This Policy sets out the procedure to ensure an effective approach is in place for managing data breach and information security incidents on codeherald.com.
This policy applies to customer data processed by the Service. The customer data includes both personal data (e.g. user email addresses) and business data (e.g. rules and repositories, API access tokens, etc.)
For this Policy, data security breaches include both confirmed and suspected incidents. Types of incidents include but are not limited to:
Any individual who accesses, uses, or manages codeherald.com information is responsible for reporting data breach and information security incidents immediately to our Data Protection Officer, Julius Seporaitis, at info [at] this domain.
Upon being notified of a suspected or confirmed data breach, the Data Protection Officer (DPO) will determine if the breach is still occurring. If so, the DPO will take the appropriate steps to contain the breach:
The DPO will investigate the breach and determine whether there could be severe consequences to affected individuals or organisations:
The DPO will notify any affected customers without undue delay. The notification will include a description of when and how the breach occurred and the data involved. It will give specific advice on what they can do to protect themselves, and describe what actions have been already to mitigate the risks.
If the breach involves personal data, the DPO will notify Supervisory Authority within 72 hours of becoming aware of the breach.
The DPO will consider notifying third parties such as the police if criminal activity is suspected.
After resolving the data breach, the DPO will review the cause of the breach. The DPO will evaluate if existing protection and prevention measures and processes are sufficient to prevent similar breaches from occurring. After completing the review, the DPO will prepare and publish a public report of the breach on codeherald.com.
This document was last updated on January 23, 2023.
This Data Breach Policy was adapted from Healthchecks.io policy.