All Countries
Compliance
Joint Controller Data Processing Agreement

Joint Controller Data Processing Agreement Template for Switzerland

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Joint Controller Data Processing Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Joint Controller Data Processing Agreement

"I need a Joint Controller Data Processing Agreement under Swiss law for a collaboration between our healthcare institution and a research organization, including specific provisions for handling sensitive medical data and cross-border transfers to Germany."

Celebrated by
Collaborations with
Investors
Document background
This Joint Controller Data Processing Agreement is essential when two or more entities jointly determine the purposes and means of processing personal data in Switzerland. It is particularly relevant following the implementation of the revised Swiss Federal Data Protection Act (FADP) in 2023, which introduced stricter requirements for data processing arrangements. The document should be used when organizations share decision-making authority over data processing activities, need to clearly define their respective responsibilities, and must ensure compliance with Swiss data protection requirements. It includes crucial provisions on data security, breach notification, liability allocation, and data subject rights management, while also considering potential GDPR implications for cross-border activities.
Suggested Sections

1. Parties: Identification of the joint controllers entering into the agreement

2. Background: Context of the joint processing activities and purpose of the agreement

3. Definitions: Definitions of key terms used in the agreement, including those from FADP and GDPR where applicable

4. Scope and Purpose: Detailed description of the joint processing activities and their purposes

5. Roles and Responsibilities: Specific allocation of responsibilities between joint controllers

6. Transparency and Data Subject Rights: How the parties will handle data subject requests and ensure transparency

7. Data Security Measures: Security requirements and measures to be implemented by both parties

8. Data Breach Notification: Procedures for handling and notifying data breaches

9. Liability and Indemnification: Allocation of liability between parties and indemnification provisions

10. Term and Termination: Duration of the agreement and termination provisions

11. Governing Law and Jurisdiction: Confirmation of Swiss law application and jurisdiction

Optional Sections

1. International Data Transfers: Required if personal data will be transferred outside Switzerland or the EEA

2. Sub-processing: Include if either controller will engage sub-processors

3. Insurance Requirements: Include if specific insurance coverage is required from either party

4. Audit Rights: Include if parties want specific audit provisions beyond statutory requirements

5. Data Protection Impact Assessments: Include if joint processing activities require DPIAs

6. Industry-Specific Requirements: Include if processing involves regulated sectors (e.g., healthcare, financial services)

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed description of processing activities, categories of data, and purposes

2. Schedule 2 - Technical and Organizational Measures: Specific security measures implemented by each controller

3. Schedule 3 - Data Subject Information: Template privacy notices and information to be provided to data subjects

4. Schedule 4 - Data Breach Response Plan: Detailed procedures for handling data breaches

5. Schedule 5 - Contact Points: Key contacts for operational matters and data protection concerns

6. Appendix A - Data Subject Request Procedure: Process flow for handling data subject requests

7. Appendix B - Sub-processor List: If applicable, list of approved sub-processors

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Business Day
Confidential Information
Controller
Data Protection Impact Assessment
Data Subject
Data Subject Request
EEA
FADP
FDPO
Force Majeure
GDPR
Information Commissioner
Joint Controllers
Joint Processing Activities
Personal Data
Personal Data Breach
Processing
Processing Purposes
Processor
Professional Secrecy
Regulatory Authority
Representative
Sensitive Personal Data
Sub-processor
Swiss Law
Technical and Organizational Measures
Term
Third Country
Third Party
Transfer Mechanisms
Transparency Notice
Relevant Industries

Healthcare

Financial Services

Education

Technology

E-commerce

Manufacturing

Professional Services

Insurance

Telecommunications

Research and Development

Retail

Transportation and Logistics

Public Sector

Relevant Teams

Legal

Compliance

Information Security

Information Technology

Risk Management

Data Protection

Operations

Project Management

Business Development

Procurement

Corporate Governance

Relevant Roles

Data Protection Officer

Privacy Officer

Chief Legal Officer

General Counsel

Compliance Manager

Information Security Officer

Chief Technology Officer

Risk Manager

Operations Director

Project Manager

Data Protection Specialist

Privacy Counsel

Chief Information Security Officer

Business Development Director

Contract Manager

Industries
Swiss Federal Data Protection Act (FADP/FDPA/DSG): The primary Swiss data protection law that governs the processing of personal data by private persons and federal bodies in Switzerland. The revised version came into effect in September 2023.
Swiss Federal Data Protection Ordinance (FDPO): The implementing ordinance that provides detailed requirements and specifications for implementing the FADP.
EU General Data Protection Regulation (GDPR): While not directly applicable, Swiss companies often need to comply with GDPR if they process EU residents' data or offer goods/services to EU residents.
Swiss Code of Obligations (CO): Relevant for contractual aspects of the agreement, including formation, execution, and liability provisions between joint controllers.
Swiss Federal Act on Electronic Signatures (ZertES): Relevant if the agreement will be signed electronically, providing framework for valid electronic signatures in Switzerland.
Federal Act on the Implementation of International Sanctions (Embargo Act): May be relevant for international data transfers and business relationships, especially if one joint controller is located in a jurisdiction subject to international sanctions.
Swiss Criminal Code: Contains provisions on data theft, unauthorized data access, and breach of privacy obligations that joint controllers must be aware of.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Data Processing Agreement

A Swiss law-governed agreement between joint controllers defining their respective responsibilities and obligations in joint personal data processing activities.

find out more

DPA Data Privacy Agreement

Swiss law-governed Data Processing Agreement defining terms for personal data processing between controller and processor, ensuring FADP compliance with GDPR considerations.

find out more

Data Controller DPA

Swiss law-governed Data Processing Agreement defining terms for handling personal data between controller and processor, compliant with Swiss FADP and relevant international standards.

find out more

Commissioned Data Processing Agreement

A Swiss law-governed agreement establishing terms for commissioned processing of personal data, ensuring compliance with FADP/DSG requirements.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.