Report a potential personal data breach

For vendors and related sub-processors

If your company, as a data processor for Pandora, has become aware of a potential personal data breach that might have affected Pandora data, either in your organization or in any of your sub-processors’, please notify Pandora in accordance with the timeframe agreed in the Data Processing Agreement by filling-in the below form.

Should you have any questions in this regard, please write to PDB@pandora.net.

*Your company name

? We need to know the name of the company to understand the data processing agreement (DPA) signed with your company and to understand the details associated with this agreement.

Name(s) of implicated sub-processor(s), if relevant

? As data processor to Pandora, you might have engaged sub-suppliers in order to deliver the processing to Pandora. These are called “Sub-processors” and should be mentioned in the original DPA between Pandora and your company.

* Your company email address

? We need your email address should we have any questions concerning your submission or the information herein.

* Your direct company phone number (please include country pre-fix)

? We need your direct phone number in case we urgently need to reach you to discuss the details in this submission.

Contact person in Pandora

? If you know the name of a counterpart in Pandora who is normally involved in the interactions or business handling between Pandora and your company, please indicate this person so we can reach out internally for any additional information.

* Location(s) affected by the potential personal data breach

? If your company is storing or processing Pandora data in different regions or countries inside or outside of EU, please attempt to indicate where the breach might have occurred, so we better understand what data was involved and which local privacy regulation we should focus on.

*Indication of personal data types involved

? Personal data may include personal identification details such as name and address, customer relationships, personal finances etc. Please see available types in dropdown below, and if not present in selection, please use “other” and add details.

*What is the approximate number of data subjects affected

? Approximately, how many data subjects (customers, employees etc. which the data concerns) has been affected by this breach?

*Indicate the areas affected by the potential personal data breach (multiple choice)

? "Confidentiality" refers to if the data has been leaked, shared or made public to any person/persons that should not have this information. "Integrity" refers to if the data has been altered in any way by a person/persons who should not have had access to change the data and the data is no longer deemed correct. "Availability" refers to if the data has been affected or taken offline in a way that the data can no longer be given to the data subject, if they asked for it.

Confidentiality

Integrity

Availability

*When did the potential personal data breach occur?

? When did you or your organization notice and realize that there was a potential personal data breach?

Description of actions already taken by your organization or sub-processor(s)

? What actions have you, your colleagues or any associated sub-processors performed at this stage to help mitigate the impact of this breach? Ex. if an email was sent to the wrong recipient, have you contacted the recipient to ensure they have deleted and will not use the data going forward? Or if data was accidentally/maliciously published on the internet, is it still available online for public viewing?

Additional comments and details about the potential personal data breach

Please fill out all required fields