Data Breach Notification Policy

---

introduction

ICE is committed to protecting the personal and sensitive information of its users. In the event of a data breach, ICE will take immediate steps to mitigate any potential damage and comply with all legal requirements to notify affected individuals and relevant authorities.

Types of Data Covered

ICE collects and stores various types of data, including but not limited to:

• Personal identifiers (name, contact information, driver’s license, etc.).
• Financial information (payment details, bank information).
• Location data (GPS-based tracking).
• Any other sensitive information shared with ICE as part of its services.

Scope of the Policy

This policy applies to any event in which there is unauthorized access, disclosure, or misuse of the personal and sensitive data collected and stored by ICE.

Steps ICE Will Take in Case of a Data Breach

1. Identification of the Breach: Upon discovering a potential data breach, ICE’s data security team will immediately work to identify the scope, cause, and impact of the breach.
2. Containment: ICE will take swift action to contain the breach, prevent further unauthorized access, and secure its systems.
3. Assessment: ICE will assess the breach's nature, including the type of data involved, the extent of the breach, and the number of individuals or entities impacted.
4. Mitigation: ICE will take steps to mitigate the impact of the breach, such as resetting system passwords, disabling compromised accounts, and improving security protocols.

Notification Procedures

1. Who Will Be Notified: ICE will notify all affected users whose personal data was accessed or compromised during the breach.
2. How ICE Will Notify Affected Individuals: Notifications will be sent via email, SMS, or in-app alerts, depending on the contact information available. The communication will outline:
   • The nature of the breach.
   • The type of data involved.
   • Steps the user can take to protect themselves (such as changing passwords or monitoring financial accounts).
   • ICE’s actions to resolve the issue and prevent future occurrences.
   • Contact information for support and inquiries.

1. Timeliness of Notification: ICE is committed to notifying affected individuals as soon as possible, within the timeframes required by relevant laws (e.g., within 72 hours of discovering the breach).
2. Government and Legal Notifications: ICE will notify the relevant legal authorities, including the North Carolina Attorney General’s office, as required by state and federal law.

Legal Compliance

ICE will comply with all applicable data breach notification laws in North Carolina and federal regulations, including:

• The North Carolina Identity Theft Protection Act (NCGS 75-61, 75-65).
• Federal regulations under the FTC’s Safeguards Rule and GDPR (for international users if applicable).

User Responsibilities

While ICE takes the utmost care in safeguarding user data, users are also responsible for maintaining the confidentiality of their account credentials (e.g., passwords). ICE encourages all users to enable two-factor authentication where available and monitor their accounts regularly for any suspicious activity.

Contact Information

Users may contact ICE for further information about a data breach through the following channels:

• Email: security@iceride.io
• Support Line: 1-800-ICE-SAFE (423-7233)

Modifications to the Data Breach Policy

ICE may revise this Data Breach Notification Policy from time to time. When substantial changes are made, ICE will notify users of the updates through appropriate communication channels.

Effective Date

This policy is effective as of [insert date]. Any updates or revisions will be reflected in future versions of this document and will be communicated promptly to users.