Ascendia

Privacy Policy · GDPR-aligned

Privacy Policy

GDPR Articles 5/6/15–22/28/Chapter V — under one named DPO.

Ascendia processes personal data under the General Data Protection Regulation (Regulation EU 2016/679). The Data Protection Officer is named, addressable, and SLA-bound; procurement-context DPAs are reviewable on request.

Controller register

  • Ascendia S.A.
  • CUI 21482859
  • Reg. Comm. J40/6604/2007
  • LEI 315700DLIITW8APMVF93
  • DPO · dpo@ascendia.eu

Privacy policy sections

  1. 01

    Data controller

    Ascendia S.A. is the data controller for personal data collected through this website and the LIVRESQ and CoffeeLMS product surfaces operated under the Ascendia brand. Headquarters: Dinicu Golescu 36, Floor 4, Bucharest, 010873, Sector 1, Romania.

  2. 02

    Lawful basis (GDPR Article 6)

    Personal data is processed under one of the following lawful bases: contract performance for procurement and customer engagements; legitimate interests for institutional outreach with appropriate balancing tests; consent for optional Google Analytics 4 cookies and electronic communications; legal obligation for statutory and tax records; and public-interest tasks where Ascendia operates as processor for ministerial counterparties under Article 28 DPAs.

  3. 03

    Categories of personal data

    Identification details (name, role, institution); contact details (email, phone, postal address); procurement and engagement records (RFI correspondence, contracts, signed DPAs); platform usage and learning records on LIVRESQ and CoffeeLMS in scope of the relevant tenant agreement; optional Google Analytics 4 cookie and usage data subject to consent.

  4. 04

    Data subject rights (GDPR Articles 15–22)

    Access, rectification, erasure, restriction of processing, portability, and objection. Where consent is the lawful basis, consent may be withdrawn at any time. Rights are exercised by writing to the Data Protection Officer at dpo@ascendia.eu; response cadence aligns to the GDPR one-month standard.

  5. 05

    International transfers (GDPR Chapter V)

    Personal data is processed and stored in EU member-state data centres by default. Transfers outside the EEA, where they exist for sub-processor reasons, are documented under an Article 46 transfer mechanism (Standard Contractual Clauses or adequacy decision). The sub-processor list is available on request to dpo@ascendia.eu within 5 working days.

  6. 06

    Retention

    Personal data is retained no longer than necessary for the purposes for which it is processed, subject to legal-obligation retention periods (statutory, tax, accounting). Procurement and contract records: ten years from contract end. Cookie and analytics data: per the Cookie Policy.

  7. 07

    Right to lodge a complaint

    Data subjects retain the right to lodge a complaint with the competent supervisory authority. In Romania this is ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal); in other EU member states, the local supervisory authority of habitual residence applies.

Data Protection Officer

Named, addressable, SLA-bound.

For data subject rights requests, DPA review, sub-processor enquiries, and incident reporting. Acknowledgement on receipt; substantive response inside the published SLA.

dpo@ascendia.eu

See also

Part of Trust Center

Listed-company governance, BVB disclosures, sovereignty, regulatory clock.

Open the Trust Center pillar — listed-company governance, BVB record, sovereignty posture

We use essential cookies and optional Google Analytics 4 measurement after consent. Privacy Policy