Data Security Policy

Our Data Security Policy

Omnisient is in the process of being ISO27001 certified. This will enable us to deliver a secure data Platform and Software designed with the required features to adapt to Data Protection Legislation and to allow our clients to manage their data uploads and collaboration in compliance with the regulatory environment.

Definitions

“Client” means any user of the Platform, acting in a professional capacity, a legal entity under private/public law, or a physical person acting in a professional capacity, excluding persons acting in a consumer capacity. A legal entity shall be represented by a physical person, duly authorized for that purpose.

“CCPA” means the California Consumer Privacy Act and its Regulations.

“Confidential Information” means any information or data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is or ought reasonably to be identifiable as confidential and/or proprietary to the Disclosing Party and/or its

Affiliates and/or which is provided or disclosed in confidence, and which the Disclosing Party or any person acting on behalf of the Disclosing Party may disclose or provide to the Receiving Party or which may come to the knowledge of the Receiving Party by whatsoever means. Without limitation, the Confidential Information of the Disclosing Party shall include the following even if it is not marked as being ‘confidential’, ‘restricted’ or ‘proprietary’ (or any similar designation):

  • information relating to the Disclosing Party’s business activities, business relationships, products, services, processes, data, and Staff;
  • information contained in or constituting or relating to the Disclosing Party’s systems, machinery, hardware or software, networks, telecommunications services and facilities, including Third Party Products, and associated Material, and information or incidents concerning faults or defects therein;
  • the Disclosing Party’s commercial, financial and market information (including valuations and forecasts), methodologies, formulae and trade secrets;
  • the Disclosing Party’s technical and scientific information, demonstrations, plans, designs, drawings, processes, process maps, functional and technical requirements and specifications and the data relating thereto;
  • Intellectual Property that is proprietary to the Disclosing Party or that is proprietary to a third party, including but not limited to Third Party Products and data relating to the customers of the Disclosing Party; and
  • business process outsourcing knowledge of the Disclosing Party and information relating to the Disclosing Party’s current and existing strategic objectives, strategy documents and plans for both its existing and future information technology, processing, business processing and business process outsourcing;

Confidential Information excludes information or data which:

  • is lawfully in the public domain at the time of disclosure thereof to the Receiving Party; or
  • subsequently becomes lawfully part of the public domain by publication or otherwise; or
  • is or becomes available to the Receiving Party from a source other than the Disclosing Party which
  • is lawfully entitled without any restriction on disclosure to disclose such Confidential Information
  • to the Receiving Party; or
  • is disclosed pursuant to a requirement or request by operation of law, regulation or court order but then only to the extent so disclosed and then only in the specific instance and under the specific circumstances in which it is obliged to be disclosed;

provided that:

  • the onus shall at all times rest on the Receiving Party to establish that such information falls within such exclusions; and
  • the information disclosed will not be deemed to be within the foregoing exclusions merely because such information is embraced by more general information in the public domain or in a Party’s possession; and
  • any combination of features will not be deemed to be within the foregoing exclusions merely because individual features are in the public domain or in a Party’s possession, but only if the combination itself is in the public domain or in a Party’s possession;

The determination of whether the information is Confidential Information shall not be affected by whether or not such information is subject to or protected by, common law or statute related to copyright, patent, trademarks or otherwise; or which can be obtained by examination, testing, visual inspection or analysis, including without limitation, scientific, business or financial data, know-how, formulae, processes, designs, sketches, photographs, plans, drawings, specifications, sample reports, models, customer lists, price lists, studies, findings, computer software, inventions or ideas; or analyses, concepts, compilations, studies and other material prepared by or in possession or control of a Receiving Party, which contain or otherwise reflect or are generated from any such information as is specified in this definition.

“Competition Act” means the Competition Act 89 of 1998 as may be amended from time to time;

“Data Protection Legislation” means any data protection or privacy legislation that is in force and may be applicable to the Parties from time to time, such as the CCPA, GDPR and POPIA.

“Documentation” means any documentation, user manuals, any enhancements, modifications or upgrades thereto, which stipulates the usage guidelines, functional specifications and/or limitations of the Software and Services prepared, supplied and/or delivered by Omnisient to the Client pursuant to this Standard Terms and Conditions;

“GDPR” means the European Union General Data Protection Regulation 2016/679, and for the purpose of this Standard Terms and Conditions includes the UK Data Protection Act (DPA);

“Improvements” means any adaptation, change, development, enhancement or modification to any aspect of the Software and/or its related Intellectual Property.;

“Intellectual Property” means any intangible creation that is the product of human intellect and includes intellectual property rights derived therefrom, such as (without limitation) all rights in and to any know-how, methodologies, patents, copyright, moral rights designs, trademarks, trade names and domain names service marks, rights in get-up, rights in goodwill or to sue for passing off, source codes, inventions, computer software, data, database rights, rights in confidential information, trade secrets and rights of a similar character whether registered or capable of registration and all applications and rights to apply for the protection of any of the same anywhere in the world or other industrial or intellectual property rights, whether registered or not and whether or not capable of being registered and any application for any of the aforementioned;

“Licence” means the right to use the Software and the associated Intellectual Property in terms of the Standard Terms and Conditions and may be any one of the following: (i) Fremium which is an open license that ensures free access to data, and reuse of data without financial and restrictions other than copyright; (ii) a standard Platform and Software license for use of the Software; (iii) Customised license requiring specific terms prepared by our legal department with agreed variables concerning the conditions under which the Software may be used.

“Omnisient” means Omnisient (RF) (PTY) Ltd, registration number: 2014/187691/07 a company duly incorporated in accordance with the company laws of the RSA, and having its principal place of business situated at Unit 6 Block A, Queenspark Studios, 24 Queenspark Ave, Salt River, 7925 email: [email protected] ;

“Platform” means the Omnisient data collaboration platform consisting of the Omnisient Anonymization Tools for the onboarding of de-identified customer data and the Omnisient Web App for the management of data collaborations with other parties;

“POPIA” means the South African Protection of Personal Information Act 4 of 2013, as may be amended from time to time;

“Services” means the services accessible via the Licence, as specified in Annexure A of this Standard Terms and Conditions;

“Software” means the Platform, which makes available the Services to the Client, from the Effective Date, as well as any Improvements thereto, all of which shall be set out in this Standard Terms and Conditions and the Documentation from time to time;

“Standard Terms and Conditions” means

Data Protection

For the avoidance of doubt, Data Protection Legislation does not apply to any data submitted by the Client to the Platform to be processed;

The Client undertakes, within the scope of the Licence to install and run in its own environment the Software on all Personal Information to de-identify and anonymise the Personal Information prior to uploading of any data and information through the Omnisient Anonymisation App to the Platform so that such data no longer qualifies as Personal Information.

The terms below shall have the meanings as defined in Data Protection Legislation applicable to the Client, and cognate expressions shall have corresponding meanings:

“Data Subject” means the person to whom Personal Information relates, and includes both natural and juristic persons;

“Operator” means a person who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party;

“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and the birth of the person;

information relating to the education or the medical, financial, criminal or employment history of the person;

any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

the biometric information of the person;

the personal opinions, views or preferences of the person;

correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

the views or opinions of another individual about the person; and

the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person;

“Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:

the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

dissemination by means of transmission, distribution or making available in any other form; or

merging, linking, as well as restriction, degradation, erasure or destruction of information,

and “Process”, “Processes” and “Processed” shall have the corresponding meanings;

“Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.

The Parties agree that any breach of these provisions shall be considered a material breach of the Standard Terms and Conditions.

For purposes of Data Protection Legislation, Omnisient shall be an Operator mandated by the Client to Process Personal Information in terms of this Standard Terms and Conditions for purposes of rendering the Services to the extent that Personal Information is received by Omnisient as a result of the fail-safe mechanism in Omnisient’s Software identifying Personal Information in the Client’s data, and will comply with all requirements relating to Operators as prescribed by the Data Protection Legislation applicable to the Client.

Omnisient agrees that the Client will own the Personal Information at all times and agrees to Process Personal Information received from the Client as a result of this Standard Terms and Conditions in a manner that is adequate, relevant and not excessive for purposes of providing the Services as stated in this Standard Terms and Conditions and only as authorised and specified in terms of this Standard Terms and Conditions unless the Client provides written consent to Omnisient to Process the Personal Information for any other purpose.

Omnisient will not share Personal Information received in terms of this Standard Terms and Conditions with third parties without the Client’s written consent, after which Omnisient will enter into a written agreement with the further Operator/service provider that includes similar provisions as set out herein.

Omnisient will notify the Client where there are reasonable grounds to believe, within the discretion of Omnisient, that the Personal Information belonging to the Client has been accessed or acquired by any unauthorised person.

Omnisient warrants that it shall take appropriate technical and organisational measures to prevent loss of, damage to, unauthorised destruction of, or unauthorised access to Personal Information Processed on behalf of the Client in order to establish and maintain the security safeguards as required by Data Protection Legislation.

The Client hereby indemnifies and holds Omnisient harmless against any claim by or liability arising out of Omnisient’s performance of the Services and its other obligations in accordance with the terms of this Standard Terms and Conditions and any instructions given to it by the Client from time to time, to the extent that such claims do not arise as a result of Omnisient’s wilful and/or negligent acts or omissions.

Unless otherwise agreed, Omnisient shall permanently destroy, delete or return all Personal Information inadvertently received from the Client as a result of this Standard Terms and Conditions immediately upon becoming aware of it and shall inform Client accordingly; or at any time requested by the Client should Client becomes aware of such an incident.

Where the Client provides Omnisient with Personal Information, albeit by accident, the Client guarantees its consent and indemnifies Omnisient from any claim, harm, damage or loss suffered as a result of Omnisient having, Processing or providing this Personal Information of or relating to other parties to a third party in rendering the Services to the Client.

In addition to the above undertakings:

each Party is responsible for complying with its respective obligations under applicable Data Protection Legislation governing the collecting, Processing and sharing of Personal Information and will, by its actions or omissions, not place the other Party in breach of any Data Protection Legislation; and

each Party undertakes to implement measures to detect and/or prevent unauthorised access to its information technology systems and particularly in respect of protecting the integrity of and preventing unauthorised access to any Confidential Information and Personal Information which such a Party may have in its possession or control.

The Client may, on reasonable notice, investigate the steps that Omnisient is taking to comply with any applicable Data Protection Legislation relating to the Processing of Personal Information of the Client. The cost of any such investigation shall be at the expense of the Client. Omnisient shall co-operate with any investigation initiated and shall give the independent investigator reasonable and timeous access to Omnisient’s premises and any necessary documentation or other information requested by such third party. Any investigation shall be on reasonable written notice to Omnisient and shall as far as possible not impact the business operations of Omnisient.

The Parties warrant that they shall fully comply with any relevant statutory obligations contained in Data Protection Legislation, with which they further warrant that they are fully conversant with, and when Processing Personal Information within the scope of this Standard Terms and Conditions.