Data Ownership & Non-Disclosure Policy
Issued by Teknocrat Pty Ltd (“Company”) for the information of the potential Free Trial and or Commercial User (“Client”)
The purpose of this Policy is to clearly state the Company’s responsibilities related to Saas Support and Consulting Services (“Services”) performed by Company personnel in relation to any platform, product and or service provided by the Company for use, testing, consideration of use and or participation incommercial use, by the Client.
Services may include processing of Client Data on Company controlled servers and or externally controlled (cloud based) .
This document is a Company policy designed to clearly delineate the Company’s processes and commitments to the protection of:
(i) The Client’s data
(ii) The confidentiality of the Client’s data
(iii) The ownership of the Client’s data, by the Client
– This document is a Policy designed to allow the exploration between the Client and the Company of the Client’s potential participation in a free trial and or commercial use of the Company’s proprietary SaaS platform
– Before entering into any formal commencement by the Client into a free trial, commercial use and or commercial use participation, the following documents must first be mutually executed by both the Client and the
(i) No Obligation Commercial Use Participation Agreement
(ii) Mutual Non-Disclosure Agreement
And in the event that the Client chooses to use the Company’s platform and or products and or services for commercial purposes:
(iii) Software As A Service (SaaS) Agreement
Any specific clauses executed in agreements and or written communications
made between the Client and the Company after the release of this Policy to
the Client, may supersed specific content within this Policy if so mutually
agreed in writing by both parties.
Data Ownership and Non-Disclosure Policy (DONDP) for Support & Consulting
Between Teknocrat Pty Ltd (“Company”) and the Client (“Client”)
1. Purpose and definitions of the DONDP
The purpose of this DONDP is to regulate the Company’s processing, storage, return and or (if requested by the Client) deletion of Data and or Personal Data on behalf of the Client whilst providing Support & Consulting Services related to Company products, platforms and or services.
This DONDP prescribes the Company’s processes in order to ensure that all Processing of Data and or Personal Data is conducted in compliance with applicable local and or data protection legislation.
Processing of Data and or Personal Data (as defined below) is subject to requirements and obligations pursuant to applicable local law. Relevant data protection legislation will include local data protection legislation and the
present EU- Regulation 2016/679 dated April 27th, 2016. The parties agree to
amend this DONDP to the extent necessary due to any mandatory new requirements following from any locally legislated and or EU Regulation
“Data” shall mean any internal information relating to the Client, its
operations, its processes, its employees, its suppliers, its consultants, its
proprietary or potentially market sensitive activities and or any other data
provided to the Company by the Client that may reasonably be deemed to be
the Client’s intellectual property and or data / information.
“Data and or Personal Data” shall mean any information relating to an
identified or identifiable legal entity and or natural person, as further defined in
applicable local law and EU- Regulation 2016/679.
“Processing” of Data and or Personal Data shall mean any use, operation or
set of operations which is performed upon Data and or Personal Data,
whether or not by automatic means, such as collection, transfer, storage,
alteration, disclosure as further defined in applicable local law and EURegulation
2. Company’s responsibilities
The Company shall comply with all provisions for the protection of Data and or
Personal Data set out in this DONDP and in applicable data protection legislation with relevance for processing of Data and or Data and or Personal Data.
The Company shall comply with the instructions and routines issued by the Client in relation to the processing of Data and or Personal Data.
2.2 Restrictions on use
The Company shall only use Data and or Personal Data on, and in accordance with, the instructions from the Client. The Company shall not use Data and or Personal Data without a prior written agreement with the Client or without written instructions from the Client beyond what is necessary to fulfil its obligations towards the Client under this Policy.
2.3 Information Security
The Company shall by means of planned, systematic, organizational and technical measures ensure appropriate information security with regard to confidentiality, integrity, and accessibility in connection with the processing of Data and or Personal Data in accordance with the information security provisions in applicable data protection legislation.
The measures and documentation regarding internal control shall be made available to the Client upon request.
2.4 Discrepancies and data breach notifications
Any use of the information systems and the Data and or Personal Data not compliant with established routines, instructions from the Client or applicable data protection legislation, as well as any security breaches, shall be treated as a discrepancy.
The Company shall have in place routines and systematic processes to follow up discrepancies, which shall include re-establishing of the normal state of affairs, eliminating the cause of the discrepancy and preventing its recurrence.
The Company shall immediately notify the Client of any breach of this DONDP
or of accidental, unlawful or unauthorized access to, use or disclosure of Data
and or Personal Data, or that the Data and or Personal Data may have been
compromised or a breach of the integrity of the Data and or Personal Data.
The Company shall provide the Client with all information necessary to enable
the Client to comply with applicable data protection legislation and enabling
the Client to answer any inquiries from the applicable data protection authorities. It is the Client`s responsibility to notify the applicable Data Protection Authority of discrepancies in accordance with applicable law.
The Company shall keep confidential all Data and or Personal Data and other
confidential information provided to the Company by the Client of a business, employee, supplier, process and or any other information that may be deemed market sensitive, proprietary or in any way reasonably identifiable as the Client’s data.
The Company shall ensure that each member of the staff of the Company,
whether employed or a hired consultant, having access to or being involved with
the Processing of Data and or Personal Data (i) undertakes a duty of
confidentiality and (ii) is informed of and complies with the obligations of this
DONDP. The duty of confidentiality shall also apply for no less than 2 years
after termination of any SaaS Agreement or this DONDP.
3. Term and termination of the Client and Company relationship
This Policy shall be effective from the date it is issued by the Company to the
Client with the Client’s business details affixed and until the Company’s obligations in relation to Client Use Policies is terminated, except for provisions that continue to apply after such termination.
For Services performed for Clients not having an active SaaS Agreement, an
Addendum to this Policy must be made to describe the circumstances and define the Termination clause, which normally will be when a specific Service
4. Client Ownership Of Data
Upon termination of this DONDP, the Data and or Personal Data/data shall be
returned to facilitate the Client’s further use of the Data and or Personal Data/data if the Client requests so. The Company shall first return and subsequently delete from its own controlled (internally or externally) servers all Data and or Personal Data. The Company (and its sub-contractors) shall immediately stop the processing of Data and or Personal Data from the date stipulated by the Client unless otherwise stipulated if an SaaS Agreement is in place to supersede this condition.
4.2 Deletion Of Data
As an alternative to returning the Data and or Personal Data (or other data),
the Client may, at its sole discretion, instruct the Company in writing, that all or
parts of the Data and or Personal Data (or other data) shall be deleted by the
Company, unless the Company is prevented by mandatory law from deleting the Data and or Personal Data.
4.3 No Data Retention By Company
The Company has no right to keep a copy of any data provided by the Client
in relation to this DONDP in any format, and all physical and logical access to such Data and or Personal Data or other data shall be deleted.
The Company shall provide the Client with a written declaration whereby the Company warrants that all Data and or Personal Data or other data mentioned above has been returned or deleted according to the Client’s instructions and
that the Company has not kept any copy, print out or kept the data on any
The parties shall amend this DONDP upon relevant changes in applicable law.
The Company reserves the right to make amendments to the terms and
conditions of this Policy with 4 months prior notice. All Clients will be informed
of such amendments by email or through the information being made available on the Company’s websites, Trust Center or Client Community. If the Client does not agree with any amendments to the terms of this DONDP it will be afforded the opportunity to voice and or have this addressed by the Company, unless this is otherwise dealt with via a mutually executed SaaS Agreement.
5. Scenarios for access to Client data
Data and or Personal Data will be processed only to the extent necessary to
provide the required Services, i.e. to fulfill a Task Description or a Support
Request issued by Client.
Access to Client Data is performed in 3 different scenarios as described
Scenario 1. Access to Client Data via Consultant present at Client
location Client Data is stored and processed on Client controlled servers. The
Company Consultant connects to the Clients computers/servers through a
Client-owned computer or his/her own computer. Data and systems are
accessed real time and no Client data is copied onto any device not accepted
and controlled by Client.
This process consists of these steps:
1. The Client representative provides the Company Consultant with access
credentials to Client network and relevant systems.
2. The Company Consultant performs the task at hand.
3. The Company Consultant logs out of all Client systems and leaves the
4. If Client Data is copied onto the computer owned by the Company
Consultant, the Client representative may supervise the process of deleting
all Client Data from Consultant’s computer before leaving the premises. If
Client and Company Consultant agrees, the Client data can reside on the
Consultant Computer when leaving the premises if this is beneficial for
completing the Service.
5. The Client representative removes the Company Consultant’s access
credentials to Client network/systems.
Scenario 2. Access to Client Data via a Remote Access Tool Client Data is stored and processed on Client controlled servers. The Company Consultant connects to Clients computers to access database/Client data via a Remote Access Tool. Data and systems are accessed real time and no Client data is copied onto any device not accepted and controlled by Client. For clarity: Company Consultant is not present in Client’s location, but is located externally (i.e. in a Company office location).
This process consists of 6 steps:
1. The Company Consultant invites the Client representative to start a Remote
Access Tool session through an email.
2. The Client representative accepts the invitation and provides the Company
Consultant with access to the Client network and relevant systems.
3. The Company Consultant performs the task at hand.
4. The Client removes the Consultant’s access to the Client data.
5. The Client removes the Consultant’s access to the computer by closing the
Remote Access Tool.
6. The Company Consultant sends confirmation: “Data is no longer
Scenario 3. Access to Client Data on Company controlled servers Client Data is stored and processed on Company controlled servers. When it is beneficial for the purpose of performing a Consultancy Task or Support Request, the Client Data can be transferred and stored on Company controlled servers. The transfer of Client Data is performed in a secure process.
This process consists of 6 steps:
1. The Client will export and transfer Client Data from Client to Company in a
secure channel provided by Company.
2. The Client Data is stored on secure Company servers.
3. The Company Consultant performs the task at hand.
4. If relevant; Client Data is transferred from Company and back to Client in a
5. Company deletes all Client Data and relevant credentials to access the
6. Company Consultant sends confirmation: “Data is no longer accessible”.