Data Breach Policy

Siteimprove and its affiliates (collectively, “Siteimprove”) make every effort to protect the confidentiality, integrity, and availability of Confidential Information and Personal Data (defined below) of employees, customers and vendors. In the event of a Data Breach (defined below), Siteimprove will respond promptly to investigate, contain, and mitigate any security incident that can lead to a Data breach.

Definitions

Confidential Information includes all information of Siteimprove, its employees, and its existing and potential customers not generally known to the public, in printed, electronic or any other form or medium.

Personal Data includes any information related to an identified or identifiable natural person. Personal Data includes, but is not limited to: names, addresses, emails, phone numbers.

Data Breach is defined as the unauthorized acquisition or access of unencrypted Confidential Information or Personal Data that compromises the confidentiality, integrity and availability of that information. A Data Breach can occur not only virtually through computer networks but also physically through unauthorized access into Siteimprove locations or computers. Data Breach also include any breaches that affect any third party vendors that provide Siteimprove with services or hosting.

Incident response

As part of the information security policy, Siteimprove maintains a Security Incident response plan that is based on guidelines from NIST ( 800-61 ).

All employees are required to immediately notify the IT Department of any actual or suspected Data Breach – including events that affect our third party vendors. The IT department will then follow the Security Incident response plan.

Notification

Notice of Data Breaches will be provided to affected individuals and/or governmental agencies in accordance with applicable contractual and legal requirements.

Siteimprove commits to a notification via email to affected parties as soon as possible but not later than 72 hours of reasonable suspicion of a Data Breach.