# Data Breach Notification Policy *Version: 1.2* *Effective Date: November 3, 2025*\ \&#xNAN;*Last Updated Date: April 14, 2026* *** SOLIDUS AI TECH INC., operating under the trade name “**AITECH Cloud Network**” (“ACN”, “we”, “us”, or “our”), together with relevant entities within the AITECH Cloud Network (“ACN”) ecosystem and group structure, including the AITECH Cloud Network Foundation and Solidus AI Tech Digital (where applicable), is committed to safeguarding the security of personal data. This Data Breach Notification Policy outlines the procedures and responsibilities applicable in the event of a personal data breach affecting users, customers, partners, systems, or services operated within the ACN ecosystem, as applicable based on the nature of the service, data processing activity, and relevant legal or regulatory requirements. Any references to “AITECH”, “AI Tech”, or similar terminology shall be interpreted as legacy references to the AITECH Cloud Network where applicable. This Policy should be read in conjunction with our Privacy Policy, Cookie Notice, Marketing Consents Policy, and Opt-In/Out Communications Policy, which together form part of our broader data protection and compliance framework. *** **1. Definition of a Data Breach** A personal data breach is any security incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. Examples of a data breach include: * Unauthorized access to customer data; * Exposure of marketing consents or preferences; * Loss or theft of devices containing personal data; * Malware or ransomware attacks; * Human error resulting in misdirected emails or data leakage. *** **2. Immediate Response & Containment** Upon discovering a suspected data breach, we will immediately: * Initiate our internal Incident Response Procedure; * Contain the breach to limit further exposure; * Assess the extent and nature of the breach; * Secure all affected systems and data sources; * Notify senior compliance and security staff. * Coordinate with relevant affiliated entities, internal divisions, processors, vendors, and incident response providers where necessary to contain and investigate the breach. *** **3. Assessment and Risk Analysis** We will conduct a risk assessment to determine: * The type and sensitivity of the personal data involved; * The number of individuals affected; * Whether the breach is likely to result in a risk to individuals' rights and freedoms; * Any potential for identity theft, financial fraud, reputational harm, or unauthorized marketing. * Whether personal data processed by multiple entities, jurisdictions, or third-party processors is affected. *** **4. Notification Obligations** Notification responsibilities may be undertaken by the relevant controller, processor, or responsible entity within the AITECH Cloud Network (ACN) group depending on the affected service, legal obligations, and jurisdiction. **A. Supervisory Authorities** If required under applicable laws (e.g., Article 33 of the EU GDPR), we will notify the relevant data protection authority within 72 hours of becoming aware of the breach. **B. Affected Individuals** If the breach is likely to result in high risk to the rights and freedoms of individuals, we will notify the affected persons without undue delay. This may include: * A description of the breach; * Contact details for further inquiries; * Recommended actions individuals can take to mitigate harm; * Summary of the steps we are taking to remediate the incident. Notifications may be sent via email, platform alerts, or public announcement depending on the scope and severity. *** **5. Communication and Marketing Impact** In the event that marketing data or communication preferences (including opt-in/out records or email addresses) are affected: * We will inform impacted individuals of the possible misuse of their promotional communication preferences; * We will honor all unsubscribe or opt-out requests that may have been compromised; * Marketing activities will be suspended for affected users until proper re-consent is confirmed, if necessary. *** **6. Record-Keeping** All data breaches, regardless of severity, will be documented. Our records will include: * Facts relating to the breach; * Its effects and scope; * Corrective actions taken; * Regulatory notifications made; * Incident records may be maintained centrally or by the relevant group entity, subject to confidentiality, retention obligations, and applicable law. This documentation is kept in accordance with Article 33(5) of the GDPR and our internal security policies. *** **7. Preventive Measures** To prevent recurrence, the relevant entity within the AITECH Cloud Network group may: * Update system security protocols and access controls; * Provide staff training on data protection and breach response; * Conduct security audits and penetration testing; * Review and revise data processing agreements with third-party vendors. *** **8. Contact Information** If you believe your data has been compromised or have questions about a potential breach, please contact us: Email: Mailing Address: SOLIDUS AI TECH INC, PH The Century Tower, Office 317 Vía Ricardo J. Alfaro Corregimiento de Betania, Distrito de Panama, Panama City, Panama. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whitepaper.aitech.io/regulatory-and-compliance/data-breach-notification-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.