11.1. We take all appropriate measures to guarantee a security level that is tailored to the risks to and in the protection of your personal data.
11.2. We keep a processing register that also describes the (category of) processing of your personal data.
11.3. [If applicable - We have appointed a Data Protection Officer who informs and advises us on our obligations under the GDPR, who oversees compliance with the GDPR and is the contact person with the competent privacy authorities.]
11.4. We cooperate with the competent privacy authorities (at their request).
11.5. If necessary and / or mandatory, we will immediately report security incidents or data leaks (including unlawful processing, loss, unavailability, destruction, damage or unauthorized disclosure of your personal data) to the Privacy Commission / Data Protection Authority no later than 72 hours after first notice.In case such data breach is likely to pose a high risk to your rights, and under the conditions set out in the GDPR, we will notify you.In the event that you become aware of such a breach in any way in relation to your personal data or those of others, please contact us at firstname.lastname@example.org
11.6. If we were to use certain new technologies or applications to process your personal data, which would likely entail high data protection risks for you, we will, under the conditions set out in the GDPR, conduct a so-called “Data Protection Impact Assessment” (DPIA) and, if required, consult the Privacy Commission / Data Protection Authority in advance.