Trust center
Healthcare
Localign aligns with NEN 7510 (information security in healthcare), NEN 7512 (information exchange between care parties) and NEN 7513 (logging in EHR systems), and respects the medical professional confidentiality (medisch beroepsgeheim) of BIG-registered users. Mode A is the default for healthcare deployments. The annex names the sub-set of subprocessors that may process patient-related data and pins the retention to the customer's clinical-data policy.
Legal services
Confidentiality of advocates and notaries (verschoningsrecht / geheimhoudingsplicht) is treated as non-negotiable: prompts and answers stay under the same protection as any other privileged communication. The annex restricts external-model use under Mode B to providers whose contractual terms support the privilege regime, and excludes opposing-party identification from any logging that could be subpoena'd.
Education
The annex picks up sector codes of conduct on data minimisation in education (DPIA's onderwijs, codes from SURF / Kennisnet where applicable). Mode A is the default and student-related data is excluded from any Mode B forwarding regardless of consent. Where the customer asks for it, end-user transparency notices are added inside the chat surface for under-age users.
Government
Localign aligns with the Baseline Informatiebeveiliging Overheid (BIO). The annex pins residency to EU infrastructure under both modes and adds the documentation that BIO and Wet open overheid (Woo) typically require — including incident-notification flow to the responsible CISO and the customer's WBP / AVG point of contact.
Financial services
The annex adds the obligations that DNB Good Practice on AI and the EBA outsourcing guidelines impose on the customer as a financial institution, and sets up the DORA ICT third-party register entry on Localign's side. Where the customer is in scope of DORA's incident-reporting regime, Localign's incident notice is delivered inside the windows DORA prescribes, in addition to the GDPR article 33 timing.
Need a sectoral annex?
Mention your sector during onboarding. We attach the matching annex to the DPA and confirm in writing which subprocessors are permitted under your contract. The annex is versioned and dated like every other document on this Trust Center, so the reference in your DPA stays reproducible.