GDPR Statement · Regulation EU 2016/679
GDPR Statement
One named DPO. Seven articles that hold across every engagement.
Ascendia operates under the General Data Protection Regulation as both controller (for the website surface) and processor (for institutional tenants on LIVRESQ and CoffeeLMS under Article 28 DPAs). The Data Protection Officer is named, addressable, and SLA-bound.
Controller register
- Ascendia S.A.
- CUI 21482859
- LEI 315700DLIITW8APMVF93
- DPO · dpo@ascendia.eu
- Supervisory authority · ANSPDCP (Romania)
Anchored articles
Seven references this statement resolves to.
- 01
Controller and processor roles
Ascendia acts as data controller for personal data collected through this website, including optional Google Analytics 4 measurement data after consent, and as data processor for tenant data on the LIVRESQ and CoffeeLMS platforms under Article 28 Data Processing Agreements with each institutional tenant.
- 02
Article 5 principles
Lawfulness, fairness, transparency · purpose limitation · data minimisation · accuracy · storage limitation · integrity and confidentiality · accountability. Each principle is recorded against each processing activity.
- 03
Articles 15–22 — data subject rights
Access, rectification, erasure, restriction of processing, portability, and objection — exercised by writing to the Data Protection Officer. GDPR one-month response standard applies.
- 04
Article 28 — processor obligations and DPA
Where Ascendia acts as processor, an Article 28 DPA is executed with documented sub-processor disclosure. The DPA is reviewable on request to the Compliance & Governance desk; signed return inside the published SLA.
- 05
Chapter V — international transfers
Personal data is processed and stored in EU member-state data centres by default. Transfers outside the EEA, where they exist, are documented under Standard Contractual Clauses or adequacy decisions; Schrems II considerations are factored into sub-processor selection.
- 06
Articles 33–34 — breach notification
Personal data breaches with risk to data subjects are notified to the supervisory authority within 72 hours and to affected data subjects without undue delay where the risk threshold is met. Breach response is operationalised under the Security & Compliance Council.
- 07
Article 37 — Data Protection Officer
A Data Protection Officer is designated and reachable directly at dpo@ascendia.eu. The DPO operates independently, reports to the highest level of management, and handles withdrawal or objection requests related to optional analytics cookies.
Service-level commitments
Operational, not aspirational.
- DPA review and signed return
- 10 working days
- Data subject rights response
- within 1 month (GDPR standard)
- Sub-processor disclosure
- On request · dpo@ascendia.eu · 5 working days
- Breach notification (supervisory authority)
- 72 hours where applicable
Part of Trust Center