EU entity. GDPR-native. Artifacts ready.
The legal, GDPR and sub-processor evidence your vendor-risk review and DPIA require — a clear EU counterparty, signed processor terms, and fileable documents on request.
An EU company you can name in the DPIA.
A clear, EU-incorporated counterparty under EU law — the first box on any vendor-risk checklist.
Celthrac EOOD · Sofia, Bulgaria
Registered EU company. Bulgarian commercial register ID and VAT number provided on the imprint and in contracting documents.
EU jurisdiction
Contracts governed by EU member-state law, disputes seated in the EU. No US jurisdiction over your production data.
Processor terms, ready to sign.
The processing terms and artifacts a DPIA requires — pre-prepared, not promised.
Processor / sub-processor
We act as processor under Art. 28 GDPR, on documented instructions, under a signed DPA.
Standard Data Processing Agreement
A ready DPA with Art. 28 terms, SCCs where relevant, and Annexes describing processing, security and sub-processors.
Data-subject support
Tooling and process to support access, rectification, erasure and portability within statutory deadlines.
Who touches the data — and where.
A minimal, EU-resident sub-processor set with documented transfer safeguards.
| Sub-processor | Purpose | Region | Transfer safeguard |
|---|---|---|---|
| Microsoft Azure (EU) | Cloud infrastructure | EU | EU Data Boundary · SCCs |
| Databricks (EU) | Data & ML platform | EU | EU residency · DPA |
| Self-hosted models | Sovereign inference | EU / customer perimeter | No third-country transfer |
Everything your review needs, on request.
Request the documents below and we return them under NDA, fast — so legal clears rather than stalls.
Cleared.For contracting.
Send your DPIA template and vendor questionnaire — we return them completed under NDA.