The way in which monitoring and identification of databreaches takes place:
TPV monitors its services 24/7 and has taken measures to prevent and identify unauthorized or unlawful access to data. Signals that indicate a Databreach are assessed by the security officer of TPV, who analyzes whether there may be a Databreach, the type of Databreach and whether this concerns a Databreach that falls under its role as processor or its role as controller.
The way information is shared:
If a Databreach occurs with regard to personal data that TPV processes as a processor, the controller is informed by or on behalf of TPV in principle within 24 hours after detection of a Databreach by e-mail. Depending on the situation, information can also be shared by our website and official social media channels and / or official distributors and / or commercial agents.
If a Databreach occurs with regard to personal data that TPV processes as controller, the Dutch Data Protection Authority will be informed within 72 hours after detection of a Data Leak, and in case of adverse consequences for data subjects, then these will also be informed in the manner provided for by the law, so that they can take measures.
For follow-up actions or questions, you can contact our helpdesk by telephone or e-mail via the data included in the privacy statement.
TPV shares the following information when a Databreach occurs:
- The characteristics of the incident, such as: date and time of determination, summary incident, feature and nature incident (on what part of the security it sees to, how did it occur, does it relate to reading, copying, changing, deleting / destroying and / or stealing personal data);
- The cause of the security incident;
- The measures taken to prevent possible / further damage;
- Identifying those involved who may be affected by the incident and the extent to which they may be affected;
- The size of the group of stakeholders;
- The nature of the personal data affected by the incident (in particular, special data, or data of a sensitive nature, including access or identification data or financial data).
In specific situations where this is needed or legally required, TPV can make a (first) notification of a Databreach to the Dutch Data Protection Authority.