Data Breach Notification Protocol

At Harlem Next B.V., we prioritize the security of your personal data. We have implemented stringent measures to protect your information, but we understand that data breaches can still occur even with the best precautions. So, in the unfortunate event that you discover a data breach involving personal data for which Harlem Next B.V. acts as either the Controller or Processor, please follow the steps outlined below:

  1. Immediate Notification: Contact us without delay via email at databreach@harlemnext.com. If for some reason, you are unable to reach us through this means, please contact us at jheidinga@harlemnext.com.
  2. Provide Detailed Information: When notifying us, please provide as much detail as possible about the breach. This should include when and how you discovered the breach, the nature of the personal data involved, and any other relevant information.
  3. Cooperation: After the initial notification, we kindly ask for your cooperation and patience as our Data Breach Response Team investigates the matter. We may reach out to you for further information or clarification.
  4. Our Response: As a Processor or Controller of the affected personal data, we are obligated to inform the relevant parties and authorities, depending on the severity and nature of the breach. If necessary, we will also assist in fulfilling any obligations that arise as a result of the breach and take necessary technical and organizational measures to limit its consequences.
  5. Follow-Up: Once we have handled the situation, we will follow up with you to provide an update on the resolution of the breach.

We appreciate your help and cooperation in maintaining the security and integrity of personal data. Remember, the sooner we are informed of a data breach, the faster we can act to rectify the situation and mitigate any potential damage. Thank you for your vigilance and understanding. Please note that this protocol is in place to ensure compliance with the General Data Protection Regulation (GDPR) and to fulfill our obligations as a data controller or processor.