Skip to main content

Data Breach Policy

Learn about our procedures in the unlikely event that your data becomes exposed due to a data breach.

Tyrone B avatar
Written by Tyrone B
Updated in the last 15 minutes

1. Purpose

This Data Breach Policy describes the procedures followed by Limoni Apps BV (“we”, “us”, or “Processor”) in the event of a Personal Data Breach involving the Discount Ninja application and related services (the “Services”).

This Policy is intended to ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), and to provide transparency to merchants (“Controllers”) regarding breach detection, response, and notification.

2. Scope

This Policy applies to all Personal Data processed by Limoni Apps BV on behalf of merchants in its role as a data processor, as defined in the applicable Data Processing Agreement (“DPA”).

This Policy does not apply to incidents that occur exclusively within a merchant’s own systems or Shopify environment and are outside the Processor’s control.

3. Definition of a Personal Data Breach

A Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data processed in connection with the Services.

This includes, but is not limited to:

  • Unauthorized access to systems containing Personal Data;

  • Accidental deletion or loss of Personal Data;

  • Malware, ransomware, or similar security incidents affecting Personal Data;

  • Disclosure of Personal Data to unauthorized third parties.

4. Breach Detection and Response

Limoni Apps BV maintains appropriate technical and organizational measures to detect, investigate, and respond to security incidents, including:

  • Monitoring and logging of access to production systems;

  • Incident escalation and internal response procedures;

  • Restricted access controls and role-based permissions;

  • Security reviews of infrastructure and subprocessors.

Upon becoming aware of a suspected or confirmed Personal Data Breach, we will:

  1. Promptly investigate the incident to determine its nature and scope;

  2. Take appropriate steps to contain and mitigate the breach;

  3. Assess the potential impact on Personal Data and affected data subjects;

  4. Document the incident and remedial actions taken.

5. Notification to Controllers

Where a Personal Data Breach affects Personal Data processed on behalf of a merchant, Limoni Apps BV will notify the affected Controller:

  • Without undue delay, and

  • In any event within 72 hours after becoming aware of the Personal Data Breach.

The notification will be provided through reasonable communication channels and, to the extent information is available at the time, will include:

  • A description of the nature of the breach;

  • The categories and approximate number of affected data subjects and records (if known);

  • The likely consequences of the breach;

  • The measures taken or proposed to address and mitigate the breach;

  • Contact details for follow-up information.

Where complete information cannot be provided within 72 hours, information may be provided in phases without undue further delay.

6. Controller Responsibilities

As the data controller, the merchant remains responsible for:

  • Assessing whether the breach must be reported to a supervisory authority under Article 33 of the GDPR;

  • Notifying affected data subjects under Article 34 of the GDPR, where required;

  • Maintaining any required breach records.

Limoni Apps BV will provide reasonable assistance to support the Controller in meeting these obligations.

7. Communication with Supervisory Authorities

Unless required by applicable law, Limoni Apps BV does not notify supervisory authorities or affected data subjects directly on behalf of Controllers.

Any such notification is the responsibility of the Controller, unless otherwise expressly agreed in writing.

8. Subprocessors

Where a Personal Data Breach originates from or involves a Subprocessor, Limoni Apps BV will:

  • Require the Subprocessor to notify Limoni Apps BV without undue delay; and

  • Take appropriate steps to assess, contain, and mitigate the breach in accordance with this Policy.

9. Documentation and Review

All Personal Data Breaches, regardless of severity, are documented internally in accordance with applicable data protection laws.

This Policy may be reviewed and updated from time to time to reflect changes in legal requirements, industry standards, or operational practices. The most current version will always be published on our support website.

10. Contact

Questions regarding this Data Breach Policy or reports of suspected security incidents may be submitted via the contact details provided in our Privacy Policy.

Related Articles
Privacy Policy
Terms and Conditions
Data Processing Agreement
Did this answer your question?