Noventiq strongly believes that the confidential information that becomes available to employees in whatever form should not be disclosed, distributed or transferred to anyone, other than the persons authorized to obtain it.
This Policy declares compliance with the best practices of the confidential information protection.
The Company’s employees should observe the rules for the confidential information handling and protection both in Noventiq and out of it.
Policy Objective
To ensure compliance with the rules for the confidential information handling and protection.
Introduction
The Confidentiality Policy is aimed to prevent, identify and eliminate the risks of confidential data leakage.
The Confidentiality Policy is one of the major components of an organization’s activities, which helps to avoid and prevent the risks of confidential data leakage.
Scope
This Policy is applied to all employees and officers hired under the fixed-term employment contracts, top managers and members of Noventiq’s Board of Directors (“Employees”), as well as to all contractors, consultants, distributors, resellers and other representatives acting on behalf of Noventiq (“Business Partners”).
What is confidentiality?
According to our definition, “the information is considered to be confidential if it is: personal (irrespective of whether the information is about an employee or any other person); commercially significant; provided on a confidential basis; or the information, which unauthorized disclosure may entail adverse consequences for Noventiq, its partners and customers.
For the purpose hereof, “confidential information” shall, inter alia, include:
- Employees’ personal data files and other records;
- Commercial or official secrets;
- Identifiers and passwords of the IT system users; numbers of the documents issued by social protection authorities; contacts within the Company, banking and financial data; information on medical examinations, state of health, disability or special needs; information on insurance, benefits and wages;
- Information about Noventiq that has neither been published in open sources nor permitted to be disclosed, including, but not limited to, data on the budget, financial issues, negotiations, tenders and others;
- Negotiations about customers held between two or more employees;
- Meetings and talks about customers held with people who do not cooperate with Noventiq, including customer’s friends and relatives, where Non-Disclosure Consent has not been signed;
- Talks with any of the managers about customers, financial matters or company’s personnel, if such matters are beyond the Manager’s job duties or functions/areas of responsibility;
- Information classified as confidential under any other Noventiq’s policies, rules or provisions;
- Other information and documents that an employee should not disclose by virtue of his/her obligations.
Confidentiality Areas
To protect the confidential data, the following actions shall be taken:
- Safe-keeping of records that contain confidential data in a place, for which the Company establishes certain level of access on a case-by-case basis.
- Compliance with the internal rules for handling paper records that contain confidential data in order to avoid the risk of their leakage.
- “Clean Desk” Policy, i.e. the employee shall remove the documents from desk if he/she is going to be absent at the workplace for a long time, and lock the PC screen when leaving the workplace.
- Mandatory authorization when logging in the IT system.
- Use of special folders, not allowed for sharing, to store and transfer the confidential information.
- Compliance with internal rules when copying or sending confidential information by e-mail, fax, etc.
- Due care and personal liability of employees when transferring the confidential information in whatever form, including verbally.
- Making copies and duplicates of records that contain confidential information to protect them from damaging in case of any force majeure circumstances.
Responsibility
Management Responsibility
Responsibility of the managers is to ensure that:
- Their subordinates know about this Policy existence;
- Their subordinates understand this Policy;
- Their subordinates follow this Policy, no matter where they perform their job at any specific moment of time or use confidential information out of business hours;
- This Policy is respected at any workplace under their responsibility;
- All actions required to support employees in maintaining the confidentiality are taken.
The Company’s top managers undertake to ensure effectiveness of and to improve the confidentiality system.
Personal Responsibility
The Employees shall read and understand this Policy and follow its requirements. The Employees shall adhere to the Policy when working in Noventiq offices, in other places and from home.
The Employee may get access only to the confidential information that is needed directly to him, and shall treat any such information in accordance with the latest guidelines applied to the system in which it is stored. Confidential information may be transferred or disclosed only to those who should know it, and whose identity has been verified.
The Employee who violates the obligations listed in the preceding paragraphs shall be liable to the Employer under the legislation of the employee’s host country.
The Employees or freelancers who breach the confidentiality may be subjected to legal prosecution. Moreover, if it comes to:
- The employee, he/she shall be subjected to disciplinary actions, up to the employment agreement cancellation;
- The freelance contractor, his/her access to the confidential information shall be denied and the employment agreement and/or contract shall be immediately cancelled.
S.V. Chernovolenko,
Global CEO of Noventiq