This Policy sets out the procedure to ensure an effective approach is in place for managing data breach and information security incidents on Healthchecks.io.
This Policy relates to all customer data held by Healthchecks.io. The customer data includes both the limited amount of personal data that Healthchecks.io stores (e.g., user email addresses) and business data (check names and descriptions, integration API tokens, IP addresses of client systems, and similar).
For this Policy, data security breaches include both confirmed and suspected incidents. Types of incidents include but are not limited to:
Any individual who accesses, uses, or manages Healthchecks.io information is responsible for reporting data breach and information security incidents immediately to our Data Protection Officer, Pēteris Caune, at email@example.com.
Upon being notified of a suspected or confirmed data breach, the Data Protection Officer (DPO) will determine if the breach is still occurring. If so, the DPO will take the appropriate steps to contain the breach:
The DPO will investigate the breach and determine whether there could be severe consequences to affected individuals or organizations:
The DPO will notify any affected customers without undue delay. The notification will include a description of when and how the breach occurred and the data involved. It will give specific advice on what they can do to protect themselves, and describe what actions have been already to mitigate the risks.
If the breach involves personal data, the DPO will notify Supervisory Authority within 72 hours of becoming aware of the breach.
The DPO will consider notifying third parties such as the police if criminal activity is suspected.
After resolving the data breach, the DPO will review the cause of the breach. The DPO will evaluate if existing protection and prevention measures and processes are sufficient to prevent similar breaches from occurring. After completing the review, the DPO will prepare and publish a public report of the breach on Healthchecks.io.
This document was last updated on October 28, 2022.