SoftAI
FRDEITEN
Back to home

Data Processing Agreement

Download DPA

Effective date: 17 March 2025

Processor: IT Software Services DaniLov, Rte des Bonnesfontaines 44, 1700 Fribourg, UID CHE-408.349.945, Email: info@softai.ch

Controller: The client identified in the main service agreement (the "Controller").

1. Subject matter and duration

This Data Processing Agreement ("DPA") governs the processing of personal data by the Processor on behalf of the Controller in connection with the services provided under the main agreement. The DPA enters into force upon acceptance of the services and remains effective for the term of the main agreement.

2. Nature and purpose of processing

The Processor may process personal data as necessary to provide software development, AI automation and voice/chat assistant services, including hosting, databases, analytics, communications, logging and support.

3. Categories of data and data subjects

  • Contact data (name, email, phone, company, role)
  • Technical data (IP address, device/browser metadata)
  • Interaction data (pages visited, messages, call/assistant metadata)
  • Employees, contractors, clients and end-users of the Controller

4. Processor obligations

  • Process personal data only on documented instructions of the Controller.
  • Ensure confidentiality and train authorised personnel.
  • Implement appropriate technical and organisational measures to protect personal data.
  • Assist the Controller in responding to data subject requests and in fulfilling obligations regarding security, breach notifications, impact assessments and consultations.
  • Notify the Controller without undue delay after becoming aware of a personal data breach.
  • Delete or return all personal data at the end of the provision of services, unless storage is required by law.
  • Make available information necessary to demonstrate compliance and allow audits mandated by law, provided they do not compromise security or confidentiality of other clients.

5. Subprocessors

The Controller authorises the Processor to engage carefully selected subprocessors for service categories such as hosting and infrastructure, databases, analytics, and voice/telephony integrations. The Processor shall ensure that subprocessors are bound by data protection obligations no less protective than those set out in this DPA. The Processor will inform the Controller of any intended changes concerning the addition or replacement of subprocessors, thereby giving the Controller the opportunity to object on reasonable grounds. A current list of subprocessors is available upon request.

6. International data transfers

Where personal data is transferred outside Switzerland or the EEA, the Processor shall ensure appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) and, where applicable, supplementary measures.

7. Security measures

The Processor maintains appropriate technical and organisational measures, including but not limited to encryption in transit (TLS/SSL), secure hosting, access controls, least-privilege policies and monitoring.

8. Term and termination

This DPA remains in effect for the duration of the main agreement. Upon termination, the Processor will delete or return personal data as instructed by the Controller, unless storage is required by law.

9. Governing law

This DPA is governed by Swiss law. Place of jurisdiction is determined by the main agreement.