Incident management and breach notification

This page summarizes Halthia operational incident management process, including confidentiality, integrity and availability events.

Scope covers systems and services managed by Halthia as SaaS provider.

Relevant events are analyzed and classified by severity to prioritize technical response and communication.

Categories include: minor incident, significant incident, and critical incident with potential personal data impact.

When an incident occurs, containment actions are applied to limit impact and preserve technical evidence.

Root cause analysis, corrective actions and service recovery validation are then executed.

Where applicable, preventive controls are reinforced to reduce recurrence risk.

If a personal data breach is confirmed, Halthia notifies the affected customer without undue delay in its processor role.

Initial communication includes, where possible, nature of the incident, potentially affected categories, mitigation actions and recommended next steps.

The customer, as controller, remains responsible for assessing and performing any authority or data subject notifications required by applicable law.

Halthia will provide reasonable cooperation so the customer can meet applicable regulatory notification deadlines (including the GDPR Art. 33 72-hour framework where relevant).

Primary operational communication channel: support@halthia.com.

For relevant incidents, status updates are provided until closure with reasonable decision-making information.

Enterprise customers may define custom escalation circuits in contractual addenda.

Halthia maintains incident traceability, response actions and remediation tasks for internal audit purposes.

Post-incident learnings are integrated into procedures, technical controls and operational practices.

Current public reference version: 2026-04.

For security coordination, information requests or enterprise addenda: support@halthia.com.