Description of the types of individuals whose data will be processed
9. Obligations of the Processor: Detailed responsibilities and duties of the data processor, including security measures and confidentiality
10. Obligations of the Controller: Responsibilities and duties of the data controller, including lawful basis for processing
11. Technical and Organizational Measures: Security measures required to protect personal data
12. Sub-processing: Conditions and requirements for engaging sub-processors
13. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights
14. Data Breach Notification: Procedures and timeframes for reporting data breaches
15. Audit Rights: Controller's rights to audit the processor's compliance
16. Return or Deletion of Data: Obligations regarding data handling upon agreement termination
17. Liability and Indemnification: Allocation of responsibility and liability between parties
18. Governing Law and Jurisdiction: Specification of Swiss law application and jurisdiction
1. Cross-border Data Transfers: Required when personal data will be transferred outside Switzerland, including safeguards and legal mechanisms
2. Special Categories of Data: Include when processing sensitive personal data requiring additional safeguards
3. Data Protection Impact Assessment: Required when processing is likely to result in high risk to individuals
4. Insurance Requirements: Specific insurance obligations for high-risk or regulated sector processing
5. Industry-Specific Compliance: Additional requirements for regulated sectors (e.g., healthcare, financial services)
6. Data Protection Officer: Details of DPO appointments where required by law
7. Joint Controller Provisions: Required when multiple controllers are involved in determining processing purposes
1. Schedule 1 - Processing Activities: Detailed list of specific processing activities, including purposes, categories of data, and retention periods
2. Schedule 2 - Technical and Organizational Measures: Detailed description of security measures, including physical, technical, and organizational controls
3. Schedule 3 - Approved Sub-processors: List of authorized sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, if applicable
5. Schedule 5 - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
6. Appendix A - Contact Details: Key contacts for both parties, including emergency contacts and DPOs
7. Appendix B - Standard Contractual Clauses: If required for international transfers, incorporating appropriate SCCs
Authors
Find the document you need
International Data Transfer Addendum
Swiss law-governed addendum for regulating international personal data transfers, ensuring compliance with FADP requirements and data protection standards.
Download
Intra Group Agreement Data Protection
Swiss law-governed agreement regulating data protection and transfers between group companies under FADP/DSG.
Download
Joint Controller Agreement
A Swiss law-governed agreement establishing responsibilities and obligations between joint controllers for personal data processing under FADP and considering GDPR requirements.
Download
Data Processing Addendum DPA
A Swiss law-governed agreement defining terms and responsibilities for personal data processing between controller and processor, ensuring compliance with FADP/revFADP and relevant GDPR requirements.
Download
Controller To Controller Data Processing Agreement
Swiss law-governed agreement establishing data sharing framework between two independent data controllers, ensuring FADP compliance and defining mutual data protection responsibilities.
Download
DPA Agreement
Swiss law-governed Data Processing Agreement defining controller-processor relationships and compliance requirements under FADP/DSG.
Download
Sub Processing Agreement
A Swiss law-governed agreement establishing terms for sub-processor data handling, ensuring compliance with Swiss FADP and related data protection requirements.
Download
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
