Privacy Breach Policy
1. Introduction
This Privacy Breach Policy outlines the procedures Lenstra SAS ("we", "our", or "us") will follow when there's a suspected or confirmed breach of personal data. We are committed to safeguarding the personal data entrusted to us and recognize the importance of responding promptly to such incidents.
2. Definition of a Privacy Breach
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure, or disposal of personal data. This can be a result of:
- Loss or theft of devices or records containing personal data
- Unauthorized access to personal data (e.g., hacking)
- Sharing personal data without the necessary permissions
3. Reporting a Breach
All staff members and contractors must report any perceived, suspected, or confirmed privacy breaches immediately to the Data Protection Officer:
- Data Protection Officer: M. Joachim de Lézardière
- Email: [email protected]
4. Containment
Upon becoming aware of a breach, immediate action should be taken to contain it:
- Stop the unauthorized practice
- Recover the breached records
- Shut down the system that was breached
- Revoke or change computer access codes
- Correct weaknesses in physical or electronic security
5. Evaluation
The Data Protection Officer will lead the evaluation of the breach by determining:
- The type and amount of personal data involved
- How the breach occurred
- Whether the breach would allow unauthorized access to any other data
- The individuals affected by the breach
6. Notification
If it's determined that the breach poses a risk to the affected individuals:
- We will notify them as soon as possible, explaining the nature of the breach, what steps we've taken, and what they can do to protect themselves.
- We will notify any regulatory authorities as required by law, including GDPR and CCPA regulations.
7. Prevention
Once immediate steps are taken to mitigate the risks associated with the breach, we will conduct a thorough review of the incident to prevent future breaches. This could involve:
- A security audit
- A review of policies and procedures
- A review of employee training practices
8. Documentation
All breaches and actions taken will be documented by the Data Protection Officer. This will include the details of the breach, its effects, and the actions taken to prevent future breaches.
9. Review and Updates
This Privacy Breach Policy will be reviewed annually and after any breach to ensure it reflects the current risks and capabilities of our organization.
10. Contact
For any questions regarding this Privacy Breach Policy:
- Address: 61 rue Boursault, 75017 Paris, France
- Email: [email protected]