Data Breach Policy

If Saberr have a data breach that might affect you, here is what will happen.

A data breach may be accidental, or deliberate and unlawful - either way we will work to limit its impact, prevent it happening again, and tell anybody impacted as well as the data protection authorities.

We are registered with the UK's Information Commissioners Office  (https://ico.org.uk registration number ZA171042).

Different types of data

For some data we may hold about you, Saberr is the designated "controller". That means we're reponsible for deciding how your data is processed. Saberr is the controller for most data that you enter directly into a Saberr product, like survey answers and comments.

For some data, we're a processor on behalf of a different controller. For example, if you work for a company which has sent Saberr some contact information for you, your company is the controller of that data.

If data we control is breached, we will:

  • inform the ICO within 72 hours
  • inform any affected data subjects as soon as possible, with information about what happened and what is being done about it.

If data we process on behalf of a different controller is breached, we will:

  • notify the controller of that data as soon as we become aware of the breach.

Finding out more

In any case, you can find out more information about a breach affecting you by contacting Saberr's Data Protection Officer on dpo@saberr.com


History

Details

Date

Impact

Typeform, an online survey provider suffered a data breach affecting many of their customers. We have used Typeform for various non-core data collection use cases.

The ICO established a special process for this, given the large number of organisations that would be expected to disclose the same underlying breach.

Incident: on or after 3rd May 2018

Discovery: 29th June 2018

Almost all Saberr users and customers were unaffected.

We contacted the 90 individuals, or the relevant data controllers, whose data had been compromised.

We notified the ICO of our findings.

The compromised personal data were names and email addresses.

We also found that half of the data affected was already present in known previous data leaks.

Did this answer your question?