LEGAL

Last updated: March 2022

Privacy Policy

Version no: 1

Last updated: March 2022

Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.

 

1.     Background

1.1.      Laboremus understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website. We do not collect personal data about you unless you contact us. Any personal data we do collect will only be used as permitted by law.

 

1.2.     Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this PrivacyPolicy is deemed to occur upon your first use of this website at which point your acceptance is requested.

 

1.3.     If you do not accept and agree with this Privacy Policy, you must stop using our website immediately.

 

1.4.     The use of our website is possible without any indication of personal data, although data processing may occur once a user goes forward to use specific services offered on the website thus disclosing certain data. If data processing is necessary, we generally obtain consent from the data subject. This shall be in compliance with the DataProtection and Privacy Act, 2019.

 

1.5.     Although we have taken every prudent step to ensure that data is processed fairly and transparently, there are may be data that is transferred to us through alternative means such as by telephone calls and the user takes personal responsibility to ensure transferred data safety.

 

 

2.     Name and Data Processor

2.1.     Processor for the purposes of the Data Protection and Privacy Act, 2019 is Laboremus Uganda Limited of Phone number:  +256 751 069 277 and email of the Data Protection Officer: isabel@laboremus.ug or hello@laboremus.ug

 

3.     Cookies

3.1.     The Internet pages of Laboremus uses cookies. Cookies are text files that are stored in a computer system via an Internet browser. You may find out more in our cookies policy.

 

4.    Collection of general data and information

4.1.     Laboremus website collects a series of general data and information when a data subject or automated system calls up the website.

4.2.    This general data and information are stored in the server log files.

4.3.    The processed data includes:

4.3.1.   the person’s name;

4.3.2.  surname;

4.3.3.  gender;

4.3.4.  identity document number;

4.3.5.  personal code (if it is issued);

4.3.6.  number (i.e., national identification number) (if it is issued);

4.3.7.  birth date;

4.3.8.  identity document expiry date;

4.3.9.  identity document issued date ((if it is issued);

4.3.10. identity document photograph(s);

4.3.11.  face photograph(s);

4.3.12. citizenship/nationality;

4.3.13. client id;

4.3.14. identification date and method;

4.3.15. IP address;

4.3.16. device fingerprint (“user agent”).

 

4.4.   Processed information is needed to;

4.4.1.   deliver the content of our website correctly;

4.4.2.  optimize the content of our website as well as its advertisement;

4.4.3.  ensure the long-term viability of our information technology systems and website technology, and

4.4.4. provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack;

4.4.5.  provide products and services for our clients and fulfill the agreement conditions between the Parties.

 

5.     How do we use your personal data?

5.1.     In furtherance to the processing of data in clause 4 above, we use your data for the necessary performance of a contract with you and because you have consented to the use of your personal data or because it is in our legitimate business interests to use it. Your personal data may also be used for the following purposes;

5.1.1.    Providing and managing your account;

5.1.2.   Providing and managing access to our site;

5.1.3.   Personalizing and tailoring your experience on our site;

5.1.4.   Supplying our services to you. Your personal details are required in order for us to enter into a contact with you;

5.1.5.   We may also use your personal data for marketing purposes, which may include contacting you one mail, telephone, text message, or any other means, with information, news, and offers on services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection and Privacy Act, 2019, and you will always have the opportunity to opt out.

 

6.    Why we collect this information to;

6.1.     Identify you;

6.2.    Locate you;

6.3.    Improve the service such as saving common destinations;

6.4.   Connect services like"send" and "share" with your contacts;

6.5.    For product research and development;

6.6.   To provide measurement and analytics;

6.7.    Communicate with you (share marketing communications on our products);

6.8.   Generally, improve your user experience

 

7.     Data processing place

7.1.     Laboremus stores data until retention only in Uganda.

7.2.    In some extra cases data can be sent outside Uganda to countries with equivalent data protection safeguards as Uganda.

 

8.    Registration on our website

8.1.     The data subject has the possibility to register on the website of the controller with an indication of personal data. Personal data is transmitted to the controller by the respective input mask used for the registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller, and for their own purposes. The controller may request transfer to one or more processors that also uses personal data for an internal purpose which is attributable to the controller.

 

8.2.    By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses.

 

8.3.    Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal investigations.

8.4.   The registration of the data subject with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

 

8.5.    Laboremus acts as a Data Processor when dealing with website visitors’ collected data. Laboremus as a Data processor will cooperate with Data Controller to ensure that the data controller at any time could provide information upon request to each data subject as to what personal data are stored about the data subject.

  

9.    Contact possibility via the website

9.1.     The website of Laboremus contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general e-mail address. If Laboremus as a Data processor receives a request from the Data Subject, the obligation of Laboremus is to transfer such a request to be considered.

 

10.  Disclosing personal data

10.1.   We may disclose or share your Personal Information with third parties which include our affiliates, employees, officers, service providers, agents, suppliers, subcontractors as may be reasonably necessary for the purposes set out in this policy.

 

10.2.  We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or enforceable governmental request, enforce applicable Terms of Service, including investigation of potential violations thereof, detect, prevent, or otherwise address fraud, security or technical issues, or protect against imminent harm to the rights, property or safety of Laboremus, its users or the public as required or permitted by law.

 

 

11.    Routine erasure and blocking of personal data

11.1.    The data processor shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as is permitted under the Data Protection and Privacy Act, 2019.

 

11.2.   If the storage purpose is not applicable, or if a storage period prescribed by the Data Protection andPrivacy Act, 2019 or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

 

12.   Principles of data protection

12.1.   Be accountable to the data subject for data controlled, processed, held or used;

12.2.  Collection and processing of data fairly and lawfully;

12.3.  Collection, processing use or holding data adequately relevant and not excessive or unnecessary personal data;

12.4.  Retain personal data for the period authorized by law for which data is required;

12.5.  Ensure quality of information collected, processed or held;

12.6.  Ensure transparency of the personal data collected, processed, used or held;

12.7.   To observe security safeguards in respect of that data.

 

13.   Rights of the data subject

13.1.   Right of confirmation. Each data subject shall have the right granted under the Data Protection and Privacy Act, 2019 to obtain from Laboremus as the controller the confirmation as to whether or not personal data concerning them is processed. If a data subject wishes to avail themselves of this right of confirmation, they may at any time contact Laboremus at the address provided in this policy.

 

13.2.  Right of access. Each data subject shall have the right granted by Ugandan law to obtain from the controller free information about their personal data stored at any time and a copy of this information. Furthermore, the Data Protection and Privacy Act, 2019 provides that a data subject may have access to the following information:

13.2.1.  confirmation of whether Laboremus holds personal data about the data subject;

13.2.2. a brief description of personal data held by data controller;

13.2.3. provide the identity of at hird party or category of a third party who has had access to the information;

13.2.4. Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer;

13.2.5. If a data subject wishes to avail themselves of this right of access, they may, at any time, contact theData Protection Officer and Laboremus as Data Processor will act accordingly with all known information.

 

13.3.  Right to rectification. Each data subject shall have the right under the Data Protection and PrivacyAct, 2019, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them.

 

13.4.  Right to erasure (Right to be forgotten). Each data subject shall have the right granted under the Data Protection andPrivacy Act, 2019 to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay where the personal data is no longer necessary in relation to the purposes for which it is collected or otherwise processed.

13.4.1. The right to erasure also arises where the data subject withdraws consent to which the processing is based according to the Data Protection and Privacy Act, 2019.

13.4.2. A data subject who wishes to request the erasure of personal data stored by Laboremus as explained in this clause may at any time contact the Personal Data Protection Officer to ensure that the erasure request is complied with within a reasonable time.

 

 

13.5.  Right of restriction of processing. Each data subject shall have the right granted under the Data Protection and Privacy Act, 2019 to obtain from the controller restriction of processing where one of the following applies:

13.5.1.  The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

13.5.2. The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead of the restriction of their use instead;

13.5.3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.

13.5.4. If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by Laboremus, they may at any time contact the Data Protection Officer to arrange the restriction of the processing.

13.6.  Right to object– Each data subject shall have the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.

13.6.1. Laboremus shall no longer process the personal data in the event of the objection, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

 

14.   Data processing for direct marketing purposes

14.1.   Should Laboremus process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Laboremus processing for direct marketing purposes, Laboremus shall no longer process the personal data for these purposes.

 

14.2.  Automated individual decision-making, including profiling – Each data subject may have the right granted by the Data Protection and Privacy Act, 2019 to, upon a notice in writing in data controller for any decision taken by and on behalf of the data controller which significantly affects the data subject is not based solely on the processing by automatic means of personal data in respect of that data subject.

  

14.3.  Right to withdraw data protection consent – Each data subject shall have the right granted by the Data Protection and Privacy Act, 2019 to withdraw their consent to the processing of his or her personal data at any time. If the data subject wishes to exercise the right to withdraw their consent, they may at anytime, contact the Data Protection officer at Laboremus Uganda.

 

15.   Legal basis for the processing

15.1.   The Data Protection and Privacy Act, 2019 serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the activities as communicated by Laboremus to the data subject, then the processing is based on the Data Protection and Privacy Act, 2019.

 

15.2.  The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

 

 

16.   Period for which the personal data will be stored

16.1.   The criteria used to determine the period of storage of personal data is the respective statutory retention period for the respective personal data collected. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

 

16.2.  The Data Protection Officer is the existing Legal Officer at Laboremus Uganda.

Terms & Conditions

Version no: 1

Last updated: March 2022

Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.

 

1.              Background

1.1             These Terms and Conditions, together with any and all other documents referred to herein, set out the terms of use under which you may use this website, https://www.laboremus.ug/.  Please read these Terms and Conditions carefully and ensure that you understand them.

1.2            Your agreement to comply with and be bound by these Terms and Conditions is deemed to occur upon your first use of Our Site.  If you do not agree to comply with and be bound by these Terms and Conditions, you must stop using Our Site immediately.

2.             Information About Us

2.1            Our Site, https://www.laboremus.ug/ is owned and operated by Laboremus Uganda Limited, a limited liability company registered in Uganda whose main trading address is Plot 57B, Luthuli Avenue, Bugolobi, Kampala, Uganda.

3.             Access to Our Site

3.1            Access to Our Site is free of charge.

3.2           It is your responsibility to make any and all arrangements necessary in order to access Our Site.

3.3           Access to Our Site is provided “as is” and on an “as available” basis.  We may alter, suspend or discontinue Our Site (or any part of it) at any time and without notice.  We will not be liable to you in any way if Our Site (or any part of it) is unavailable at any time and for any period.

4.             Intellectual Property Rights

4.1            All Content included on Our Site and the copyright and other intellectual property rights subsisting in that Content, unless specifically labelled otherwise, belongs to or has been licensed byUs.  All Content is protected by applicable Ugandan law and its ratified treaties.

4.2           Subject to this clause, you may not reproduce, copy, distribute, sell, rent, sub-licence, store, or in any other manner re-use Content from Our Site unless given express written permission todo so by Us.

4.3           You may:

4.3.1         Access, view and use Our Site in a web browser (including any web browsing capability built into other types of software or app);

4.3.2        Download Our Site (or any part of it) for caching;

4.3.3        Print a copy of any pages from Our Site;

4.3.4        Download extracts from pages on Our Site; and

4.3.5        Save pages from Our Site for later and/or offline viewing.

4.4           Our status as the owner and author of theContent on Our Site (or that of identified licensors, as appropriate) must always be acknowledged.

4.5           You may not use any Content saved or downloaded from Our Site for commercial purposes without first obtaining a licence from Us (or our licensors, as appropriate) to do so.

4.6           This does not prohibit the normal access, viewing and use of Our Site for general information purposes whether by business users or consumers.

5.             Links to Our Site

5.1.1          You may link to Our Site provided that:

5.1.1.1       You do so in a fair and legal manner;

5.1.1.2      You do not do so in a manner that suggests any form of association, endorsement or approval on Our part where none exists;

5.1.1.3      You do not use any logos or trademarks displayed on Our Site without Our express written permission; and

5.1.1.4      You may not link to Our Site from any other site the main content of which contains material that:

5.1.1.5      is sexually explicit;

5.1.1.6      is obscene, deliberately offensive, hateful or otherwise inflammatory;

5.1.1.7      promotes violence;

5.1.1.8      promotes or assists in any form of unlawful activity;

5.1.1.9      discriminates against, or is in any way defamatory of, any person, group or class of persons, race, sex, religion, nationality, disability, sexual orientation, or age;

5.1.1.10    is intended or is otherwise likely to threaten, harass, annoy, alarm, inconvenience, upset, or embarrass another person;

5.1.1.11      is calculated or is otherwise likely to deceive another person;

5.1.1.12     is intended or otherwise likely to infringe (or threaten to infringe)another person’s right to privacy;

5.1.1.13     misleadingly impersonates any person or otherwise misrepresents the identity or affiliation of a particular person in a way that is calculated to deceive;

5.1.1.14     implies any form of affiliation with Us where none exists;

5.1.1.15     infringes, or assists in the infringement of, the intellectual property rights (including, but not limited to, copyright, trademarks and database rights) of any other party; or

5.1.1.16     is made in breach of any legal duty owed to a third party including, but not limited to, contractual duties and duties of confidence.

5.1.2         The content restrictions in these terms of use do not apply to content submitted to sites by other users provided that the primary purpose of the site accords with the provisions of these terms of use.  You are not, for example, prohibited from posting links on general-purpose social networking sites merely because another user may post such content. You are, however, prohibited from posting links on websites which focus on or encourage the submission of such content from users.

6.             Links to Other Sites

6.1.1          Links to other sites may be included on OurSite.  Unless expressly stated, these sites are not under Our control.  We neither assume nor accept responsibility or liability for the content of third-party sites.  The inclusion of a link to another site on Our Site is for information only and does not imply any endorsement of the sites themselves or of those in control of them.

7.             Disclaimers

7.1.1          Nothing on Our Site constitutes advice on which you should rely.  It is provided for general information purposes only.  

7.1.2         Insofar as is permitted by law, we make no representation, warranty, or guarantee thatOur Site will meet your requirements, that it will not infringe the rights of third parties, that it will be compatible with all software and hardware, or that it will be secure.

7.1.3         We make reasonable efforts to ensure that the Content on Our Site is complete, accurate, and up-to-date.  We do not, however, make any representations, warranties or guarantees (whether express or implied) that the Content is complete, accurate, or up-to-date.

8.             Our Liability

8.1            To the fullest extent permissible by law, We accept no liability to any user for any loss or damage, whether foreseeable or otherwise, in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising out of or in connection with the use of (or inability to use) Our Site or the use of or reliance upon any Content included on Our Site.

8.2           To the fullest extent permissible by law, We exclude all representations, warranties, and guarantees (whether express or implied) that may apply to Our Site or any Content included on Our Site.

8.3           Our Site is intended for non-commercial use only. If you are a business user, We accept no liability for loss of profits, sales, business or revenue; loss of business opportunity, goodwill or reputation; loss of anticipated savings; business interruption; or for any indirect or consequential loss or damage.

8.4           We exercise all reasonable skill and care to ensure that Our Site is free from viruses and other malware.  We accept no liability for any loss or damage resulting from a virus or other malware, a distributed denial of service attack, or other harmful material or event that may adversely affect your hardware, software, data or other material that occurs as a result of your use of Our Site (including the downloading of any Content from it) or any other site referred to on Our Site.

8.5           We neither assume nor accept responsibility or liability arising out of any disruption or non-availability of Our Site resulting from external causes including, but not limited to, ISP equipment failure, host equipment failure, communications network failure, natural events, acts of war, or legal restrictions and censorship.

8.6           Nothing in these Terms and Conditions excludes or restricts Our liability for fraud or fraudulent misrepresentation, for death or personal injury resulting from negligence, or for any other forms of liability which cannot be excluded or restricted by law.

9.             Viruses, Malware and Security

9.1            We exercise all reasonable skill and care to ensure that Our Site is secure and free from viruses and other malware.

9.2           You are responsible for protecting your hardware, software, data and other material from viruses, malware, and other internet security risks.

9.3           You must not deliberately introduce viruses or other malware, or any other material which is malicious or technologically harmful either to or via Our Site.

9.4           You must not attempt to gain unauthorised access to any part of Our Site, the server on which Our Site is stored, or any other server, computer, or database connected to Our Site.

9.5           You must not attack Our Site by means of a denial-of-service attack, a distributed denial of service attack, or by any other means.

9.6           By breaching the provisions of this clause, you may be committing a criminal offence under the Computer Misuse Act,2011.  Any and all such breaches will be reported to the relevant law enforcement authorities and We will cooperate fully with those authorities by disclosing your identity to them. Your right to use Our Site will cease immediately in the event of such a breach.

10.           Acceptable Usage Policy

10.1           You may only use Our Site in a manner that is lawful.  Specifically:

10.2          you must ensure that you comply fully with any and all local, national or international laws and/or regulations;

10.3          you must not use Our Site in any way, or for any purpose, that is unlawful or fraudulent;

10.4         you must not use Our Site to knowingly send, upload, or in any other way transmit data that contains any form of virus or other malware, or any other code designed to adversely affect computer hardware, software, or data of any kind; and

10.5          you must not use Our Site in any way, or for any purpose, that is intended to harm any person or persons in any way.

10.6          We reserve the right to suspend or terminate your access to Our Site if you materially breach the provisions of this Clause 10 or any of the other provisions of these Terms and Conditions. Specifically, We may take one or more of the following actions:

10.6.1       suspend, whether temporarily or permanently, your right to access Our Site;

10.6.2      issue you with a written warning;

10.6.3      take legal proceedings against you for reimbursement of any and all relevant costs on an indemnity basis resulting from your breach;

10.6.4      take further legal action against you as appropriate;

10.6.5      disclose such information to law enforcement authorities as required or as We deem reasonably necessary; and/or

10.6.6      any other actions which We deem reasonably appropriate (and lawful).

10.7          We hereby exclude any and all liability arising out of any actions (including, but not limited to those set out above)that We may take in response to breaches of these Terms and Conditions.

11.             Privacy and Cookies

11.1            Use of Our Site is also governed by Our Cookie Policy and Privacy Policy.  These policies are incorporated into these Terms and Conditions by this reference.

12.            Changes to these Terms and Conditions

12.1           We may alter these Terms and Conditions at any time.  Any such changes will become binding on you upon your first use of Our Site after the changes have been implemented.  You are therefore advised to check this page from time to time.

12.2          In the event of any conflict between the current version of these Terms and Conditions and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.

13.            Contacting Us

13.1           To contact Us, please email Us at hello@laboremus.ug or using any of the methods provided on Our contact page at https://www.laboremus.ug/contact-us

14.            Communications from Us

14.1           If We have your contact details, We may from time to time send you important notices by email.  Such notices may relate to matters including, but not limited to, service changes and changes to these Terms and Conditions.

14.2          We will never send you marketing emails of any kind without your express consent. If you do give such consent, you may opt out at any time.  Any and all marketing emails sent by Us include an unsubscribe link.  If you opt out of receiving emails from Us at any time, it may take up to 2 business days for Us to comply with your request. During that time, you may continue to receive emails from Us.

14.3          For questions or complaints about communications from Us (including, but not limited to marketing emails), please contact Us at hello@laboremus.ug or via https://www.laboremus.ug/contact-us

15.            Data Protection

15.1           All personal information that We may use will be collected, processed, and held in accordance with Uganda's DataProtection and Privacy Act, 2019.

15.2          For complete details of Our collection, processing, storage, and retention of personal data including, but not limited to, the purpose(s) for which personal data is used, the legal basis or bases for using it, details of your rights and how to exercise them, and personal data sharing (where applicable), please refer to our Cookie Policy and Privacy Policy.

16.            Law and Jurisdiction

16.1           These Terms and Conditions, and the relationship between you and Us (whether contractual or otherwise) shall be governed by, and construed in accordance with the law of Uganda.  

 

Acceptable use policy

Version no: 1

Last updated: March 2022

Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.

 

INTRODUCTION

This Policy sets out the obligations of Laboremus Uganda Limited (“the Company”), a company incorporated in Uganda under registration number 164360, whose registered office is Plot 57B, Luthuli Avenue Bugolobi, Kampala Uganda, regarding the constraints and practices that a user must agree to for access to a Laboremus Network, and the ancillary resources used to access or connect to such networks, in accordance with the Data Protection and Privacy Act, 2019 (“DPPA”).

For further information on other aspects of data protection and compliance with theDPPA, please refer to the Company’s Data Policies that can be found here https://www.laboremus.ug/legal

 

You can also contact our Data Protection Officer(“DPO”);

  • Data Protection Officer: Isabel Twongyeirwe Muhangi
  • Email address: isabel@laboremus.ug
  • Telephone number: +256782587368

SECTION 1:  

ACCEPTABLE USE

Personnel are responsible for complying with Laboremus policies when using Laboremus information resources. If requirements or responsibilities are unclear, please seek assistance from the Laboremus’ DPO.

 

Personnel must promptly report harmful events or policy violations involving Laboremus assets or information to their contact at Laboremus, who shall then alert a member of the IT management Team in accordance with the IT Incident process. Events include, but are not limited to, the following:

I.               Technology incident: any potentially harmful event that may cause a failure, interruption, or loss in availability to Laboremus’ Information resources.

II.              Data incident: any potential loss, theft, or compromise of Laboremus information.

III.             Unauthorized access incident: any potential unauthorized access to Laboremus’ information resources.

IV.            Facility security incident: ant damage or potentially unauthorized access to a Laboremus owned, leased, or managed facility.

V.             Policy violation: any potential violation to this or other Laboremus policies, standards, or procedures.

 

Personnel should not purposely engage in activities that may:

I.               Harass, threaten, impersonate, or abuse others.

II.              Degrade the performance of Laboremus Information resources.

III.             Deprive authorized Laboremus personnel access to a Laboremus Information resource.

IV.            Obtain additional resources beyond those allocated or,

V.             Circumvent Laboremus computer security measures.

Personnel should not download, install, or run security programs or utilities that reveal or exploit weakness in the security of a system. For example, personnel should not run password cracking programs, packet sniffers, port scanners, or any other non-approved programs on any Laboremus Information resource.

All inventions, intellectual property, and proprietary information, including reports, drawings, blueprints, software codes, computer programs, data, writings and technical information, developed by Laboremus are the property of Laboremus.

Personnel are expected to cooperate with incident investigations, including any state investigations.

Personnel are expected to respect and comply with all legal protections provided by patents, copyrights, trademarks and intellectual property rights for any and all software and/or materials viewed, used, or obtained using Laboremus information resources.

 

SECTION 2:

ACCESS MANAGEMENT

Access to information is based on a “need to know”. 

Personnel are permitted to use only those network and host addresses issued to them by Laboremus and should not attempt to access any data or programs contained on Laboremus systems for which they do not have authorization or explicit consent.

All remote access connections made to internal Laboremus networks and/or environments must be made through approved, and Laboremus-provided, VirtualPrivate Networks (VPNs).

Personnel should not divulge any access information to anyone not specifically authorized to receive such information, including IT support personnel.

Personnel must not share their personal authentication information, including:

i.               Account passwords

ii.              Personal Identification Numbers (PINs)

iii.             Security Tokens

iv.             Multi-factor authentication information

v.              Access cards and/or keys

vi.             Digital certificates

vii.            Similar information or devices used foridentification and authentication purposes.

 

Accesscards and/or keys that are no longer required must be returned to physicalsecurity personnel.

 

Lost ofstollen access cards, security tokens and/or keys must be reported to physicalsecurity personnel as soon as possible.

 

 

SECTION 3

AUTHENTICATION/PASSWORDS

All personnel are required to maintain the confidentiality of personal authentication information.

Any group/shared authentication information must be maintained solely among the authorized members of the group.

All passwords, including initial and/or temporary passwords, must be constructed, and implemented according to the following rules:

i. Must meet all requirements according to Laboremus’ Password Policy to conform to the following standards:- contain at least three of the five following character classes:

(a)   Lowercase characters

(b)  Uppercase characters

(c)   Numbers

(d)  Punctuation

(e)   Special characters

And contain at least eight to fifteen alphanumeric characters.

 

ii.              Must not be easily tied back to the account owner by using known information such as social security numbers, nicknames, relative’s names, birth dates, etc.

iii.             Must not be the same passwords used for non-business purposes.

Unique passwords should be used for each system, whenever possible.

User account passwords must not be divulged to anyone. Laboremus support personnel and/or contractors should never ask for user account passwords.

If the security of a password is in doubt, the password should be changed immediately.

Personnel should not circumvent password entry with application remembering, embedded scripts or hard coded passwords in client software.

Security tokens must be returned on demand or upon termination of the relationship with Laboremus, if issued.

SECTION 3:

CLEAR DESK/CLEAR SCREEN

Personnel should log off from applications or network services when they are no longer needed.

Personnel should log off or lock their workstations and laptops when their workspace is unattended.

Confidential or internalinformation should be removed or placed in a locked drawer or file cabinet whenthe workstation is unattended and at the end of the workday if physical accessto the workspace cannot be secured by other means.

File cabinets containing confidential information should be locked when not in use or when unattended.

Physical and/or electronic keys used to access confidential information should not be left on an unattendeddesk or in an unattended workspace if the workspace itself is not physicallys ecured.

Passwords must not be posted on or under a computer or in any other physically accessible location.

Copies of documents containing confidential information should be immediately removed from printers and fax machines.

SECTION 4

DATA SECURITY

Personnel should use approved encrypted communication methods whenever sending confidential information over the internet.

Confidential Information transmitted through mail services must be secured in compliance with Laboremus’ Data Security Policy.

Only authorized cloud computing applications may be used for sharing, storing and transferring confidential or internal information.

Information must be appropriately shared, handled, transferred, saved and destroyed, based on the information sensitivity.

Personnel should not have confidential conversations in public places or over insecure communication channels, open offices and meeting places.

Confidential information mustbe transported either by an employee or a courier approved by IT management.

All electronic media containing confidential information must be securely disposed.

SECTION 5

EMAIL AND ELECTRONIC COMMUNICATION

Auto-forwarding electronic messages outside the company internal systems is prohibited.

Electronic communications should not misrepresent the originator or Laboremus.

Personnel are responsible for the accounts assigned to them and for the actions taken with their accounts.

Accounts must not be shared, without prior authorization from the Laboremus IT Management Team.

Employees should not use personal email accounts to send or receive confidential information.

Any personal use of Laboremus provided emails, should not:

i.               Involve solicitation

ii.              Be associated with any political entity

iii.             Have the potential to harm the reputation of Laboremus

iv.             Forward chain emails

v.              Contain or promote anti-social or unethical behavior

vi.             Violate local or international laws or regulations.

vii.            Result in unauthorized disclosure of confidential information.

viii.           Or otherwise violate any other Laboremus policies.

Personnel should only send confidential information using approved secure electronic messaging solutions.

Personnel should use caution when responding to, clicking on links within, or opening attachments included in electronic communications.

Personnel should use discretion in disclosing confidential or internal information in automated responses, such as employment data, internal telephone numbers, location information or other sensitive data.

SECTION 6

HARDWARE AND SOFTWARE

All hardware must be formally approved by IT management before being connected to Laboremus networks.

Software installed on Laboremus equipment must be approved by IT management and installed by Laboremus IT personnel.

All Laboremus assets taken off-site should be physically secured at all times.

Employees should not allow family members or other non-employees to access Laboremus Information resources.

SECTION 7

INTERNET

The internet must not be used to communicate confidential or internal information unless the confidentiality and integrity of the information is ensured and the identity of the recipient is established.

Use of the internet with Laboremus networking or computing resources must only be used for business-related activities. Unapproved activities include, but are not limited to:

i.               Recreational games

ii.              Streaming media

iii.             Personal social media

iv.             Accessing or distributing pornographic or sexually oriented materials

v.              Attempting or making unauthorized entry to any network or computer accessible from the internet.

vi.             Or otherwise violate any other Laboremus policies.

Access to the internet from outside the Laboremus network, using a Laboremus owned computer must adhere to all of the same policies that apply to use from within Laboremus facilities.

 

SECTION 8

MOBILE DEVICES

The use of a personally owned mobile device to connect to the Laboremus network is a privilege granted to employees only upon formal approval of IT management.

All personally owned laptops and/or workstations must have approved virus and spyware detection/protection software along with personal firewall protection, active.

Mobile devices that access Laboremus email must have a PIN or other authentication mechanism enabled.

Confidential Information should only be stored on devices that are encrypted in compliance with Laboremus’ encryption standard.

Confidential Information should not be stored on any personally owned mobile device.

Theft or loss of any mobile device that has been used to create, store, or access confidential or internal information must be reported to the Laboremus IT Management team immediately.

All mobile devices must maintain up-to-date versions of all software and applications.

All personnel are expected to use mobile devices in an ethical manner.

Jail-broken or rooted devices should not be used to connect to Laboremus information resources.

In the event that there is a suspected incident or breach associated with a mobile device, it may be necessary to remove the device from the personnel’s possession as part of a formal investigation.

All mobile device usage in relation to Laboremus information resources may be monitored, at the discretion of Laboremus IT management.

Laboremus IT support for personally owned mobile devices is limited to assistance in complying with this policy.

Use of personally owned devices must be in compliance with all other Laboremus Policies.

Laboremus reserves the right to revoke personally owned mobile devices use privileges in the event that personnel do not abide by the requirements set forth in this policy.

SECTION 9

PHYSICAL SECURITY

Personnel must badge in and out of access-controlled areas. Piggy-backing, tailgating, door propping and anyother activity to circumvent door access controls are prohibited.

Visitors accessing card-controlled areas of facilities must be accompanied by authorized personnel at all times.

Eating or drinking are not allowed in data centers. Caution must be used when eating or drinking near workstations or information processing facilities.

SECTION 10

PRIVACY

Laboremus may log, review and otherwise utilize any information stored on or passing through its information resources.

Systems Administrators, Laboremus IT, and other authorized Laboremus personnel may have privileges that extend beyond those granted to standard business personnel. Personnel with extended privileges should not access files and/or other information that is not specifically required to carry out an employment related task.

SECTION 11

REMOVABLE MEDIA

The use of removable media for storage of Laboremus information must be supported by a reasonable explanation.

All removable media use must be approved by Laboremus IT prior to use.

Personally owned removable media use is not permitted for storage of Laboremus information.

Personnel are not permitted to connect removable media from an unknown origin without prior approval from Laboremus.

Confidential and internal Laboremus information should not be stored on removable media without the use of encryption.

All removable media must be stored in a safe and secure environment.

The loss or theft or are movable media device that may have contained any Laboremus information must be reported to Laboremus.

 

SECTION 12

SECURITY TRAINING AND AWARENESS

All new personnel must complete an approved security awareness training session prior to, or at least within 30days of, being granted access to any Laboremus Information resources.

All personnel must be provided with an acknowledge they have received and agree to adhere to the Laboremus Information Security Policies before they are granted access to Laboremus Information resources.

All personnel must complete the annual security awareness training.