DATA BREACH POLICY

Letomec S.r.l. has implemented a Data Breach Policy, verified by the Data Controller. The purpose of the Policy is to communicate outside the company the existence of a method to manage reports that can lead to anomalous situations or Data Breach.

The notification contact e-mail – amministrazione@letomec.com – is redirected to the System Administrator’s e-mail address and to a second figure (ex. Privacy Contact), specifying the problem and the closing period of Letomec Srl.

The Data Breach Policy includes the following contents:

In order to protect your personal data, Letomec S.r.l. has provided a Data Breach Policy to answer better to the hypothesis of violation of personal data. It happens because a personal data breach can, if not dealt with in adequately and promptly way, cause damage to the individual.

The violation of personal data can consist in the destruction, loss, modification, unauthorized disclosure or access, in an accidental or illegal way, to personal data transmitted, stored or processed.

We consider it appropriate to inform you about the risks that could result from the violations listed above.

Under the REG. UE in fact, the main risks for the rights and freedoms of all people interested, following the data breach, coincide with the premise:

  • physical, material or immaterial damage to individuals;
  • loss of data control of people interested;
  • limitations of rights/discrimination;
  • identity theft or usurpation;
  • financial losses/economic, social or reputational damage (both for the people interested and for the Data Controller);
  • unauthorized decryption of pseudonymization;
  • loss of confidentiality of personal data protected by professional secrecy (health data, judicial data);
  • other.

The causes that can lead to these situations can be:

  • voluntary or involuntary human error;
  • unforeseen circumstances such as fire, flood, earthquake, etc.;
  • hacker attack;
  • failure of the planned mitigation measures;
  • “blagging” crimes in which the information is obtained by deceiving the organization that holds them;
  • other.