This Data Controller DPA is essential for any organization that engages third parties to process personal data under Swiss jurisdiction. The document is specifically designed to meet the requirements of Swiss data protection law, including the Federal Act on Data Protection and its revised version, while also considering international data protection standards where applicable. It serves as a legally binding agreement that defines the relationship between a data controller and data processor, establishing clear guidelines for data handling, security measures, breach notifications, and compliance requirements. This agreement is particularly crucial given Switzerland's strict data protection regime and its position as a major international business hub, often requiring compliance with both Swiss and EU data protection standards. The document should be implemented before any data processing activities commence and updated as regulatory requirements or processing activities evolve.
Create a bespoke document in minutes, or upload and review your own.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Key Requirements PROMPT example:
Data Controller DPA
"I need a Data Controller DPA under Swiss law for our cloud-based healthcare software company that will process patient data from both Swiss and EU hospitals, with specific provisions for GDPR compliance and healthcare industry standards, to be implemented by March 2025."
Your data doesn't train Genie's AI
You keep IP ownership of your information
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
OR
1. Parties: Identification of the data controller and data processor, including full legal names, registration details, and addresses
2. Background: Context of the agreement, relationship between the parties, and purpose of data processing activities
3. Definitions: Key terms used throughout the agreement, including technical and legal terminology aligned with Swiss data protection law
4. Scope and Purpose of Processing: Detailed description of the data processing activities, categories of data, and purposes of processing
5. Obligations of the Processor: Core responsibilities of the processor including processing only on documented instructions, confidentiality, security measures, and assistance obligations
6. Technical and Organizational Measures: Specific security measures required to ensure appropriate level of data protection
7. Sub-processing: Conditions and requirements for engaging sub-processors, including authorization process
8. Data Subject Rights: Procedures for handling data subject requests and processor's obligations to assist
9. Personal Data Breach: Notification requirements and procedures in case of data breaches
10. Audit Rights: Controller's rights to audit and processor's obligations to demonstrate compliance
11. Cross-border Transfers: Rules and safeguards for international data transfers, particularly important under Swiss law
12. Term and Termination: Duration of the agreement and circumstances for termination
13. Return or Deletion of Data: Obligations regarding personal data upon termination of services
14. Liability and Indemnification: Allocation of responsibility and liability between parties
15. Governing Law and Jurisdiction: Specification of Swiss law as governing law and jurisdiction for disputes
1. Insurance Requirements: Specific insurance obligations for the processor, recommended for high-risk processing activities
2. Specific Industry Requirements: Additional provisions for regulated industries (e.g., healthcare, financial services)
3. Business Continuity: Requirements for maintaining service continuity, recommended for critical processing activities
4. Cost Allocation: Specific provisions about who bears costs for various compliance activities, useful when significant compliance costs are expected
5. Joint Controller Provisions: Required only when the relationship includes elements of joint controllership
6. Data Protection Impact Assessments: Specific provisions about cooperation in DPIAs, recommended for high-risk processing
7. Representatives: Designation of representatives in Switzerland/EU if parties are not established in these territories
1. Schedule 1 - Processing Activities: Detailed description of processing activities, including categories of data subjects, types of personal data, and processing purposes
2. Schedule 2 - Technical and Organizational Measures: Detailed specification of security measures implemented by the processor
3. Schedule 3 - Authorized Sub-processors: List of approved sub-processors and their processing activities
4. Schedule 4 - Transfer Mechanisms: Details of mechanisms used for international data transfers, including standard contractual clauses if applicable
5. Schedule 5 - Contact Points: List of key contacts for operational, security, and data protection matters
6. Appendix A - Standard Contractual Clauses: If needed for international transfers, the applicable standard contractual clauses
7. Appendix B - Security Breach Response Plan: Detailed procedures for handling and reporting data breaches
Authors
Relevant legal definitions
Clauses
Relevant Industries
Financial Services
Healthcare
Technology
E-commerce
Manufacturing
Professional Services
Insurance
Telecommunications
Education
Pharmaceutical
Real Estate
Retail
Hospitality
Transportation and Logistics
Energy and Utilities
Relevant Teams
Legal
Compliance
Information Security
Privacy
Information Technology
Risk Management
Procurement
Operations
Data Protection
Vendor Management
Corporate Governance
Internal Audit
Relevant Roles
Chief Privacy Officer
Data Protection Officer
Legal Counsel
Compliance Manager
Information Security Manager
Privacy Manager
Chief Information Security Officer
Chief Legal Officer
Chief Technology Officer
Risk Manager
Procurement Manager
IT Director
Operations Manager
Contract Manager
Chief Operating Officer
Data Protection Specialist
Find the exact document you need
Joint Controller Data Processing Agreement
A Swiss law-governed agreement between joint controllers defining their respective responsibilities and obligations in joint personal data processing activities.
find out more
DPA Data Privacy Agreement
Swiss law-governed Data Processing Agreement defining terms for personal data processing between controller and processor, ensuring FADP compliance with GDPR considerations.
find out more
Data Controller DPA
Swiss law-governed Data Processing Agreement defining terms for handling personal data between controller and processor, compliant with Swiss FADP and relevant international standards.
find out more
Commissioned Data Processing Agreement
A Swiss law-governed agreement establishing terms for commissioned processing of personal data, ensuring compliance with FADP/DSG requirements.
find out more
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.