For data protection requirements in Switzerland and the EU
edoobox complies with the DSG and the GDPR.
With edoobox, you are choosing an online booking system that complies with both the requirements of the EU’s General Data Protection Regulation (GDPR) and the provisions of Switzerland’s Data Protection Act (DSG).
In the context of European data protection, Switzerland is considered a trusted third country and is known for its high standards of data protection, security, and reliability. edoobox benefits from Swiss hosting and established data protection standards.

APP1 and APP2 are described with reference to Zurich
Digitally sign the Data Processing Agreement after the trial period
Roles, MFA, API Authentication, and Logging
The GDPR and the DSG are clearly categorized.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation of the European Union. Its purpose is to harmonize the processing of personal data by private companies and public authorities in the EU.
- Protection of individuals with regard to the processing of personal data in the EU and the free movement of such data within the European internal market
- Protection of fundamental rights and freedoms of natural persons, specifically protection of personal data
- To ensure that the free flow of personal data within the EU is neither restricted nor prohibited for reasons connected with the protection of individuals with regard to the processing of personal data
What is DSG?
The Federal Data Protection Act (DSG) protects the personal data of natural persons in Switzerland. The Data Protection Ordinance (DSV) has been in effect since September 1, 2023.
Federal Data Protection Act BBI 2020 7639Do I need to be in compliance with the DSG / GDPR?
As soon as you process personal data belonging to a natural person from the EU, you must use a booking system that complies with the GDPR. As soon as you process personal data belonging to a natural person from Switzerland, you must use a booking system that complies with the DSG.
Your customers have control over their data and can have it cleansed
Your customers consent to the processing of the data
You improve your customer service
You'll build trust with your customers and enhance your reputation
Compliance, Hosting, and Agreements.
Collaboration with Third-Party Providers
edoobox works with various third-party providers. All third-party providers with whom edoobox processes personal data are GDPR-compliant. The necessary agreements have been signed.
Hosting for the edoobox booking system (app1.edoobox.com)
edoobox (APP1) is hosted on the servers of Nine Internet Solutions AG in Zurich, Switzerland. Nine can demonstrably guarantee end-to-end information security in accordance with ISO 27001:2013 and is ISO 9001 (quality management) certified.
Hosting for the edoobox booking system (app2.edoobox.com)
edoobox (APP2) is hosted on Google Cloud servers (europe-west6) in Zurich, Switzerland. To protect the security and confidentiality of your data, Google Cloud adheres to strict data protection standards. Google Cloud is certified under the following standards: ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, AICPA SOC, SOC 1, FISC (Japan), and FedRAMP.
Here's how to set up your edoobox account in compliance with data protection regulations.
Once you select an edoobox subscription after the trial period, you will be prompted to digitally sign the data processing agreement.
edoobox recommends reviewing your privacy policy and terms of service and, if necessary, updating the legal texts in the edoobox settings within the box.
- In the edoobox settings, select the “Privacy Policy” section and click the “Edit Policy” button
- Click on the "Sign order processing contract" button
- You will receive an email with a link to the contract, which you can sign online
- Sign the contract on the last page
- The signed contract will be sent to you by e-mail
- Select the data processing agreement that is appropriate for your target audience
Services and Audits for Data Protection Processes.
What does edoobox do?
- Access control: Only authorized administrators, users and applications have access to the edoobox resources.
- Multi-Factor Authentication (MFA)
- Authentication of API requests
- Tracking and logging of accesses
- Regular compliance review and security analysis
- Filtering and tracking HTTP access to applications
- Encrypted data
- Modern framework with high security standard
- EU: The Data Processing Agreement pursuant to Article 28(3) of the GDPR specifies which responsibilities rest with edoobox as the data processor and which rest with you as the data controller.
- CH: The DSG-CH Data Processing Agreement specifies which responsibilities fall to edoobox as the processor and which fall to you as the controller.
What features are available to you?
- Access Control: Only administrators, super admins, and managers authorized by you have access to your edoobox account
- Authentication of API requests
- Download all personal data from edoobox at any time
- Editing and deleting customer data
- Control of customer data via the personalized user fields
- Customizing all designs in the Design Manager and viewing information related to personal data
- Create your own privacy policy / data protection statement (in the edoobox settings, in the Legal texts box)
- Bookers have the option to accept your privacy policy, which is in compliance with the DSG/GDPR
- Bookers have the option to accept your terms and conditions, which are in compliance with the DSG/DSGVO
Subcontracting relationships are transparent and clearly structured.
Hosting provided by the edoobox booking system (app1.edoobox.com)
2 entries- Nine Internet Solutions AG, 8047 Zurich, Switzerland
- Cloudflare, Cloudflare Germany GmbH, Munich
Hosting provided by the edoobox booking system (app2.edoobox.com)
2 entries- Google Cloud Zurich (europe-west6)
- Cloudflare, Cloudflare Germany GmbH, Munich
Hosting for the edoobox.com website
1 entry- Amazon Europe Core S.à r.l., L-2338 Luxembourg, Luxembourg
Subcontracting Arrangements for the edoobox.com Website
4 entries- Online Chat and edoobox Support *1 - Zendesk, Dublin, Ireland
- Cookie Consent Tool *1 - Cookie-script.com, Lithuania
- Website translation *1 - Weglot, Paris, France
- Website Development *1 - Webflow, San Francisco, USA
Communication (text message, email, letter, or phone call)
6 entries- Email delivery via Mailjet *1/2 - Mailjet SAS, 75012 Paris, France
- Mailing via pingen.com *1/2 - Pingen GmbH, 8005 Zurich, Switzerland
- SMS messaging via Twilio *1/2 - Twilio Germany GmbH, 80337 Munich, Germany
- Real-time notifications via Pusher *1/2 - Pusher Inc., London EC2A 4R, England
- Signing of the AVV contract via Signable *2 - Signable, Bristol BS1 3PR, England
- Tiny.cloud Editor in edoobox *1 - tiny, Palo Alto, USA
Advertising and Cookies
3 entries- Advertising, Analytics/Tag Manager, Social Widget, and Google Maps Integration *1/2 - Google Ireland Limited, Dublin 4, Ireland
- Ad placement or social widget integration on Facebook *1/2 - Facebook Germany, 20355 Hamburg, Germany
- Advertising via Bing *1/2 - Microsoft Corporation, Dublin 18, Ireland
API
2 entries- API connection to Zapier *1 - Zapier Inc., Sunnyvale, CA 94086, USA
- GenderAPI *1 - Gender API, 81825 Munich, Germany
*1 If you use this feature in edoobox. *2 Used internally by the edoobox team.
Data protection begins with a structured booking process.
Try edoobox or contact the team if you have any questions about data protection, data processing, or your setup.