Attacks, unauthorized access, and breaches
In the case of THIRD PARTIES
No company or organization in the world today, given the complexity of communications and cybersecurity, can guarantee with 100% certainty the absolute security of its products and services. Therefore, in the utmost respect for our customers and partners, we have prepared a contingency plan for an unlikely event.
If something unexpected happens, the first step to be taken by Addhere is to mobilize the DPO and the technical team with the highest degree of seniority in Addhere, and with the involvement of the CEO, prove the real existence of the data breach.
The second step to be taken is to use Addhere’s highest technical level team with the help of external specialists, if necessary, to validate the first hypotheses.
If proven, the Team will provide a report that aims to detect what data was accessed, the size of the impact, the list of affected users and the investigation’s hunches.
After the investigation, if the occurrence of a data breach is proven, the next step to be taken is to communicate, within 24 hours after confirmation, via registration email, all affected users, clarifying what happened, the probable date and time of occurrence, the dimension of the impact and the measures to be adopted by Addhere.
If the impact level is considered moderate or severe, the application service must be stopped immediately and a warning will be displayed in the application until corrective measures are sufficiently implemented.
It will be considered of moderate impact, when it is perceived that there has been a violation of isolated anonymized clinical data with no connection with identifications or only basic identification data in correlation with clinical data.
It will be considered a serious impact if both bases (clinical data and identification data) have been potentially violated and a correlation between them can eventually be established.
It should be noted that, by design, the application tries in several ways, using good information security practices, to preserve and mitigate this risk.
In the event of proof of the occurrence of a violation, Addhere will maintain an active and continuous communication with its customer base in a period not exceeding 4 (four) weeks, updating on the measures taken and whether it still presents some level of risk and will maintain this procedure until all points of moderate or severe criticality are resolved.
Schools and other institutions that maintain active contracts with Addhere must also be notified in the same regularity as described above.
Addhere will be able to post on its website a report about what happened and the measures that will be taken also on its social media, as long as this contributes to the safety of users and the credibility of the company with individuals, government and society.
In the case of the USER
The USER must not attempt to gain unauthorized access to the App Addhere, the services, the servers on which the data is stored or any server, computer or database connected to them. The USER must not, in any way, attack the App Addhere or the services hosted therein. In case of suspected attacks or attempts to gain unauthorized access to the application or service. Addhere will report to the relevant law enforcement authorities and share with them the information about the suspected USER.
The USER must not use the Addhere App to:
(a) transmit any false, misleading, fraudulent, defamatory, offensive or unlawful communication;
(b) damage, disable, overburden, impair or compromise our systems or security or interfere with other users;