Data Breach Notification Policy
Politique de notification des violations de donnees
Last updated / Derniere mise a jour : May 18, 2026 / 18 mai 2026
1. Our Commitment
MindBridge is committed to protecting your personal data. In the unlikely event of a data breach, we follow strict notification protocols mandated by GDPR (EU), PIPEDA (Canada), and Loi 09-08 (Morocco/CNDP). A "data breach" means any security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
2. Notification Timelines
• GDPR (EU): We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms. Affected individuals will be notified without undue delay if the breach is likely to result in a high risk. • PIPEDA (Canada): We will report breaches to the Office of the Privacy Commissioner of Canada and notify affected individuals as soon as feasible if the breach creates a real risk of significant harm. • CNDP / Loi 09-08 (Morocco): We will notify the CNDP and affected individuals in accordance with applicable Moroccan data protection requirements.
3. What We Will Communicate
In the event of a notifiable breach, we will provide: • The nature of the breach and the categories of data affected • The approximate number of individuals affected • The likely consequences of the breach • The measures taken or proposed to address the breach and mitigate its effects • Contact details for our Data Protection Officer
4. Internal Response Procedure
When a potential breach is detected: 1. Containment: Immediately isolate the affected systems and stop the breach 2. Assessment: Determine the scope, affected data categories, and risk level 3. Notification: Notify relevant authorities and affected individuals within required timelines 4. Remediation: Implement corrective measures to prevent recurrence 5. Documentation: Record the breach, its effects, and all remedial actions taken
5. Report a Security Concern
If you believe you have discovered a security vulnerability or suspect a data breach, please contact us immediately: Email: security@mindbridgeeap.com DPO: privacy@mindbridgeeap.com We take all reports seriously and will respond within 24 hours.
1. Notre engagement
MindBridge s'engage a proteger vos donnees personnelles. Dans le cas improbable d'une violation de donnees, nous suivons des protocoles de notification stricts imposes par le RGPD (UE), le PIPEDA (Canada) et la Loi 09-08 (Maroc/CNDP). Une « violation de donnees » designe tout incident de securite entrainant la destruction, la perte, l'alteration, la divulgation non autorisee ou l'acces non autorise a des donnees personnelles.
2. Delais de notification
• RGPD (UE) : Nous notifierons l'autorite de controle competente dans les 72 heures suivant la prise de connaissance d'une violation susceptible d'engendrer un risque pour les droits et libertes des personnes. Les personnes concernees seront notifiees sans delai indu si la violation est susceptible d'engendrer un risque eleve. • PIPEDA (Canada) : Nous signalerons les violations au Commissariat a la protection de la vie privee du Canada et notifierons les personnes concernees dans les meilleurs delais si la violation cree un risque reel de prejudice grave. • CNDP / Loi 09-08 (Maroc) : Nous notifierons la CNDP et les personnes concernees conformement aux exigences marocaines applicables en matiere de protection des donnees.
3. Ce que nous communiquerons
En cas de violation devant etre notifiee, nous fournirons : • La nature de la violation et les categories de donnees concernees • Le nombre approximatif de personnes concernees • Les consequences probables de la violation • Les mesures prises ou proposees pour remedier a la violation et en attenuer les effets • Les coordonnees de notre Delegue a la Protection des Donnees
5. Signaler une preoccupation de securite
Si vous pensez avoir decouvert une vulnerabilite de securite ou suspectez une violation de donnees, veuillez nous contacter immediatement : Email : security@mindbridgeeap.com DPO : privacy@mindbridgeeap.com Nous prenons tous les signalements au serieux et repondrons sous 24 heures.
Security reports: security@mindbridgeeap.com
DPO: privacy@mindbridgeeap.com
Address: MindBridge EAP Inc., 123 Boulevard d'Anfa, Casablanca 20000