Data Processing Agreement
How Nordvec processes data on behalf of your organisation, in compliance with GDPR Article 28.
Overview
This Data Processing Agreement (DPA) forms part of the agreement between Nordvec (the Processor) and your organisation (the Controller). It governs how we process personal data on your behalf.
Scope of Processing
Nordvec processes data solely to provide the contracted services. This includes employee names, email addresses, and the content of documents and messages your organisation connects to the platform. All processing happens exclusively within the EU.
Security Measures
We implement appropriate technical and organisational measures: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and continuous monitoring. All infrastructure is hosted in ISO 27001 certified EU data centres.
Sub-processors
Nordvec maintains a list of approved sub-processors, all located within the EU. We will notify you before adding any new sub-processor and you have the right to object.
Contact
For DPA-related inquiries, contact us at legal@nordvec.com.