Data Breach Notification

Version: 1.0

Effective Date: June 5, 2025 Last Updated: June 5, 2025

At Solidus AI Tech Limited (“Solidus AITECH”, “Solidus”, “AITECH”, “we”, “us”, or “our”), we take the security of personal data very seriously. This Data Breach Notification Policy outlines our procedures and responsibilities in the event of a personal data breach involving users, customers, or partners.

This policy aligns with our commitments under our Privacy Policy <insert link>, Cookie Notice <insert link>, Marketing Consents <insert link>, and Opt-In/Out Communications Policy <insert link>.

1. Definition of a Data Breach

A personal data breach is any security incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Examples of a data breach include:

• Unauthorized access to customer data;

• Exposure of marketing consents or preferences;

• Loss or theft of devices containing personal data;

• Malware or ransomware attacks;

• Human error resulting in misdirected emails or data leakage.

2. Immediate Response & Containment

Upon discovering a suspected data breach, we will immediately:

• Initiate our internal Incident Response Procedure;

• Contain the breach to limit further exposure;

• Assess the extent and nature of the breach;

• Secure all affected systems and data sources;

• Notify senior compliance and security staff.

3. Assessment and Risk Analysis

We will conduct a risk assessment to determine:

• The type and sensitivity of the personal data involved;

• The number of individuals affected;

• Whether the breach is likely to result in a risk to individuals' rights and freedoms;

• Any potential for identity theft, financial fraud, reputational harm, or unauthorized marketing.

4. Notification Obligations

A. Supervisory Authorities

If required under applicable laws (e.g., Article 33 of the EU GDPR), we will notify the relevant data protection authority within 72 hours of becoming aware of the breach.

B. Affected Individuals

If the breach is likely to result in high risk to the rights and freedoms of individuals, we will notify the affected persons without undue delay. This may include:

• A description of the breach;

• Contact details for further inquiries;

• Recommended actions individuals can take to mitigate harm;

• Summary of the steps we are taking to remediate the incident.

Notifications may be sent via email, platform alerts, or public announcement depending on the scope and severity.

5. Communication and Marketing Impact

In the event that marketing data or communication preferences (including opt-in/out records or email addresses) are affected:

• We will inform impacted individuals of the possible misuse of their promotional communication preferences;

• We will honor all unsubscribe or opt-out requests that may have been compromised;

• Marketing activities will be suspended for affected users until proper re-consent is confirmed, if necessary.

6. Record-Keeping

All data breaches, regardless of severity, will be documented. Our records will include:

• Facts relating to the breach;

• Its effects and scope;

• Corrective actions taken;

• Regulatory notifications made.

This documentation is kept in accordance with Article 33(5) of the GDPR and our internal security policies.

7. Preventive Measures

To prevent recurrence, Solidus AITECH will:

• Update system security protocols and access controls;

• Provide staff training on data protection and breach response;

• Conduct security audits and penetration testing;

• Review and revise data processing agreements with third-party vendors.

8. Contact Information

If you believe your data has been compromised or have questions about a potential breach, please contact us:

Address: SOLIDUS AI TECH LTD

Beachmont Business Centre 262, Kingstown, Saint Vincent & The Grenadines.