Report a security incident (incl. personal data breach)

For vendors and related sub-processors

If your company, as our vendor including as a data processor for Pandora, has become aware of a security incident or personal data breach that might have affected Pandora information, data, operations, business processes, network, or facilities, either in your organization or in any of your sub-processors’, please notify Pandora in accordance with the agreed timeframe by filling-in the below form.

Should you have any questions in this regard, please write to our security email address.

*Your company name

? We need to know the name of the company to understand the relationship with your company and to understand the details associated with our agreement.

Name(s) of implicated sub-processor(s), if relevant

? As our vendor, especially if you are a data processor to Pandora, you might have engaged sub-suppliers or sub-contractors in order to deliver the services or products to Pandora.

* Your company email address

? We need your email address should we have any questions concerning your submission or the information herein.

* Your direct company phone number (please include country pre-fix)

? We need your direct phone number in case we urgently need to reach you to discuss the details in this submission.

Contact person in Pandora

? If you know the name of a counterpart in Pandora who is normally involved in the interactions or business handling between Pandora and your company, please indicate this person so we can reach out internally for any additional information.

* Location(s) affected by the incident

? If your company is storing or processing Pandora information/ data in different regions or countries inside or outside of EU, please attempt to indicate where the incident might have occurred.

*Indication of information or personal data types involved

? Personal data may include personal identification details such as name and address, customer relationships, personal finances etc. Whereas information may include any Pandora-related information that was affected. Please see available types in dropdown below, and if not present in selection, please use “other” and add details.

*What is the approximate number of data subjects or information records affected

? Approximately, how many data subjects (customers, employees etc. which the data concerns) or information records has been affected by this incident?

*Indicate the areas affected by the incident (multiple choice)

? "Confidentiality" refers to if the data has been leaked, shared or made public to any person/persons that should not have this information. "Integrity" refers to if the data has been altered in any way by a person/persons who should not have had access to change the data and the data is no longer deemed correct. "Availability" refers to if the data has been affected or taken offline in a way that the data can no longer be used by the organization or given to the data subject, if they asked for it.

Confidentiality

Integrity

Availability

*When did the incident occur?

? When did you or your organization notice and realize that there was an incident?

Description of actions already taken by your organization or sub-processor(s)

? What actions have you, your colleagues or any associated sub-processors performed at this stage to help mitigate the impact of this incident? Ex. if an email was sent to the wrong recipient, have you contacted the recipient to ensure they have deleted and will not use the data going forward? Or if data was accidentally/maliciously published on the internet, is it still available online for public viewing?

Additional comments and details about the incident

Please fill out all required fields