Last updated: 1 June 2026
This Data Processing Agreement ("DPA") supplements the Terms of Service between you ("Customer", acting as controller) and Perdrisat (sole proprietorship, UID CHE-317.870.264, Rue De-Candolle 36, 1205 Genève, Switzerland; "NotMyJob", acting as processor) and governs the processing of personal data by NotMyJob on behalf of the Customer.
It is intended for Customers who, in using NotMyJob, process personal data of their own clients, suppliers, or employees (for example: client contact details, supplier invoices, employee expense receipts).
By using NotMyJob to process such personal data, the Customer and NotMyJob agree to this DPA.
1. Subject matter, nature, and purpose
NotMyJob processes personal data on behalf of the Customer solely to provide the NotMyJob bookkeeping service — storing invoices, offers, expenses, payments, bank statements, and related accounting records; generating tax and accounting reports; sending transactional emails triggered by the Customer; and, where the Customer enables optional AI expense extraction, sending receipt or invoice files and minimal extraction context to OpenAI to suggest expense fields.
2. Duration
This DPA applies for the duration of the Customer's NotMyJob subscription and survives termination for as long as NotMyJob retains any personal data processed on behalf of the Customer.
3. Categories of data subjects and personal data
| Data subjects | Personal data |
|---|---|
| Customer's clients and prospects | Name, address, email, phone, IBAN / bank details, invoice history |
| Customer's suppliers | Name, address, invoice / expense history |
| Customer's employees or collaborators (if any) | Name, expense claims, receipts |
| Recipients of invoices or offers | Name, email (where the Customer uses the share-link feature) |
No special-category data (health, political opinion, religion, etc.) is processed.
4. Customer (controller) obligations
The Customer:
- determines the purposes and means of processing personal data within NotMyJob;
- ensures it has a valid legal basis to enter and process such data;
- provides any privacy notices required of it by law to its own data subjects;
- is responsible for the accuracy and lawfulness of the data it enters.
5. NotMyJob (processor) obligations
NotMyJob will:
- process personal data only on the Customer's documented instructions, which are given through the use of the service. Any processing beyond this requires the Customer's prior written consent, unless required by Swiss or EU law;
- ensure that persons authorised to process personal data are under confidentiality obligations;
- implement appropriate technical and organisational measures (TLS in transit, hashed passwords, encrypted backups, least-privilege access, audit logging, two-factor authentication available to Customer, vulnerability management);
- notify the Customer without undue delay (and within 72 hours where feasible) after becoming aware of a personal-data breach affecting the Customer's data;
- assist the Customer with data-subject requests (access, rectification, erasure, portability, objection) that reach NotMyJob directly, by forwarding them to the Customer and, where reasonable, providing tooling to respond;
- on termination, return or delete personal data at the Customer's choice, within 30 days from live systems and 90 days from backups, except where retention is required by Swiss law.
6. Subprocessors
The Customer authorises NotMyJob to engage the subprocessors listed in the Privacy Policy § 4 (Infomaniak, Stripe, Amazon SES, bunny.net, Cloudflare, OpenAI) for the purposes described there.
OpenAI is engaged only for Customer-enabled AI expense extraction. For that feature, NotMyJob configures OpenAI's European API region for customer content, disables OpenAI API call logging in its OpenAI project, and sends extraction requests with storage disabled where supported.
NotMyJob will notify the Customer at least 30 days before adding or replacing a subprocessor. The Customer may object on reasonable data-protection grounds; if objection cannot be resolved, the Customer may terminate the subscription with pro-rata refund of prepaid fees.
7. International transfers
Where a subprocessor is established outside Switzerland or the EEA, NotMyJob relies on Standard Contractual Clauses (EU Commission 2021/914) and, where required, Swiss equivalents, together with additional safeguards documented by the subprocessor.
8. Audits
Once per year, and on reasonable prior written notice, the Customer (or an independent auditor under confidentiality) may request evidence of NotMyJob's compliance with this DPA. NotMyJob may fulfil this obligation by providing relevant certifications, SOC-style reports from its subprocessors, or written descriptions of its controls.
9. Liability
Each party's liability under this DPA is subject to the limitations set out in the Terms of Service.
10. Conflicts
In case of conflict between this DPA and the Terms of Service in respect of data-protection matters, this DPA prevails.
11. Contact
Data-protection requests: [email protected].