Data Breach Policy
We are pleased to inform you that we have formed a crisis team, consisting of:
- Privacy Officer
- ADS/SI Officer
- HR Officer in case the event involves the data of LONGO SPA employees
- An officer responsible for communicating with the press
- Other officers
- Legal Division
- In case the event involves customers or potential customers, the team will be extended to include the Marketing Director
- In case the event involves human resources, the team can be extended to include the HR Manager
This Team will analyse the seriousness of an event, considering the data, the interests involved, the extent and the timeframe, according to precise parameters identified by LONGO SPA.
Following this analysis, LONGO SPA will carry out an in-depth audit of the risk in order to understand the actual existence or otherwise of any breach.
In case of positive outcome, the team will proceed to solve the problem.
You should also know that in case of any breach concerning your details, it may be necessary to communicate the event to the Privacy Guarantor no later than 72 hours from the fact.
For this reason, in the event of any breach of which one of our external data processors or deputy processors should become aware, they are obliged to inform us of the breach – the processor no later than 24 hours and the deputy processor no later than 12 hours from discovery of the fact.
But this is not all.
In the event of a breach of your data, leading to a high risk to your rights and your fundamental freedoms, we are obliged to provide you with timely notification in order to allow you to put in place suitable precautions to minimize the potential damage arising from the breach.
In this notification, we are obliged to inform you of the following:
- the name and contact details of where you can obtain more information;
- the probable consequences of a breach of personal data;
- the measures put in place or proposed measures to be used by the Data Controller to remedy the personal data breach, as well as, if suitable, to mitigate possible negative effects.
We are not obliged to inform you in the event that we implement suitable technical and organisational measures to protect your data against breaches or if we subsequently implement measures in order to avoid new risks to your rights and furthermore, when the communication requires disproportionate efforts. In this case, we will proceed with public communication or similar measures. In any case, we will assess the opportunity, even if not strictly obligatory, to keep you informed.
If you should become aware of a breack of your personal data, you can inform us by writing to the following email firstname.lastname@example.org; this notification will be examined by our crisis team, which will proceed as described above.
Contact details for more information: email@example.com