In the event of a breach, i.e. a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, the AskCody will without undue delay but no later than in 24 hours after becoming aware of it notify the Data Controller in writing and additionally in any other reasonable and prompt manner (e.g. by phone).
In the event of a security breach, our team will promptly notify you of unauthorized access to your data. Service availability incidents are published to our status page at status.askcody.com with additional information.
Should your security team need additional logs for their investigation of an incident determined to affect your organization, our security team will coordinate responsibly provide access as needed.
The Breach notification will contain at least the following:
- a description of the nature of the Breach including, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of data records concerned
- the name and contact details of the person responsible for AskCody’s data protection matters
- a description of likely consequences and/or realized consequences of the Breach
- a description of the measures taken to address the Breach and to mitigate its possible adverse effects.
Where, and as far as, it is not possible to provide the information listed at the same time, the information may be provided in phases without undue further delay.
AskCody takes all the necessary steps to protect the Data after having become aware of the Breach. After having notified the Customer in accordance with above, AskCody will, in consultation with the Customer, take appropriate measures to secure the Data and limit any possible detrimental effect to the Data Subjects. AskCody will cooperate with the Customer, and with any third parties designated by the Customer, to respond to the Breach. The objective of the Breach response will be to restore the confidentiality, integrity, and availability of the Services, to establish root causes and remediation steps, preserving evidence and to mitigate any damage caused to Data Subjects or the Customer.