Compliance & Security
Compliance and security sit at the heart of our architecture
Built for regulated environments from day one.
- GDPR
- KVKK
- PECR
- Processor / Controller architecture
- Encryption at rest and in transit
Regulatory frameworks
Compliant across every market we serve.
UK GDPR
We handle health data under Article 9 special category provisions, with explicit lawful basis recorded for every patient. Data Processor / Controller separation ensures your clinic retains full control of the patient relationship and the data trail.
KVKK
Continuum operates in full compliance with KVKK, including cross-border data transfer requirements for international patient flows.
PECR
All electronic communications follow PECR opt-in and suppression requirements. Consent is captured by the clinic at the patient consent stage; we honour withdrawal of consent in real time.
Data architecture
We hold only what's necessary.
We operate as Data Processor; your clinic remains Data Controller. We hold only the data needed to deliver the service: patient contact details, procedure type, scheduled communications, and feedback responses. We do not ingest clinical records, EMR data, or anything beyond what is necessary.
Security measures
Enterprise-grade controls, end to end.
Encryption in transit and at rest
Role-based access controls
Comprehensive audit logging
Data residency options
Automated retention and deletion
Regular security review
For your legal team
DPA and contracts.
Our Data Processing Agreement is available on request. We're happy to undergo enterprise security reviews, complete vendor assessment forms, and walk your IT and legal teams through our architecture.
Compliance reviewed. Confidence delivered.
Book a 30-minute call to walk through the architecture and review any specific requirements your clinic has.