Data Collection:Bighub collects personal data transparently and legally, obtaining explicit consent from users for the collection and processing of their information. Data is collected for the specific purpose of providing and improving services offered on the marketplaces.

Processing and Storage: Collected personal data is processed according to the principles of lawfulness, fairness, and transparency, stored only for the necessary period for the purpose for which it was collected. We implement appropriate technical and organizational measures to ensure the security and integrity of the data.

Data Usage: Personal data is used exclusively for the purposes for which it was collected. We ensure that processing is limited to what is necessary, respecting data minimization.

Data Sharing: Sharing of personal data occurs only with trusted third parties and is based on legal grounds such as the data subject’s consent, the performance of a contract, or compliance with legal obligations. We enter into agreements ensuring the protection of shared data.

Data Disposal: Personal data is retained only for the time necessary to fulfill the purpose for which it was collected. We implement secure data disposal procedures, including periodic review of the need for retention.

User Rights: We respect users‘ rights as established by the GDPR, including the right to access, rectify, delete, and port data. We facilitate the exercise of these rights effectively and within the deadlines set by the regulation.

Consent: Consent is obtained clearly and unequivocally for each specific processing purpose. Users have the right to withdraw consent at any time.

Responsibility and Accountability:Bighub takes responsibility for compliance with GDPR provisions and implements effective measures to demonstrate compliance, including appointing a Data Protection Officer if applicable.

Data Protection Impact Assessment (DPIA): We conduct impact assessments whenever data processing poses a high risk to the rights and freedoms of data subjects, as required by the GDPR.

Policy Updates: This privacy policy is periodically reviewed to ensure ongoing compliance with data protection laws. Changes are communicated to users as required by the GDPR.

Security Incidents and Data Breach: In compliance with the GDPR, Bighub adopts rigorous measures to prevent, detect, and respond to security incidents, including data breaches. If a leak of customer personal information occurs, we implement a response plan to mitigate damages.

Incident Response Plan:Bighub maintains a security incident response plan covering quick identification of data breaches, impact assessment, notification to data protection authorities and affected data subjects, and implementation of corrective measures.

Data Breach Notification: In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects, we will notify the relevant data protection authorities and affected data subjects as required by the GDPR, within the stipulated timeframe.

Damage Mitigation:Bighub is committed to taking all necessary measures to mitigate damages caused by data breaches. This may include implementing technical solutions, collaborating with competent authorities, and providing support to affected data subjects.

Assessment and Continuous Improvement: After any security incident, we conduct a detailed assessment to identify lessons learned and improvement opportunities. These findings are incorporated into our information security program for continuous enhancement of our practices.

Incident Communication Channel: We provide a dedicated communication channel for reporting security incidents and data breaches. Users and stakeholders can quickly contact us to report any concerns related to data security.

This policy is an ongoing commitment to data privacy and security. If you have questions or need additional information about our privacy and data security policy, please contact us at www.bighub.store

Information Security Incident Response Plan – BIGHUB

1. Introduction: The BIGHUB Information Security Incident Response Plan (IRP) aims to ensure an organized and effective approach to handling information security incidents, including database breaches, unauthorized access, and data leaks. This plan establishes clear procedures to mitigate the impacts of these incidents, protect data, and maintain the integrity and confidentiality of information.

2. Incident Response Team:
Incident Coordinator.
Information Security Specialist.
Legal Representative.
External Communication.
IT Representative.

3. Incident Response Phases:
3.1. Identification:
Continuous monitoring of logs and systems.
Automatic alerts for suspicious activities.
Immediate reporting of incidents.
3.2. Assessment:
Impact and scope analysis of the incident.
Classification of the incident in terms of severity.
Determination of affected parties.
3.3. Containment:
Immediate isolation of the incident.
Blocking unauthorized access.
Measures to prevent the spread of the incident.
3.4. Eradication:
Identification and complete removal of malware.
Correction of exploited vulnerabilities.
Restoration of compromised systems and data.
3.5. Recovery:
Restoration of affected services.
Ongoing monitoring to detect the reappearance of suspicious activities.
Review and enhancement of security controls.
3.6. Communication:
Immediate notification to regulatory authorities if necessary.
Transparent communication with affected parties.
Regular updates for internal and external teams.

4. Documentation:
Detailed record of all actions taken.
Post-incident analysis for lessons learned.
Plan updates based on feedback and identified improvements.

5. Testing and Training:
Regular simulations of incidents to test the IRP.
Continuous training for the incident response team.
Review and update of the IRP as necessary.

6. Regulations and Compliance:
Ensure full compliance with data protection regulations.
Collaboration with regulatory authorities as required by law.

7. Emergency Contacts: In case of incidents, the incident response team can be contacted through the following channels:
Incident Coordinator.
Information Security Specialist.
Legal Representative.
External Communication.
IT Representative.

This Incident Response Plan is an essential tool to ensure an effective and organized response to information security events. It will be reviewed and updated regularly to reflect changes in threats and recommended practices.