{"id":2167,"date":"2023-04-18T10:26:11","date_gmt":"2023-04-18T10:26:11","guid":{"rendered":"https:\/\/happyfinish.com\/?page_id=2167"},"modified":"2023-04-18T10:26:13","modified_gmt":"2023-04-18T10:26:13","slug":"data-breach-policy-2","status":"publish","type":"page","link":"https:\/\/happyfinish.com\/corporate-governance\/data-breach-policy-2\/","title":{"rendered":"Data Breach Policy"},"content":{"rendered":"\n
April 2022<\/strong><\/p>\n\n\n\n This Policy sets out the obligations of Happy Finish Ltd, a company registered in England under number 05144546, whose registered office is at26-28 Underwood Street, London, W1 7JQ (\u201cthe Company\u201d) regarding the handling and reporting of data breaches and personal data breaches in accordance with UK Data Protection Legislation. \u201cData Protection Legislation\u201d, in this Policy, means all legislation and regulations in force from time to time regulating the use of personal data including, but not limited to, the retained EU law version of the General Data Protection Regulation ((EU) 2016\/679) (the \u201cUK GDPR\u201d), as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, and any successor legislation.<\/p>\n\n\n\n The UK GDPR defines \u201cpersonal data\u201d as any information relating to an identified or identifiable natural person (a \u201cdata subject\u201d); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.<\/p>\n\n\n\n The UK GDPR defines a \u201cpersonal data breach\u201d as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.<\/p>\n\n\n\n The Company is under a duty to report certain types of personal data breach directly to the Information Commissioner\u2019s Office (\u201cICO\u201d). The Company is also required to inform individual data subjects in the case of breaches that present a high risk of adversely affecting their rights and freedoms.<\/p>\n\n\n\n All personal data collected, held, and processed by the Company will be handled in accordance with the Company\u2019s Data Protection Policy.<\/p>\n\n\n\n The Company has in place procedures for the detection, investigation, and reporting of data breaches. This Policy applies to all data breaches (including personal data breaches) within the Company and is designed to assist in both the handling of such breaches and in determining whether or not they must be reported to the ICO and\/or to data subjects.<\/p>\n\n\n\n\n