DATA BREACH POLICY

1. PURPOSE AND SCOPE

This Data Breach Policy establishes procedures for 33 Systems Inc., doing business as 33 ALERTS, to respond to security breaches involving personal information.

This policy complies with Florida Laws and applicable federal laws.

2. COMMITMENT TO DATA SECURITY

33 ALERTS is committed to protecting personal information by:

• Implementing reasonable security measures
• Training employees on data protection practices
• Regularly reviewing and updating security procedures
• Complying with applicable data protection laws
• Responding promptly and appropriately to security breaches

3. SECURITY MEASURES

3.1 Preventive Measures

We implement reasonable measures to protect and secure data in electronic form containing personal information, including:

Technical Controls:

• Encryption of data in transit (SSL/TLS) and at rest
• Secure authentication and access controls
• Firewall protection and network security
• Regular security vulnerability assessments
• Intrusion detection and prevention systems
• Regular software updates and security patches

Administrative Controls:

• Employee confidentiality agreements
• Background checks for personnel with access to sensitive data
• Role-based access restrictions
• Regular security training for employees
• Incident response procedures

Physical Controls:

• Secure data center facilities with restricted access
• Video surveillance and security personnel
• Environmental controls and fire suppression
• Secure disposal of physical media containing personal information

4. BREACH DETERMINATION

4.1 What Constitutes a Breach

A “breach of security” or “breach” means unauthorized access to personal information that compromises the security, confidentiality, or integrity of such information.

4.2 Breach Assessment

Upon discovering a potential breach, we will:

1. Immediately initiate an investigation
2. Determine the scope and nature of the breach
3. Identify affected individuals and information
4. Assess the risk of harm to affected individuals
5. Consult with law enforcement if appropriate
6. Document all findings

5. CUSTOMER RESPONSIBILITIES

5.1 Customer as Data Controller

When Customers (venue operators) receive alert data containing End User personal information, the Customer becomes the data controller for that information and is responsible for:

• Protecting End User information with reasonable security measures
• Complying with applicable data breach notification laws
• Notifying affected End Users if a breach occurs in Customer’s systems
• Reporting breaches to appropriate authorities

5.2 Customer Breach Notification to 33 ALERTS

If a Customer experiences a breach involving alert data or End User information:

• Customer should notify us promptly at info@33alerts.com
• We will cooperate with Customer’s breach response efforts
• We may provide assistance in determining scope of breach
• Customer remains responsible for all required notifications

6. DATA DISPOSAL

We and our third-party agents shall take all reasonable measures to dispose, or arrange for disposal, of customer records containing personal information when records are no longer required to be retained.

Disposal methods include:

• Shredding physical documents
• Erasing electronic data
• Degaussing or destroying storage media
• Other methods that make information unreadable or undecipherable

7. RECORD KEEPING

We shall maintain records of:

• All security breach incidents and investigations
• Breach determinations and risk assessments
• Notifications sent to customers and affected parties
• Law enforcement correspondence regarding breaches
• Written determinations and documentation (retained for 5 years)

8. NO PRIVATE CAUSE OF ACTION

There is no private cause of action under this Data Breach Policy. This policy
imposes no additional requirements beyond those specified under Florida laws.

Violations may be enforced by:

• Florida Department of Legal Affairs
• Other authorized state agencies
• Federal authorities (if applicable)

9. AMENDMENTS TO THIS POLICY

We may update this Data Breach Policy to reflect changes in:

• Florida or federal law
• Our security practices
• Technology or industry standards

Updates will be posted on our website with a revised “Effective Date.”

10. CONTACT INFORMATION

For Data Breach Notifications, Questions, or Reports: