Roles and lawful basis
The customer is the controller and is responsible for the lawful basis under article 6 GDPR (and where applicable a valid exception under article 9(2) or article 10). Localign acts as processor and follows the customer's documented instructions.
Rights of data subjects
The product supports access, export, correction, deletion, restriction and machine-readable portability per data subject. Customers can fulfil article 15-20 requests directly from the administration panel.
DPIA building blocks
Localign supplies a starting set of risks and mitigations that customers can incorporate into their own DPIA under article 35 GDPR. Standard risks covered include re-identification through aggregation, prompt leakage, retention beyond necessity and sub-processor failure.
Sectoral overlays
On top of the GDPR, sector-specific rules apply: NEN 7510 / NEN 7512 / NEN 7513 and medical confidentiality in healthcare, advocate and notary confidentiality in legal services, codes of conduct in education, BIO in government, DNB Good Practice and EBA guidelines in financial services.
Breach notification
Breaches are detected through monitoring and investigated against documented turnaround times. The final report covers reconstruction, root cause, structural mitigations and impact, supporting the article 33 notification duty.