Ascendia

Trust · 04 · GDPR & privacy

GDPR & privacy

A named Data Protection Officer and a 10-working-day DPA review SLA.

GDPR-aligned data processing is operational, not aspirational. The Data Protection Officer is reachable directly, the DPA template is downloadable, and the sub-processor list is available on request. Regulated-enterprise tenants get the same posture the Compliance & Governance desk publishes here.

Data Processing Agreement under one institutional desk

DPO · dpo@ascendia.eu · DPA template available · Sub-processor list on request

Compliance frames

The regulatory references this pillar resolves to.

Each frame names the regulation, its institutional implication, and (where available) a public source. No marketing claims that overpromise compliance Ascendia does not hold.

01Regulation EU 2016/679, Article 5

GDPR — core obligations

Lawful basis, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability — recorded against each processing activity Ascendia performs as controller or processor.

02Regulation EU 2016/679, Articles 15–22

Data-subject rights

Access, rectification, erasure, restriction, portability, and objection rights are routed through the DPO. Response cadence aligns to the GDPR one-month standard.

03Regulation EU 2016/679, Article 28

Processor obligations and DPA

Where Ascendia acts as processor, an Article 28 Data Processing Agreement is executed. The DPA template is reviewable on request; signed return inside the published SLA.

04Directive EU 2002/58/EC

ePrivacy Directive — cookies and electronic communications

Cookie posture and electronic-communications handling align with the ePrivacy Directive. Google Analytics 4 uses Consent Mode defaults set to denied; measurement is enabled only after analytics consent, while advertising storage and personalisation remain denied by default.

Documents and downloadable evidence

Forwardable to procurement, legal, or compliance teams.

page

Data Processing Agreement

GDPR Article 28 DPA template — processor obligations, TOMs, sub-processor schedule, and signature block.

Open
page

Privacy Policy

Standard privacy policy covering Ascendia surfaces.

Open
anchor

Sub-processors

EU data residency by default; full list on request to dpo@ascendia.eu within 5 working days.

Open
page

Cookie policy

User-facing cookie posture, Google Analytics 4 consent, and preference controls.

Open

Desk 03 · R&D, platform, compliance & governance

Routed to the research depth, ec dec frame, technical evidence review, dpa review desk.

Gabriel Lazar

Research & Development Director — EC DEC member, technical evidence, accessibility, AI governance, and regulated-enterprise architecture

gabriel.lazar@ascendia.eu

Service-level commitment

R&D / technical evidence review
5 working days
DPA review and signed return
10 working days
Sub-processor disclosure
available on request · dpo@ascendia.eu · 5 working days
Accessibility conformance
interim self-assessment at /legal/accessibility

Next steps

What happens after you reach out.

Email the DPOOpen a desk-level reviewView Trust Center

Part of Accessibility

Microsoft AI for Accessibility Hall of Fame, EAA 2025 alignment, EN 301 549 readiness.

Open the Accessibility pillar — Microsoft Hall of Fame, EAA 2025, EN 301 549

We use essential cookies and optional Google Analytics 4 measurement after consent. Privacy Policy