Yes, Wonderkind has established comprehensive procedures for handling information security incidents, including data breaches. As outlined in their Data Protection and Privacy Policy, Wonderkind is committed to ensuring the security and confidentiality of personal data processed on behalf of its clients.
Incident Response and Notification Procedures:
Notification of Data Breach: In the event of a security leak or data breach as referred to in Article 33 of the GDPR, Wonderkind will, to the best of its ability, notify the relevant customers and users of the Wonderkind Platform without undue delay. This notification will include:
The (suspected) cause of the breach.
The (currently known or anticipated) consequences.
The (proposed) solution.
The measures already taken.
This duty to report applies irrespective of the impact of the leak. Wonderkind will endeavor to provide complete, accurate, and timely information. If required by law or regulation, Wonderkind will cooperate in notifying the relevant authorities and/or Data Subjects.
Role as Data Processor: Wonderkind operates as a data processor in its services. As such, it is the responsibility of the client (data controller) to determine whether to inform its end-users (data subjects) and/or relevant regulatory authorities. Wonderkind will assist the client in this process as needed.
Security Measures: In accordance with Article 32 of the GDPR, Wonderkind implements adequate technical and organizational measures to protect customer and user data against:
Loss.
Unauthorized disclosure.
Deterioration.
These measures are designed to ensure a level of security appropriate to the risk, including encryption and regular security assessments.