Privacy Policy

Confidentiality:

During the term of this Agreement and two (2) months thereafter the Consultant undertakes to keep confidential sensitive information relating to the Client’s business or affairs where such information has been identified as confidential by the Client (“Confidential Information”).

The Consultant shall not make use of such Confidential Information for purposes outside the scope of the Services without the prior written consent by the Client. The provisions of this Section 5.2 shall not apply to information that; (a) is or becomes public knowledge otherwise than through the Consultant’s breach of this confidentiality undertaking; or (b) was obtained by the Consultant from a third party having no obligation of confidentiality with respect to such information; or (c) can be shown to be known by the Consultant by written records made prior to disclosure by the Client; or (d) in such circumstances where a competent court or law requires disclosure of Confidential Information.

Consultant shall take reasonable steps to maintain the confidentiality of the  Confidential Information and protect it from unauthorized use or disclosure. Consultant shall use Confidential Information only for the purpose of performing the Services or other obligations under this Agreement. Both during the term of this Agreement and at all times after this Agreement expires or terminates for any reason, Consultant shall not, without the prior written consent of client (customer) use Confidential Information for any other purpose or disclose Confidential Information to any third party.

Personal Data Protection

Consultant is responsible for ensuring its compliance with any applicable data protection laws  related to its services, including but not limited to, General Data Protection Regulation (GDPR), UK-GDPR, Protection of  Personal Information (POPI) Act. To the extent Consultant processes any personal data who is the Controller, as defined by applicable data protection laws, Consultant shall: (a) act only on instructions from client when processing personal data and keep records of all processing activities; (b) take all appropriate technical and organizational measures to protect against unauthorized or unlawful processing of, or accidental loss, destruction, or damage to, personal data; (c) process personal data in accordance with the applicable data protection laws; (d) not do or permit anything to be done which might cause client or any of its affiliates to be in violation of applicable data protection laws; (e) immediately inform client if it believes performance of the services or compliance with any client instruction violates or might reasonably be considered to violate any applicable data protection laws; (f) immediately notify client of receipt of any complaint, data subject access request, notice, or communication which relates directly or indirectly to the processing of personal data under this Agreement, and provide full co-operation and assistance to client in responding to such complaint, request, notice, or communication; (g) notify client promptly and without undue delay upon becoming aware of any unauthorized loss, corruption, damage, destruction, alteration, disclosure, or access to, or unauthorized or unlawful processing of, any personal data (“Personal Data Breach”), or any circumstances that are likely to give rise to a Personal Data Breach, timely providing client with sufficient information for it to meet its obligation, if any, to report a Personal Data Breach under applicable data protection laws; (h) cooperate to take commercially reasonable steps as may be directed to assist in the investigation, mitigation, and remediation of any Personal Data Breach; (i) cooperate as requested to enable it to comply with any exercise by a data subject of rights under applicable data protection laws with respect to personal data processed by Consultant under this Agreement, or to comply with any assessment, inquiry, notice, or investigation under applicable data protection laws; (j) only permit a third party sub-processor to process personal data subject to client’s prior written consent and provided that the sub-processor’s contract includes terms that are substantially the same as those set out in this section; and (k) not transfer, permit a third-party processor to transfer, or allow access to personal data outside the country with restrictions on transferring data to another country without client’s prior written consent, subject to any conditions that the client may impose, at its sole discretion.