All Countries
Compliance
DPA Data Privacy Agreement

DPA Data Privacy Agreement Template for Switzerland

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your DPA Data Privacy Agreement

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

DPA Data Privacy Agreement

"I need a Data Processing Agreement (DPA) under Swiss law for my cloud software company acting as a processor for EU-based clients, with specific provisions for handling sensitive healthcare data and cross-border transfers to our data centers in Switzerland."

Celebrated by
Collaborations with
Investors
Document background
The Data Processing Agreement (DPA) is a crucial legal document required under Swiss data protection law when an organization (controller) engages another party (processor) to process personal data on its behalf. This agreement type is mandatory under the Swiss Federal Data Protection Act and often needs to consider GDPR requirements for international operations. The DPA Data Privacy Agreement establishes clear responsibilities, outlines security requirements, defines data handling procedures, and ensures compliance with Swiss privacy laws. It becomes particularly important in situations involving cross-border data transfers, cloud services, or any scenario where personal data processing is outsourced. The document addresses key aspects such as data security measures, breach notification requirements, sub-processor engagement, and data subject rights, while incorporating specific Swiss legal requirements and international data transfer mechanisms.
Suggested Sections

1. Parties: Identification of the data controller and data processor, including full legal names, registration details, and addresses

2. Background: Context of the agreement, relationship between parties, and purpose of data processing activities

3. Definitions: Key terms used in the agreement, including those from FADP and GDPR where relevant

4. Scope and Purpose of Processing: Detailed description of what personal data will be processed and for what specific purposes

5. Duration of Processing: Timeline for data processing activities, including start date and termination conditions

6. Nature and Purpose of Processing: Detailed specification of processing activities and their legitimate business purposes

7. Categories of Data Subjects: Specification of whose personal data will be processed

8. Processor Obligations: Core obligations of the processor including security measures, confidentiality, and compliance requirements

9. Controller Obligations: Responsibilities and obligations of the controller, including lawful basis for processing

10. Sub-processing: Conditions and requirements for engaging sub-processors

11. International Data Transfers: Rules and safeguards for transferring data across borders

12. Data Subject Rights: Procedures for handling data subject requests and ensuring their rights

13. Data Breach Notification: Procedures and timelines for reporting and handling data breaches

14. Audit Rights: Controller's rights to audit processor's compliance and related procedures

15. Termination: Conditions for termination and data handling upon termination

16. Liability and Indemnification: Allocation of risks and responsibilities between parties

17. Governing Law and Jurisdiction: Specification of Swiss law application and jurisdiction for disputes

Optional Sections

1. Special Categories of Data: Additional provisions when processing sensitive personal data as defined under Swiss law and GDPR

2. Insurance Requirements: Specific insurance obligations when required by industry standards or client requirements

3. Business Continuity: Additional provisions for ensuring continuous data processing capabilities in crisis situations

4. Industry-Specific Compliance: Additional requirements for specific industries (e.g., healthcare, financial services)

5. Data Protection Impact Assessment: Procedures for conducting DPIAs when processing poses high risks

6. Joint Controller Provisions: Additional provisions when parties act as joint controllers rather than controller-processor

7. Specific Security Requirements: Additional security measures beyond standard requirements for high-risk processing

Suggested Schedules

1. Schedule 1 - Processing Activities: Detailed list of specific processing activities, including data categories, purposes, and retention periods

2. Schedule 2 - Technical and Organizational Measures: Detailed security measures implemented to protect personal data

3. Schedule 3 - Approved Sub-processors: List of pre-approved sub-processors and their processing activities

4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers

5. Schedule 5 - Data Breach Response Plan: Detailed procedures for handling and reporting data breaches

6. Appendix A - Contact Details: Key contacts for both parties for operational and emergency matters

7. Appendix B - Standard Contractual Clauses: If required, incorporation of relevant SCCs for international transfers

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Agreement
Applicable Data Protection Laws
Authorized Persons
Business Day
Controller
Cross-border Transfer
Data Subject
Data Subject Rights
EEA
FADP
GDPR
International Transfer Mechanism
Personal Data
Personal Data Breach
Processing
Processor
Professional Secrecy
Restricted Transfer
Sensitive Personal Data
Services
Standard Contractual Clauses
Sub-processor
Swiss Federal Data Protection Act
Technical and Organizational Measures
Term
Third Country
Supervisory Authority
Swiss Data Protection Authority
Written Instructions
Data Protection Impact Assessment
Records of Processing Activities
Data Protection Officer
Data Minimization
Privacy by Design
Privacy by Default
Legitimate Interest
Consent
Data Retention Period
Security Breach
Confidential Information
Clauses
Definitions
Scope of Processing
Processing Instructions
Confidentiality
Security Measures
Sub-processing
Data Subject Rights
Cross-border Transfers
Audit Rights
Data Breach Notification
Liability
Indemnification
Term and Termination
Return or Deletion of Data
Governing Law
Dispute Resolution
Force Majeure
Assignment
Notices
Severability
Entire Agreement
Amendment
Compliance with Laws
Data Protection Impact Assessment
Record Keeping
Personnel Obligations
Insurance
Warranties
Third Party Rights
Non-solicitation
Business Continuity
Intellectual Property
Relevant Industries

Technology

Healthcare

Financial Services

Education

E-commerce

Manufacturing

Professional Services

Telecommunications

Insurance

Retail

Pharmaceutical

Cloud Services

Consulting

Marketing and Advertising

Research and Development

Relevant Teams

Legal

Compliance

Information Security

IT

Privacy

Risk Management

Operations

Procurement

Information Governance

Data Protection

Vendor Management

Relevant Roles

Chief Privacy Officer

Data Protection Officer

Legal Counsel

Privacy Manager

Compliance Officer

Information Security Manager

IT Director

Chief Information Security Officer

Chief Technology Officer

Risk Manager

Operations Director

Procurement Manager

Contract Manager

Chief Legal Officer

Privacy Analyst

Data Protection Specialist

Information Governance Manager

Industries
Swiss Federal Data Protection Act (FADP/DSG): The primary Swiss law governing data protection, recently revised to align more closely with GDPR standards. Sets out basic principles for data processing, rights of data subjects, and obligations of data controllers and processors.
Swiss Federal Data Protection Ordinance (FDPO): The implementing ordinance that provides detailed requirements and specifications for implementing the FADP, including specific security measures and cross-border data transfer requirements.
EU General Data Protection Regulation (GDPR): While not directly applicable in Switzerland, GDPR compliance is often necessary due to its extraterritorial scope and Switzerland's close economic ties with the EU. Essential for international data transfers and business operations.
Swiss Federal Act on International Private Law (IPRG): Relevant for determining applicable law and jurisdiction in international data processing relationships, particularly important for cross-border data transfers.
Swiss Criminal Code: Contains provisions on data theft, unauthorized access to data processing systems, and breach of professional confidentiality, which may be relevant for data protection violations.
Swiss Federal Act on Telecommunications (FMG): Relevant when the data processing involves telecommunications services or electronic communications, including specific requirements for telecommunications service providers.
Swiss Federal Act on Electronic Signatures (ZertES): Important for requirements regarding electronic signatures in DPAs and related documents, ensuring legal validity of electronic agreements.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Joint Controller Data Processing Agreement

A Swiss law-governed agreement between joint controllers defining their respective responsibilities and obligations in joint personal data processing activities.

find out more

DPA Data Privacy Agreement

Swiss law-governed Data Processing Agreement defining terms for personal data processing between controller and processor, ensuring FADP compliance with GDPR considerations.

find out more

Data Controller DPA

Swiss law-governed Data Processing Agreement defining terms for handling personal data between controller and processor, compliant with Swiss FADP and relevant international standards.

find out more

Commissioned Data Processing Agreement

A Swiss law-governed agreement establishing terms for commissioned processing of personal data, ensuring compliance with FADP/DSG requirements.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.