DSG and GDPR
For data protection requirements in Switzerland and the EU
Data protection & compliance
edoobox is DSG and GDPR compliant.
With edoobox, you choose an online booking system that meets both the requirements of the EU General Data Protection Regulation (GDPR) and the provisions of the Swiss Data Protection Act (DSG).
Switzerland is considered a trustworthy third country in the European data protection context stands for high requirements for data protection, security and reliability. edoobox Benefits from Swiss hosting and established data protection standards.
DSG/GDPR
Hosting Zurich
Digital DPA
Hosting in Zurich
APP1 and APP2 are described with a Zurich location reference
Digital DPA
Digitally sign the data processing agreement after the test phase
Access control
Roles, MFA, API authentication and logging
Foundations
GDPR and DSG clearly explained.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation of the European Union. It serves to harmonize personal data processing by private companies and public bodies in the EU.
- Protection of natural persons in the processing of personal data in the EU and in the free movement of data within the European internal market
- Protection of the fundamental rights and freedoms of natural persons, specifically the protection of personal data
- Assurance that the free movement of personal data in the EU is neither restricted nor prohibited for reasons related to the protection of natural persons when personal data is processed
What is the DSG?
The Federal Data Protection Act (DSG) protects the personal data of natural persons in Switzerland. The Data Protection Regulation (DSV) has been in effect since September 1, 2023.
Federal Act on Data Protection BBl 2020 7639 Requirement & impact
Do I need to be DSG / GDPR compliant?
As soon as you process personal data from a natural person in the EU, you must use a GDPR-compliant booking system. As soon as you process personal data from a natural person in Switzerland, you must use a DSG-compliant booking system.
Your customers have control over their data and can have it corrected
Your customers consent to the processing of the data
You improve your customer service
You strengthen the trust of your customers and improve your reputation
edoobox
Compliance, hosting and agreements.
Collaboration with third-party providers
edoobox works with various third-party providers. All third-party providers with whom edoobox processes personal data are GDPR compliant. The necessary agreements have been signed.
Hosting edoobox booking system (app1.edoobox.com)
edoobox (APP1) is hosted on the servers of Nine Internet Solutions AG in Zurich, Switzerland. Nine can demonstrably guarantee continuous information security according to ISO 27001:2013 and is ISO 9001 quality management certified.
Hosting edoobox booking system (app2.edoobox.com)
edoobox (APP2) is hosted on Google Cloud servers (europe-west6) in Zurich, Switzerland. To protect the security and confidentiality of your data, Google Cloud meets strict data protection standards. Google Cloud is certified with the following certificates: ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, AICPA SOC, SOC 1, FISC (Japan) and FedRAMP.
Data processing
How the edoobox account is prepared for data protection compliance.
As soon as you choose an edoobox subscription after the test phase, you will be asked to digitally sign the data processing agreement.
edoobox recommends reviewing the privacy policy / data protection declaration and terms and conditions and adjusting them in the legal texts box in the edoobox settings if needed.
- In the edoobox settings, select the “Privacy policy” section and the “Edit declaration” button
- Click the “Sign data processing agreement” button
- You will receive an email with a link to the contract, which you can sign online
- Sign the contract on the last page
- The signed contract will be sent to you by email
- Select the data processing agreement for your target group
Features
Services and controls for data protection processes.
What does edoobox do?
- Access control: only authorized administrators, users and applications have access to edoobox resources
- Multi-factor authentication (MFA)
- Authentication of API requests
- Tracking and logging of access
- Regular compliance checks and security analysis
- Filtering and tracking of HTTP access to applications
- Encrypted data
- Modern framework with a high security standard
- EU: The data processing agreement under Art. 28 para. 3 GDPR defines which tasks belong to edoobox as processor and which tasks belong to you as controller
- CH: The DSG-CH data processing agreement defines which tasks belong to edoobox as processor and which tasks belong to you as controller
Which features are available to you?
- Access control: only administrators, super admins and managers authorized by you have access to your edoobox account
- Authentication of API requests
- Download all personal data from edoobox at any time
- Edit and delete customer data
- Control customer data via personalized user fields
- Customize all designs in the Design Manager and display information related to personal data
- Create your own privacy policy / data protection declaration in the legal texts box in the edoobox settings
- Bookers can optionally be required to accept your privacy policy aligned with DSG/GDPR
- Bookers can optionally be required to accept your terms and conditions aligned with DSG/GDPR
Transparency & subcontracting relationships
Subcontracting relationships transparently and clearly structured.
Hosting of the edoobox booking system (app1.edoobox.com)
2 entries- Nine Internet Solutions AG, 8047 Zurich, Switzerland
- Cloudflare, Cloudflare Germany GmbH, Munich
Hosting of the edoobox booking system (app2.edoobox.com)
2 entries- Google Cloud Zurich (europe-west6)
- Cloudflare, Cloudflare Germany GmbH, Munich
Hosting of the edoobox.com website
1 entry- Amazon Europe Core S.à r.l., L-2338 Luxembourg, Luxembourg
Subprocessing relationships for the edoobox.com website
4 entries- Online chat and edoobox support *1 - Zendesk, Dublin, Ireland
- Cookie consent tool *1 - Cookie-script.com, Lithuania
- Website translation *1 - Weglot, Paris, France
- Website setup *1 - Webflow, San Francisco, USA
Communication (SMS, email, letter or telephone)
6 entries- Email sending via Mailjet *1/2 - Mailjet SAS, 75012 Paris, France
- Letter dispatch via pingen.com *1/2 - Pingen GmbH, 8005 Zurich, Switzerland
- SMS sending via Twilio *1/2 - Twilio Germany GmbH, 80337 Munich, Germany
- Real-time notifications via Pusher *1/2 - Pusher Inc., London EC2A 4R, England
- AVV contract signing via Signable *2 - Signable, Bristol BS1 3PR, England
- Tiny.cloud editor in edoobox *1 - tiny, Palo Alto, USA
Advertising and cookies
3 entries- Ad placement, analytics/tag manager, social widget and Google Maps integration *1/2 - Google Ireland Limited, Dublin 4, Ireland
- Advertisement placement or social widget integration from Facebook *1/2 - Facebook Germany, 20355 Hamburg, Germany
- Advertising via Bing *1/2 - Microsoft Corporation, Dublin 18, Ireland
API
2 entries- Interface connection to Zapier *1 - Zapier Inc., Sunnyvale, CA 94086, USA
- GenderAPI interface *1 - Gender API, 81825 Munich, Germany
*1 If you use this feature in edoobox. *2 Used internally by the edoobox team.
Next step
Data protection starts with a structured booking process.
Test edoobox or talk to the team if you have questions about data protection, data processing or your setup.