All Countries
Data Privacy
Data Protection Addendum

Data Protection Addendum Template for Switzerland

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Data Protection Addendum

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Data Protection Addendum

"I need a Data Protection Addendum for my Swiss-based software company acting as a data processor for multiple EU clients, with particular focus on cloud storage services and automated data processing, to be implemented by March 2025."

Celebrated by
Collaborations with
Investors
Document background
This Data Protection Addendum is essential for organizations processing personal data under Swiss jurisdiction, particularly when one party acts as a data controller and another as a data processor. It should be used to supplement main service agreements where personal data processing occurs, ensuring compliance with the Swiss Federal Data Protection Act (FADP/DSG) and related regulations. The document becomes particularly crucial when organizations handle sensitive personal data, engage in cross-border data transfers, or need to demonstrate compliance with Swiss data protection requirements to regulators or business partners. It includes detailed provisions on data security measures, breach notification procedures, sub-processing arrangements, and data subject rights, while considering potential implications of other relevant regulations such as the GDPR where applicable.
Suggested Sections

1. Parties: Identification of the parties, including their roles as data controller, data processor, or joint controllers

2. Background: Context of the relationship between the parties and reference to the main agreement this DPA supplements

3. Definitions: Key terms used in the agreement, aligned with Swiss FADP and where applicable, GDPR definitions

4. Scope and Purpose: Details of the data processing activities covered by the addendum

5. Roles and Responsibilities: Specific obligations of each party based on their role (controller/processor)

6. Data Processing Principles: Fundamental principles for processing personal data in compliance with Swiss law

7. Technical and Organizational Measures: Security measures required to protect personal data

8. Sub-processing: Rules and requirements for engaging sub-processors

9. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights

10. Data Breach Notification: Procedures and timeframes for reporting data breaches

11. Audit Rights: Rights and procedures for conducting data protection audits

12. Term and Termination: Duration of the DPA and termination provisions

13. Return or Deletion of Data: Obligations regarding personal data upon termination

14. Liability and Indemnification: Allocation of responsibility and liability between parties

15. Governing Law and Jurisdiction: Confirmation of Swiss law application and jurisdiction

Optional Sections

1. Cross-Border Transfers: Required when personal data will be transferred outside Switzerland, including transfer mechanisms and safeguards

2. Special Categories of Data: Include when processing sensitive personal data categories as defined under Swiss law

3. Industry-Specific Requirements: Add when dealing with regulated industries (e.g., financial services, healthcare)

4. Joint Controller Arrangements: Required when parties act as joint controllers rather than controller-processor

5. Data Protection Officer: Include when either party has appointed a DPO or similar role

6. Insurance Requirements: Optional section specifying required insurance coverage for data protection risks

7. Force Majeure: Optional provisions for handling data protection obligations during force majeure events

Suggested Schedules

1. Schedule 1 - Processing Details: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes

2. Schedule 2 - Technical and Organizational Measures: Detailed specifications of security measures implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, including standard contractual clauses if applicable

5. Schedule 5 - Data Breach Response Plan: Detailed procedures and contact information for data breach response

6. Appendix A - Contact Details: Key contacts for data protection matters at both parties

7. Appendix B - Audit Procedures: Detailed procedures for conducting data protection audits

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Personnel
Confidential Information
Controller
Cross-border Transfer
Data Breach
Data Processing Agreement
Data Protection Laws
Data Subject
Data Subject Rights
EEA
FADP
FDPO
GDPR
Joint Controller
Main Agreement
Personal Data
Personal Data Breach
Process/Processing
Processor
Professional Secrecy
Restricted Transfer
Sensitive Personal Data
Services
Standard Contractual Clauses
Sub-processor
Swiss Federal Data Protection Act
Swiss Federal Data Protection Ordinance
Technical and Organizational Measures
Term
Third Country
Third Party
Transfer Mechanism
Transfer Impact Assessment
Relevant Industries

Technology

Financial Services

Healthcare

Insurance

Retail

Manufacturing

Professional Services

Telecommunications

Education

Pharmaceuticals

E-commerce

Cloud Services

Consulting

Marketing Services

Research and Development

Human Resources Services

Legal Services

Relevant Teams

Legal

Compliance

Information Security

Privacy

Information Technology

Risk Management

Procurement

Operations

Vendor Management

Data Protection

Information Governance

Commercial

Corporate Affairs

Technology Operations

Security Operations

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Chief Information Security Officer

Privacy Counsel

Legal Counsel

Compliance Officer

Information Security Manager

Privacy Manager

Risk Manager

IT Director

Operations Director

Procurement Manager

Contract Manager

Chief Technology Officer

Chief Legal Officer

Data Protection Specialist

Privacy Analyst

Information Governance Manager

Vendor Management Officer

Commercial Director

Industries
Swiss Federal Data Protection Act (FADP/FDPA/DSG): The primary Swiss data protection law that governs the processing of personal data by private persons and federal bodies. The revised version came into effect on September 1, 2023, bringing Swiss law closer to GDPR standards.
Swiss Federal Data Protection Ordinance (FDPO/VDSG): The implementing ordinance that provides detailed requirements and specifications for implementing the FADP, including specific technical and organizational measures.
EU General Data Protection Regulation (GDPR): While not directly applicable in Switzerland, it's relevant due to its extraterritorial scope and Switzerland's close alignment with EU standards. Many Swiss companies process EU residents' data or work with EU partners.
Swiss Federal Act on International Private Law (IPRG): Relevant for determining applicable law and jurisdiction in cross-border data processing scenarios.
Swiss Criminal Code (StGB): Contains provisions on data theft, unauthorized data access, and breach of privacy or secrecy obligations.
Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF): May be relevant for telecommunications data and retention requirements.
Swiss Banking Act and related regulations: If financial data is involved, contains specific provisions on banking secrecy and data protection in the financial sector.
Swiss Federal Act on Electronic Signatures (ZertES): Relevant for electronic signature requirements and digital identity verification in data processing agreements.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

International Data Transfer Addendum

Swiss law-governed addendum for regulating international personal data transfers, ensuring compliance with FADP requirements and data protection standards.

find out more

Intra Group Agreement Data Protection

Swiss law-governed agreement regulating data protection and transfers between group companies under FADP/DSG.

find out more

Joint Controller Agreement

A Swiss law-governed agreement establishing responsibilities and obligations between joint controllers for personal data processing under FADP and considering GDPR requirements.

find out more

Standard Data Processing Agreement

Swiss law-governed Data Processing Agreement establishing controller-processor obligations under FADP/DSG and aligned with GDPR requirements.

find out more

Data Addendum

Swiss law-governed data protection addendum establishing data processing obligations and compliance with FADP/DPA requirements.

find out more

Data Processing Addendum DPA

A Swiss law-governed agreement defining terms and responsibilities for personal data processing between controller and processor, ensuring compliance with FADP/revFADP and relevant GDPR requirements.

find out more

International Data Protection Agreement

Swiss law-governed agreement regulating international data protection and cross-border data transfers, ensuring compliance with Swiss FADP and relevant international standards.

find out more

Data Sharing Agreement Controller To Processor

Swiss law-governed Data Sharing Agreement between Controller and Processor, ensuring FADP/LPD compliance and establishing data processing safeguards.

find out more

Processor To Processor DPA

A Swiss law-governed agreement between two data processors establishing terms and conditions for delegated data processing activities.

find out more

Controller To Controller Data Processing Agreement

Swiss law-governed agreement establishing data sharing framework between two independent data controllers, ensuring FADP compliance and defining mutual data protection responsibilities.

find out more

Intercompany Data Processing Agreement

Swiss law-governed agreement regulating intra-group personal data processing activities, ensuring compliance with Swiss FADP and relevant GDPR requirements.

find out more

Controller To Controller DPA

Swiss law-governed agreement between two data controllers establishing framework for lawful personal data sharing and processing.

find out more

DPA Agreement

Swiss law-governed Data Processing Agreement defining controller-processor relationships and compliance requirements under FADP/DSG.

find out more

Order Processing Agreement

A Swiss law-governed agreement between a data controller and processor that establishes obligations and responsibilities for personal data processing under FADP/DSG.

find out more

Data Privacy Addendum

Swiss law-governed Data Privacy Addendum ensuring compliance with Swiss FADP/revFADP and alignment with GDPR requirements for personal data processing.

find out more

Sub Processing Agreement

A Swiss law-governed agreement establishing terms for sub-processor data handling, ensuring compliance with Swiss FADP and related data protection requirements.

find out more

International Data Transfer Agreement

Swiss-law governed International Data Transfer Agreement for compliant cross-border personal data transfers under the revFDPA.

find out more

Data Protection Addendum

A Swiss law-governed Data Protection Addendum establishing data processing requirements and responsibilities between parties under Swiss FADP/DSG.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.