Trust · 02 · Data localization
Personal data is processed and stored in EU member-state data centres.
European data residency is the default deployment posture. Sub-processor list is available on request to dpo@ascendia.eu; cross-border transfers — where they exist — are documented with the legal basis under GDPR Chapter V. Data-residency choices for regulated-enterprise tenants are reviewable by the Data Protection Officer.
European data residency by default
EU data residency by default · Sub-processor list on request · DPA template available
Compliance frames
Each frame names the regulation, its institutional implication, and (where available) a public source. No marketing claims that overpromise compliance Ascendia does not hold.
Transfers outside the EEA, where they exist, are documented against an Article 46 transfer mechanism (SCCs, BCRs, or adequacy decision). Schrems II considerations are factored into sub-processor selection.
Hosting and sub-processor arrangements are scoped against the EU Cloud Code of Conduct framework for GDPR-compliant cloud services.
Operational security posture references ENISA guidance on cloud security, supply-chain risk, and privacy-engineering practice.
Documents and downloadable evidence
GDPR Article 28 DPA template — obligations, TOMs, sub-processor schedule, and signature block.
OpenEU data residency by default; full sub-processor list on request to dpo@ascendia.eu within 5 working days.
OpenOperational evidence package covering hosting and data-residency posture.
OpenDesk 03 · R&D, platform, compliance & governance
Gabriel Lazar
Research & Development Director — EC DEC member, technical evidence, accessibility, AI governance, and regulated-enterprise architecture
Service-level commitment
Next steps
Part of Trust Center