Data Processing Agreement
How Nordvec processes data on behalf of your organisation, in compliance with GDPR Article 28.
Last updated: 2026-04-09
Overview
This Data Processing Agreement (DPA) forms part of the agreement between Nordvec (the Processor) and your organisation (the Controller). It governs how we process personal data on your behalf.
Scope of Processing
Nordvec processes data solely to provide the contracted services. This includes employee names, email addresses, and the content of documents and messages your organisation connects to the platform. All processing happens within the EU.
Security Measures
We implement appropriate technical and organisational measures: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and continuous monitoring. All infrastructure is hosted in ISO 27001 certified EU data centres.
Sub-processors
Nordvec uses a limited number of sub-processors to deliver the Service. All core data processing occurs within the EU. A complete list of current sub-processors, including their roles and data centre locations, is available upon request. We will notify you before adding any new sub-processor and you have the right to object.
Contact
For DPA-related inquiries, contact us at legal@nordvec.com.