Global Confidentiality Policy (PCG)
Policy
Information is one of the main assets in organizations and in personal life. Therefore, it is important to keep it safe and protected in the right way. Information security refers to the protection and retention of data. The information is called confidential when, according to its nature, it is not public and therefore cannot be disclosed to third parties since its disclosure may cause various damages to Nub8 (as well as its clients), as well as commercial, financial, or legal damages. Access made both
by people and by the different systems must be duly authorized and controlled.
Confidential information (as defined later in this policy), is information of a critical nature that must be handled, secured, and protected in a special way, unlike information of a public nature that can be published without restrictions since the latter can be of general knowledge.
It is therefore necessary for Nub8 and its business units to define criteria to classify the confidentiality of the information. The methodologies and procedures defined in this Global
Confidentiality Policy (PCG), which seek to protect the confidentiality of Nub8 information at a global level, have as their main objective to create awareness of responsibility in the people who have access to Nub8 information.
1. Objective
The objective of this PCG is to define the levels of confidentiality and establish the standards for the handling, storage and security of information in Nub8 at a global level that directors and other officers, regular employees, fixed-term employees, temporary employees or workers, part-time and full-time workers, workers on assignment, contractors (and their subcontractors), anyone directly or indirectly related to Nub8, and all entities and organizations linked to Nub8 by a domain relationship or whose management, by any other title, is the responsibility of Nub8 (hereinafter the “Nub8 Personnel”) must comply with confidentiality. Another objective of this PCG is to define plans for regular training and dissemination on the issues of managing the confidentiality of information in Nub8, as well as establishing roles and those responsible for managing the confidentiality of information.
2. Scope of Application
This PCG links to Nub8 Personnel defined at the beginning of this document. The confidentiality of the information applies both to physical information (e.g. on paper) and to digital or electronic files and data. The rules contained in this PCG are mandatory for all Nub8 Personnel.
3. Definitions
Confidential Information: is all information expressed and published in any way (including, but not limited to, in written, verbal, oral, visual, or electronic form, or on tape or disk) related to the Projects and Trade Secrets. It also includes Protected Data, meaning any administrative data, customer data, financial data, support data, telemetric data and personal data that are handled or processed by any owner.
Non-Confidential Information: Information is not Confidential Information when (a) the information is, or subsequently becomes, public knowledge for reasons other than the direct result of unauthorized disclosure and breach of this GCP; or (b) it can be established that the information came from a source unrelated to Nub8 or its business units, and that such a source is not subject to an obligation of confidentiality with respect to such information.
Business Secrets: (a) is any invention or process or practice that Nub8 or any of its business units uses or studies that is not described in any literature that Nub8 or its business units globally publishes and distributes externally and that is not available for review about any of the commercially available services or procedures of Nub8 and/or its business units and/or its clients (the “Clients”); (b) is any engineering, technical, product specification, including, without limitation, those characteristics to be used or the use that is contemplated in one of the future services or processes of Nub8 and/or its business units and/or its Clients; and (c) is any formula, machine, fabrication, manufacturing method, or process that Nub8 and/or its business units employ, whether patentable or not, that is not generally known to Nub8 ‘s competitors or that is used by and known
only to Nub8 and those Nub8 Personnel whom they have relied on to achieve its intended use and which gives Nub8 an advantage over its competitors, who do not know of their use.
The Trade Secrets of Nub8 and/or its business units and/or its clients will also have all the protections and benefits available under applicable law in each of its jurisdictions of incorporation.
If any information that Nub8 and/or its business units consider to be a Business Secret and is not declared by a court of competent jurisdiction to be a business secret under applicable law, then such information will be considered Confidential Information for purposes of this PCG.
4. General Rules and Standards
Nub8 at a global level and during its activities and business, explores and manages potential projects, potential and current businesses, in which Nub8 Personnel may be involved, and for which it receives information of any kind, including but without limitation, Business Secrets and labor, financial and corporate information of Nub8, of its clients, of its partners and in general of its businesses and commercial activities (the “Projects”).
The following are the standards that Nub8 Personnel must adhere to:
a) Keep Confidential Information confidential.
b) Not to disclose, publish or communicate Confidential Information to any third party.
c) Make use of the Confidential Information entirely and exclusively in connection with the projects and not use any or all the Confidential Information for any other purpose.
d) Adhere to and comply with the other terms and conditions established in this PCG.
e) Ensure that any person to whom the Confidential Information is disclosed is aware in advance of the confidentiality obligations under this PCG.
f) Return Confidential Information to Nub8 or its business units, when they request the return of said information for any reason, including any of its physical or electronic copies.
g) Except as required by law, regulation, or professional duty, destroy Confidential Information when requested by Nub8 or its business units for any reason and to confirm such destruction in writing.
h) Treat and safeguard all Confidential Information as private and confidential, and ensure its appropriate and secure physical (locked) or digital storage (with encryption mechanisms, keys, passwords) and prevent its disclosure to third parties or even to Nub8 Personnel Not authorized.
i) Transmit Confidential Information to other Nub8 Personnel only if it is necessary for the business or the Projects, based on the Need-to-Know Basis principle.
j) Keep the computer desktop clean based on the principle of Clean Desk.
k) Make copies of the Confidential Information only when strictly necessary for the development of the Projects and the day-to-day business of Nub8.
Only Nub8 Personnel may disclose Confidential Information:
a) In accordance with what is expressly established in this PCG.
b) As established by law and regulations, including the request of a court of competent jurisdiction or government entity or regulatory authority, always considering that, in the event of a Nub8 disclosure, Nub8 will have to cooperate in good faith regarding the timing and content of such disclosure.
a) Reporting, Interpretation and Compliance
b) This PCG is the one established by Nub8 and Nub8 Personnel must respect and comply with its content in the exercise of their activities. Failure to comply may bring legal and disciplinary consequences for Nub8 Personnel who fail to comply. Nub8 Personnel must immediately report and consult with any member of the Legal & Compliance Department in person or by email at [email protected], whenever they have any questions about this PCG or if they have any doubts or concerns. The Legal & Compliance Department oversees dealing with concerns and queries related to any matter developed in this PCG.
c) Revision of the Guidelines
Nub8 will periodically review, correct and/or modify the content of this PCG