2021 Fillmore Street #1128

}

24/7 solutions

Data Breach Notification Policy

Data Breach Notification Policy

Purpose

AllCode’s Data Breach Notification Policy (“Policy”) has been developed to provide for a reasonable and consistent response to data breach incidents involving Personal Data. The objective of this Policy is to ensure that AllCode responds appropriately to data breaches and ensures that the appropriate notifications are made when necessary, in compliance with Applicable Laws.
Compliance with this policy is in place to both minimize potential damages that could result from a data breach and to ensure that parties affected by a data breach are properly informed of how to protect themselves.

Definitions

  • “Customer” means a third party that has entered into a binding, written agreement with AllCode for the provision of Services.
  • “Customer Personal Data” means any Personal Data Processed by AllCode on behalf of a Customer pursuant to or in connection with a customer agreement;
  • “Employee” means a natural person employed by AllCode for wages or salary.
  • “Employee Personal Data” means any Personal Data of natural persons Processed by AllCode in connection with the performance of a contract of employment or for purposes of recruitment.
  • “GDPR” means EU General Data Protection Regulation 2016/679;
  • The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly

Scope

This Policy applies in the event of a Personal Data Breach under Article 33 of the GDPR – Notification of a personal data breach to the supervisory authority – and Article 34 – Communication of a personal data breach to the data subject.
This Policy is applicable to all directors, officers, and employees of AllCode and any other individual or entity acting for or on behalf of AllCode, whether operating inside or outside the United States (collectively “Covered Persons”). Third parties, including but not limited to consultants, agents, intermediaries, and joint-venture partners, must be informed about this Policy and agree to comply with its tenets.

DATA BREACH RESPONSE TEAM

The following positions/individuals will constitute AllCode’s Data Breach Response Team (or “Team”) for purposes of this Policy:

  • Chief Technology Officer
  • Head of Product
  • Director of Operations / Customer Support Representative

Personal Data Breach

Customer Personal Data

AllCode shall notify Controller without undue delay after becoming aware of a Personal Data Breach. Such notification shall at least: (i) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; (ii) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; (iii) describe the likely consequences of the personal data breach; and (iv) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

Employee Personal Data

To the Data Subject
AllCode shall, without undue delay and, where feasible, communicate the personal data breach to the data subject. The communication to the data subject referred to in paragraph 1 of this Article shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33(3).

To the Supervisory Authority

AllCode shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Data Breach to the supervisory authority in accordance with Article 55. 2 Such notification shall at least: (i) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; (ii) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; (iii) describe the likely consequences of the personal data breach; and (iv) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
To download a pdf version of this document, click here.
Contact us for a Word version.
 

Free AWS Services List

Download this FREE list of all 200+ AWS services and ensure that you're using the optimal services for your use case to enhance efficiency and save money!

Free AWS Business Continuity Plan Template

Make sure you have the proper business continuity plan explicitly for you AWS infrastructure. our professionals built this template using AWS best practices so you can ensure it's built to scale! 

Free Cloud Migration Checklist

Without the proper cloud migration strategy, you risk losing time and money. Ensure that your migration process is running smoothly with our FREE cloud migration checklist.

Free AWS Services List

You might be optimizing with the wrong AWS services. Download this FREE list of all 200+ AWS services and ensure that you're using the optimal services for your use case to enhance efficiency and save money!

Download your FREE AWS Business Continuity Plan Template
Download Free 200+ AWS Services Checklist
Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.