Last updated 3 June 2026
This DPA forms part of the agreement between Veona (processor) and the facility (controller) and sets out how personal data is processed.
The facility is the controller and determines the purposes of processing. Veona is the processor and acts on documented instructions.
We maintain a current list of sub-processors, including in-region hosting providers, and give notice of changes.
Technical and organisational measures include encryption, access control, audit logging, and regular review against ISO 27001 and SOC 2 controls.
We notify the facility without undue delay on becoming aware of a personal-data breach affecting their data.
Questions about this document can be sent to privacy@veonahealth.com. Veona is a product of Promatics Technologies Inc.