A. Parties

Responsible: Customer

Commissioned Data Processor: Zippsafe AG, Europa-Strasse 17, 8152 Glattbrugg, hereinafter referred to as "Zippsafe"

B. Main contract

1. This agreement extends the contract concluded between the Parties regarding the Zippsafe Management System (ZMS) ("Main Contract"). This agreement shall take precedence over the Main Contract, its integral parts, and any general terms and conditions of the Parties in the event of contradictions.

C. Subject of this Agreement 

2. The subject of this Agreement is the processing of personal data as part of Zippsafe's fulfilment of the obligations arising from the Main Contract. The Main Contract shall apply to the legal relationship between Zippsafe AG, including all domestic and foreign subsidiaries, and its customers.

3. The data processing relates to the categories of data and persons listed in the Main Contract. 

4. The data processing shall take place at the following locations: European Union and Switzerland.

5. Zippsafe is entitled to use subcontractors for the performance of its services. Zippsafe shall carefully evaluate the sub-processors and conclude a data processing agreement with them, which essentially contains the provisions of this Agreement. Zippsafe shall notify the customer of the change or the engagement of a new subcontractor at least4 weeks in advance in text form (e.g. by e-mail). In justified cases, the customer may object to this. If the Parties are subsequently unable to reach an agreement, Zippsafe may terminate the Main Contract at any time with a notice period of 30 days. 

C. Rights and obligations of the Parties

6. Zippsafe undertakes not to use the processed personal data for any purposes other than those agreed in the Main Contract. This shall not apply to the disclosure of personal data in the context of orders from authorities for under warrants for surrender or searches; Zippsafe shall inform the customer of any such orders as soon as possible if permissible. 

7. In the performance of the work, Zippsafe shall only use persons or subcontractors who are contractually or legally obliged to maintain confidentiality and who are familiar with the relevant provisions of data protection regulations.

8. Zippsafe shall process personal data only in accordance with documented instructions from the customer. The customer shall confirm verbal instructions immediately in text form (e.g. by e-mail). Zippsafe shall inform the customer if an instruction violates applicable data protection law and suspend processing until the customer confirms the instruction in text form. 

9. Zippsafe shall enable the customer or an auditor authorised by the customer to carry out audits regarding compliance with this Agreement. Such audits must be announced at least 4 weeks in advance. The customer is entitled to one free audit day per year. Additional expenses incurred by Zippsafe shall be remunerated by the customer at normal market rates.

Instead of an on-site audit, Zippsafe shall provide written verifications upon request (e.g. disclosure of audit, certification or other test results, e.g. from penetration tests). If Zippsafe has ISO 27001 or equivalent certification, which includes the ZMS (Zippsafe Management System) within its scope, proof of the appropriateness of the technical and organisational measures will be deemed provided and a right to an on-site audit shall apply exclusively in justified cases of suspicion.

10. Zippsafe shall ensure data security through suitable technical and organisational measures in accordance with Annex I. These measures are subject to technical progress. Zippsafe may implement adequate alternative measures. Such alternative measures must not fall short of the present security level. Significant changes shall be documented.

11. Zippsafe also undertakes to inform the customer within 48 hours of discovering a data security incident.

12. Zippsafe shall support the customer to a reasonable extent in the preparation of data protection impact assessments for the ZMS and for the purpose of responding to requests from data subjects and in the context of enquiries or audits by authorities concerning the personal data stored in the ZMS.

13. Copies or duplicates of the data shall not be created without the customer's knowledge. This shall not apply to backup copies and other technically necessary copies where such are required to ensure proper data processing.

14. At the customer's request, but at the latest upon termination of the Main Contract, Zippsafe shall delete all of the customer's personal data, subject to other agreements (e.g. backup storage) or statutory retention obligations. 

E. Duration of the commissioned data processing

15. This Agreement shall remain in force for as long as Zippsafe processes the customer's personal data, i.e. beyond the end of the Main Contract if Zippsafe or its subcontractors continue to retain backups with the customer's personal data. In such a case and after termination of the Main Contract, the right to audit pursuant to Sec. 9 shall be limited to written requests.

16. This Agreement, in particular Annex I, may be amended by Zippsafe at any time with a reasonable period of notice. The customer will be informed of this in text form. In justified cases, the customer may object to this. If the Parties are subsequently unable to reach an agreement, Zippsafe may terminate the Main Contract at any time with a notice period of 30 days. 

Annex 1 – Technical and organisational measures 

The following are measures for data security and assurance of an appropriate level of protection with regard to the confidentiality, integrity, availability, and resilience of the systems. As regards these measures, Zippsafe takes the state of the art, the costs and the type, scope, and purpose of the processing into account.

Specific measures for the ZMS are defined in the document "Zippsafe Management System (ZMS) Documentation". Zippsafe also takes the following technical and organisational measures within its infrastructure and in its organisation:

Physical access controls


Data access only with authentication

MFA for everyone


Password rules

Least-privilege principle

Need-to-know principle

At-rest encrypted

In-transit encrypted


BCM concept



All HW and SW is inventoried

Malware protection

Up-to-date patch management 

Separation of productive/other systems 

Information security directive