Continuity
Access Platform
Back to Lander

GDPR Statement

Last updated: 2nd of October, 2025

Continuity operates as a data processor for customers delivering outbound campaigns to prospects in the European Union and United Kingdom. We are committed to meeting the requirements of the General Data Protection Regulation (GDPR) and the UK GDPR, including principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

Lawful Basis

Continuity processes personal data under the lawful basis defined by each customer (controller). Common bases include legitimate interests and contractual necessity when enabling vetted B2B outreach. Customers determine the appropriate lawful basis and communicate required notices to their contacts; Continuity executes processing strictly within that scope.

Data Subject Rights Support

We assist controllers in fulfilling data subject requests (access, rectification, erasure, restriction, portability, and objection). Requests should be escalated to legal@withcontinuity.com. Continuity responds promptly and cooperates to meet statutory deadlines.

International Transfers

Continuity primarily hosts workloads within the European Union using Microsoft and Hetzner facilities, with Cloudflare providing a globally distributed edge. When data leaves the EU/UK, we rely on Standard Contractual Clauses (SCCs), transfer impact assessments, and technical safeguards (encryption, access controls) to maintain protection levels.

Security and Governance

Security controls include hardened Microsoft tenants, segregated environments, privileged access management, SIEM monitoring, vulnerability management, and documented incident response plans. Staff undergo background checks and privacy training prior to accessing customer systems.

Records of Processing

Continuity maintains internal records describing each processing activity, the data categories involved, retention periods, and engaged sub-processors. These records are available to supervisory authorities upon request.

Data Retention

Operational data is retained only for the duration necessary to deliver services and fulfil contractual obligations. Routine retention periods are defined in the Data Processing Addendum. Logs required for security, audit, or dispute resolution are purged on rolling schedules.

Supervisory Authority Cooperation

Continuity cooperates with applicable supervisory authorities and will notify customers without undue delay if we receive regulatory inquiries impacting their data.

Point of Contact

Questions about Continuity's GDPR posture can be directed to legal@withcontinuity.com. Customers may also request signed SCCs or additional documentation (penetration test summaries, DPIA inputs) through the same channel.