Internal Rules: Difference between revisions

From Secure Group Wiki
Jump to navigation Jump to search
Line 867: Line 867:
* You shall undertake to destruct any information carriers (on paper and electronically), containing personal data, according to the Procedure for due destruction of personal data, adopted in the Company.
* You shall undertake to destruct any information carriers (on paper and electronically), containing personal data, according to the Procedure for due destruction of personal data, adopted in the Company.
* You shall be acquainted with and accept the Internal Employment Rules, approved by the Employer.
* You shall be acquainted with and accept the Internal Employment Rules, approved by the Employer.
== Employee Confidentiality Policy ==
=== Policy brief & purpose ===
This policy explains what's the appropriate and ethical behavior when it comes to confidential data we use in our Company.
=== Scope ===
This policy applies to all employees who have access to confidential information.
=== Policy Elements ===
Confidential and proprietary information is secret, valuable, expensive and/or easily replicated. Common examples of confidential information are:
* Unpublished financial information
* Data of Customers/Partners/Vendors
* Patents, formulas or new technologies
* Customer lists (existing and prospective)
* Data entrusted to our company by external parties
* Pricing/marketing and other undisclosed strategies
* Documents and processes explicitly marked as confidential
* Unpublished goals, forecasts, and initiatives marked as confidential
=== Procedure ===
==== What employees can do ====
* Lock or secure confidential information at all times
* Shred confidential documents when they’re no longer needed
* Make sure they only view confidential information on secure devices
* Only disclose information to other employees when it’s necessary and authorized
* Keep confidential documents inside our company’s premises unless it’s absolutely necessary to move them
==== What employees can't do ====
* Use confidential information for any personal benefit or profit
* Disclose confidential information to anyone outside of our company
* Replicate confidential documents and files and store them on insecure devices
* Share source code to any external parties
* Maintain personal relations with former employees, suppliers and/or clients that have on-going litigation with Secure Group
* Maintain personal relations with former employees that were dismissed because of severe immoral behavior
==== Confidentiality Measures ====
Measures to ensure that confidential information is well protected:
* Store and lock paper documents
* Encrypt electronic information and safeguard databases
* Keep our source code secure on your workstation or in our version control system (Bitbucket, Gerrit, Harbor)
* Ask employees to sign non-compete and/or non-disclosure agreements (NDAs)
* Ask for authorization by senior management to allow employees to access certain confidential information
==== Exceptions ====
Confidential information may occasionally have to be disclosed for legitimate reasons. Examples are:
* If a regulatory body requests it as part of an investigation or audit
* If our company examines a venture or partnership that requires disclosing some information (within legal boundaries)
* In such cases, employees involved should document their disclosure procedure and collect all needed authorizations. We’re bound to avoid disclosing more information than needed.
=== Policy Violation ===
In case the employee does not follow this policy, the following action will be taken:
* Disciplinary action: if a minor violation
* Corrective Action Plan ([[CAP]]): if a severe violation
* Termination of Employment and legal action: if an extremely severe violation
We’ll investigate every breach of this policy. We’ll terminate any employee who willfully or regularly breaches our confidentiality guidelines for personal profit. We may also have to punish any unintentional breach of this policy depending on its frequency and seriousness. We’ll terminate employees who repeatedly disregard this policy, even when they do so unintentionally. This policy is binding even after the separation of employment.


=== Procedure ===
=== Procedure ===

Revision as of 08:03, 23 January 2020

Internal Rules

Employee Probationary Period

Policy brief & purpose

This policy clarifies the rules, conditions, and expectations for employees during their probationary period.

Scope

This policy applies to all employees of our Company. The Company will make an effort to ensure that its hiring procedures serve the purpose of recruiting the best employees for each open position. The probation period gives both employees and employers enough time to find out if their new employment relationship will eventually work out to the benefit of both.

Policy Elements

Employees on Probation

Those who can be placed in an employee probationary period include the following

  • New employees
  • Current employees who are promoted to another position, including but not only when it comes to a position of higher responsibility

The length of the probationary period is up to 6 months. It will be clearly stated in the employment contract. uring the probation period, the parties shall have all rights and duties as under a final employment contract. In the probation period not included in the time during which the employee has been on statutory leave, or has not performed the work for which the contract has been concluded for other valid reasons. An employment contract with a probation period with the same employee of the Company for the same position may be concluded only once.

Meaning of the Probation Period

The probationary period is the time between signing an employment contract and being granted final employment status – i.e. till the employment contract signed is considered concluded for indefinite period of time or, as the case may be, concluded for the fixed period of time set forth in the contract (in case of a fixed-term contract with probation period). It is a “trial period” during which the employee is being evaluated as a suitable fit for the position and the Company. A trial period clause may be envisaged in contracts concluded for an unlimited period of time as well as in fix term contracts. The respective employee who is under probation period will be given consistent feedback and coaching to have the chance to learn their new job and improve during the probationary period.

Before the end of the probation period, the manager will determine if the employee should be retained in the organization. This decision will be made by appraising the following criteria:

  • The skills, competencies, and knowledge of the employee on the job
  • The employee’s progress on given assignments
  • Their reliability, trustworthiness and other relevant personality characteristics of the employee
  • The employee’s relations and collaboration with subordinates, supervisors, and peers

However, the Company does not have the duty to justify its decision to retain or not the employee.

Procedure

  • If the employee is deemed unsuitable while on a probationary period, the employee may be terminated without the minimum prior notice mandated by law or provided for in the individual employment contract.
  • Termination may occur before the ending of the probationary period.
  • The employee will be officially notified in writing for the decision to terminate them.
  • Employees may still have to be dismissed for various reasons, after the end of the probationary period. In such cases, the company will follow labor law, legal guidelines and its own separation of employment policy.

Policy violation

In case the employee does not comply with the conditions of our Probationary Period, the following action will be taken:

  • Termination of Employment

Employee Code of Conduct

Policy brief & purpose

As an employee, you are responsible to behave appropriately at work. This policy outlines our expectations towards employee's conduct. We can’t cover every single case of conduct, but we trust you to always use your best judgment. Reach out to your manager or HR if you face any issues or have any questions.

Scope

This policy applies to all employees.

Dress Code

Policy Elements

These dress code rules always apply:

  • All employees must be clean and well-groomed.
  • All clothes must be work-appropriate. Clothes that are typical in workouts and outdoor activities aren’t allowed.
  • All clothes must project professionalism. Clothes that are too revealing or inappropriate aren’t allowed.
  • Our company’s official dress code is Casual.
  • If you frequently meet with clients or prospects, please conform to a more formal dress code. We expect you to be clean when coming to work and avoid wearing clothes that are unprofessional (e.g. workout clothes, too short or too revealing).

As long as you conform with our guidelines above, we don’t have specific expectations about what types of clothes or accessories you should wear.

Policy Violation

In case the employee does not follow the Dress Code, the following action will be taken:

  • Disciplinary action


Cybersecurity and digital devices

Take security seriously: Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. We can all contribute to this by being vigilant and keeping cybersecurity top of mind.

Policy Elements

There are guidelines for using computers, phones, our internet connection, and social media to ensure security and protect our assets. This category, as an exception, applies to all our employees, contractors and anyone who has permanent or temporary access to our systems and hardware.

Confidential data

Confidential data is secret and valuable. Common examples are:

  • Unpublished financial information
  • Data of customers/partners/vendors
  • Patents, formulas or new technologies
  • Customer lists (existing and prospective)

All employees are obliged to protect this data. In this category, we will give our employees instructions on how to avoid security breaches

Protect personal and company devices

When employees use their digital devices to access company emails or accounts, they introduce security risks to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:

  • Keep all devices password protected.
  • Ensure they do not leave their devices exposed or unattended.
  • Log into company accounts and systems through secure and private networks only.
  • Avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. We use a password management tool that generates and stores passwords. Employees are obliged to create a secure password for the tool itself, following the abovementioned advice.

Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our System Administrators for help.
  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.
  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
  • Report scams, privacy breaches and hacking attempts.

Our System Administrators need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our System Administrators must investigate promptly, resolve the issue and send a companywide alert when necessary.

Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.
  • Report stolen or damaged equipment as soon as possible to HR and Employee Experience Expert
  • Change all account passwords at once when a device is stolen.
  • Report a perceived threat or possible security weakness in company systems.
  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
  • Avoid accessing suspicious websites.
  • We also expect our employees to comply with our social media and internet usage policy.

Our System Administrators will:

  • Install firewalls, anti-malware software, and access authentication systems.
  • Arrange for security training to all employees.
  • Inform employees regularly about new scam emails or viruses and ways to combat them.
  • Investigate security breaches thoroughly.
  • Follow these policies provisions as other employees do.
Remote employees

Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards, and settings, and ensure their private network is secure. We encourage them to seek advice from our System Administrators.

Policy Violation

In case the employee does not follow the Cybersecurity measures, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

If we suspect employees are engaged in suspicious or unethical activities, we reserve the right of investigating any sort of communication that occurred inside the Company's facilities or through the Company's devices.


Internet usage

Policy elements
What is appropriate employee internet usage?

Our employees are advised to use our company’s internet connection for the following reasons:

  • To complete their job duties.
  • To seek out information that they can use to improve their work.
  • We expect our employees to remain productive at work while using the internet.
  • Any use of our network and connection must follow our confidentiality and data protection policy.
What is inappropriate employee internet usage?

Our employees must not use our network to:

  • Browse, download or upload obscene, offensive or illegal material.
  • Send confidential information to unauthorized recipients.
  • Invade another person’s privacy and sensitive information.
  • Download or upload copyrighted material and software.
  • Visit potentially dangerous websites that can compromise the safety of our network and computers.
  • Perform unauthorized or illegal actions, like hacking, fraud, buying/selling illegal goods and more.

We also advise our employees to be careful when downloading and opening/executing files and software. If they’re unsure if a file is safe, they should ask the System Administrators. Employees must not deactivate or configure anti-virus settings and firewalls without managerial approval. We won’t assume any responsibility if employee devices are infected by malicious software, or if their personal data are compromised as a result of inappropriate employee use.

Company-issued equipment

We expect our employees to respect and protect our company’s equipment. “Company equipment” in this computer usage policy for employees includes company-issued phones, laptops, tablets, and any other electronic equipment, and belongs to our company. We advise our employees to lock their devices in their desks when they’re not using them. Our employees are responsible for their equipment whenever they take it out of their offices.

Policy Violation

In case the employee does not follow the Internet usage measures, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment and legal action: if a severe violation

Examples of severe violations are:

  • Using our internet connection to steal or engage in other illegal activities.
  • Causing our computers to be infected by viruses, worms or other malicious software.
  • Sending offensive or inappropriate emails to our customers, colleagues or partners.


Cellphone

Policy elements

We allow the use of cell phones at work. Personal phone use is allowed for not more than 2 mins. This is to make sure you can take phone calls in case of an emergency related to your family. You must not get distracted from your work. You must not disturb the other people in the room by making personal phone calls. You need to always make them on your break. Employees use company-issued phones for business purposes only and preserve them in perfect condition.

We won’t allow employees to:

  • Play games on the cell phone during working hours.
  • Use their cell phone’s camera or microphone to record confidential information.
  • Use their phones in areas where cell use is explicitly prohibited
  • Speak on their phones within earshot of colleagues’ working space during working hours.
  • Download or upload inappropriate, illegal or obscene material on a company cell phone using a corporate internet connection.
Policy Violation

Our company will monitor employees for excessive or inappropriate use of their cell phones. If an employee’s phone usage causes a decline in productivity or interferes with our operations, we’ll ban that employee from using their cell phones during working hours and the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Examples of severe violations are:

  • Cause a security breach.
  • Violate our confidentiality policy.


Corporate e-mail

Policy Elements

Corporate emails are powerful tools that help employees in their jobs. Employees should use their company email primarily for work-related purposes. We will define what constitutes appropriate and inappropriate use.

Inappropriate use of company email

Our employees represent our company whenever they use their corporate email address. They must not:

  • Sign up for illegal, unreliable, disreputable or suspect websites and services.
  • Send unauthorized marketing content or solicitation emails.
  • Register for a competitor’s services unless authorized.
  • Send insulting or discriminatory messages and content.
  • Intentionally spam other people’s emails, including their coworkers.

Our company has the right to monitor and archive corporate emails.

Appropriate use of the corporate email

Employees are allowed to use their corporate email for work-related purposes without limitations to:

  • Communicate with current or prospective customers and partners.
  • Log in to purchased software they have legitimate access to.
  • Give their email address to people they meet at conferences, career fairs or other corporate events for business purposes.
  • Sign up for newsletters, platforms and other online services that will help them with their jobs or professional growth.
Email security

Email is often the medium of hacker attacks, confidentiality breaches, viruses, and other malware. These issues can compromise our reputation, legality, and security of our equipment. Employees must always be vigilant to catch emails that carry malware or phishing attempts. We instruct employees to:

  • Avoid opening attachments and clicking on links when content is not adequately explained (e.g. “Watch this video, it’s amazing.”)
  • Be suspicious of clickbait titles.
  • Check the email and names of unknown senders to ensure they are legitimate.
  • Look for inconsistencies or style red flags (e.g. grammar mistakes, capital letters, an excessive number of exclamation marks.)

If an employee isn’t sure that an email they received is safe, they can ask our System Administrators.

Email signature

We encourage employees to use the email signature from Secure Group that exudes professionalism and represents our company well. Employees dealing with sales and executives, who represent our company to customers and stakeholders should pay special attention to how they close emails.

Policy Violation

In case the employee does not follow the Corporate email measures, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Examples of severe violations are:

  • Using a corporate email address to send confidential data without authorization.
  • Sending offensive or inappropriate emails to our customers, colleagues or partners.
  • Using a corporate email for illegal activity.


Social media

Policy Elements

We want to provide practical advice to prevent the careless use of social media in our workplace. We address two types of social media use:

  • Using personal social media at work
  • Representing our company through social media.
Using personal social media at work

You are permitted to access your personal accounts at work. But, we expect you to act responsibly, according to our policies and ensure that you stay productive. Specifically, we ask you to:

  • Discipline yourself. Avoid getting sidetracked by your social platforms.
  • Ensure others know that your personal account or statements don’t represent our company. For example, use a disclaimer such as “opinions are my own.”
  • Avoid sharing intellectual property (e.g trademarks) or confidential information. Ask your manager before you share company news that’s not officially announced.
  • Avoid any defamatory, offensive or derogatory content. You may violate our company’s anti-harassment policy if you direct such content towards colleagues, clients or partners.
Representing our company through social media

We expect you to protect our company’s image and reputation. Specifically, you should:

  • Be respectful.
  • Avoid speaking on matters outside your field of expertise when possible.
  • Follow our confidentiality and data protection policies and observe laws governing copyrights, trademarks, plagiarism, and fair use.
Policy Violation

We manage and monitor all social media postings on our corporate accounts. In case the employee does not follow the Social Media measures, the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Examples of non-conformity with the employee social media policy include but are not limited to:

  • Disregarding job responsibilities and deadlines to use social media
  • Disclosing confidential information through personal or corporate accounts
  • Directing offensive comments towards other members of the online community


Conflict of Interest

Policy Elements

Conflict of interest may occur whenever an employee’s interest in a particular subject may lead them to actions, activities or relationships that undermine the company and may place it to disadvantage.

What is an employee conflict of interest?

This situation may take many different forms that include, but are not limited to, conflict of interest examples:

  • Employees’ ability to use their position with the company to their personal advantage
  • Employees engaging in activities that will bring direct or indirect profit to a competitor
  • Employees owning shares of a competitor’s stock
  • Employees using connections obtained through the company for their own private purposes
  • Employees using company equipment or means to support an external business
  • Employees acting in ways that may compromise the company’s legality

When an employee understands or suspects that a conflict of interest exists, they should bring this matter to the attention of management so corrective actions may be taken. Managers must also keep an eye on potential conflicts of interest of their subordinates. The responsibility of resolving a conflict of interest starts with the immediate manager and may reach senior management. All conflicts of interest will be resolved as fairly as possible. Senior management has the responsibility for the final decision when a solution can not be found. In general, employees are advised to refrain from letting personal and/or financial interests and external activities come into opposition with the company’s fundamental interests.

Policy Violation

In case the employee does not follow the Conflict of interest measures, the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation


Employee relationships

Policy Elements
Before you date a colleague

Before you decide to date a colleague, please consider any problems or conflicts of interest that may arise. For example, if you’re working with a colleague on an important project, a relationship between the two of you (or a possible breakup) could affect your work.

When you begin dating a colleague

HR won’t get involved in your private lives and will always be discrete. You don’t need to tell us if you go on a few dates with a colleague or become involved, as long as there’s no disruption in the workplace or your own work. Also, make sure to:

  • Keep your personal issues and discussions out of the workplace.
  • Be productive and focused as always.
Acceptable behavior

Our workplace is still a professional setting. We expect our employees to treat each other with respect and avoid hindering other people’s work. If you want to express your romantic interest in a colleague, don’t do anything that may embarrass or expose them and always respect their time and choices. If a colleague is persistent in flirting with you and becomes annoying or disturbs your work, ask them to stop and inform your manager if they continue. Please report them to HR if they make unwanted sexual advances. Sexual harassment is prohibited, including seemingly harmless actions.

Policy Violation

In case the employee does not follow the Employee relationship measures, the following actions will be taken: Corrective Action Plan (CAP)


Workplace measures

Policy Elements
Visitors
  • You cannot have personal visits to your workplace.
  • You cannot bring family members at your workplace.
  • You can always meet family members in case of an emergency on your break out of the office space.
  • Pets are not allowed in the office.
Workplace code
  • Food at the workplace is not allowed unless it is a snack.
  • You cannot eat your breakfast or lunch at your desk.
  • You must have your breakfast and lunch in the cafeteria.
  • You must bring your coffee mugs and water cups to the kitchen sinks at the end of the day.
  • Every day you must check the windows and AC in your room to be switched off and closed.
  • You must leave your workplace clean at the end of your workday.
  • You are responsible for keeping your desk organized and free from any non-related working items
Policy Violation

In case the employee does not follow the Employee relationship measures, the following actions will be taken: Disciplinary action(see page 66) if minor violation Corrective Action Plan (CAP)(see page 69) if a severe or frequent violation


Solicitation and Distribution

Policy Elements

Solicitation is any form of requesting money, support or participation for products, groups, organizations or causes which are unrelated to our company. These include but are not limited to:

  • Seeking funds or donations for a non-profit organization
  • Asking for signatures for a petition
  • Selling merchandise or services
  • Requesting support for a political candidate
  • Engaging in religious proselytism

We prohibit the solicitation of any kind such as:

  • Selling goods for personal profit.
  • Requesting support or funding for political campaigns.
  • Unauthorized posting of non-work related material on company bulletin boards.
  • Solicitation or distribution of non-business literature.
  • Proselytizing others to any religious groups.
  • Employees may refer to any questions or doubts to the Office Manager.
Policy Violation

In case the employee does not follow the Employee relationship measures, the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe or frequent violation

Severe violations include but are not limited to:

  • Soliciting in our workplace during working hours for illegitimate reasons.
  • Making colleagues uncomfortable by being overly persistent.
  • Distributing material that contains hate or other offensive speech.
  • Embezzling or mishandling donations by other employees for events or causes.


Substance Abuse and Drug Testing Policy

Policy brief & purpose

Secure Group is a drug and alcohol-free environment because we value the health and safety of all of your employees. We understand that any employee that may be working under the influence of alcohol or drugs could injure himself or other employees. We also believe that alcohol or drug impairment impacts all aspects of an employee’s life negatively. These negative impacts, such as broken families, cannot help but flow over into the workplace and manifest as absenteeism, lower productivity, and damaged relationships. This policy has the objective of explaining what are the measures that we take to avoid any substance or drug abuse.

Scope

All employees must abide by the provisions of this policy.

Policy Elements

Illegal drugs, prescription as well as over-the-counter drugs fall into the “substances” category. We also place restrictions on alcohol consumption. While working, it's extremely forbidden to:

  • Possess, use or be under the influence of alcohol or drugs. You can consume alcohol in moderation while in approved business meetings or social gatherings.
  • Sell, buy, transfer or distribute drugs.
  • Abuse prescription drugs while at work.

Procedure

If there's any suspicion about drug or alcohol abuse in the workplace, we will ask the relevant employee to leave the office and to return the next day if there's a condition for that. Here are instances that constitute reasonable suspicion:

  • Abnormal behavior.
  • Physical evidence of drugs and alcohol or observation (including odors.)
  • Patterns of failing to complete a task due to confusion or disorientation.
  • Reports from colleagues that an employee admitted to using drugs, was seen using drugs or was shown to be under the influence at work.

If you see that your prescription drugs unexpectedly affect your senses, thinking or movements, please ask for time off. To ensure we enforce this policy, we ask managers to keep detailed, verifiable records of drug-related incidents, behaviors or reports.

Policy violation

In case the employee does not follow this policy, the following action will be taken:

  • Corrective Action Plan (CAP): if a minor violation
  • Termination of Employment(see page 63): if a frequent or severe violation

Note that if you become inebriated and behave inappropriately towards colleagues, customers or stakeholders, we will terminate your contract immediately.


Employee Attendance and Working Hours Policy

Policy brief & purpose

This policy explains what are the criteria for employees attendance and which actions should be taken in case the working hours are not completed.

Scope

This policy applies to all employees that are hired under a full-time contract. The employees working in shifts are not eligible for this policy.

Policy Elements

Working hours

Our employees work five days a week under the conditions of 8-hours working day. You can take advantage of the Flexible Working Time opportunity, which allows you to start work between 08.00 and 10.00 am, and finish work accordingly, from 17.00 to 19.00 unless it is otherwise specified. If you work in the Partner Success department, you will follow a shift schedule as needed.
Our employees can take the following breaks at work:

  • Lunch breaks. We provide all employees with a 60 min meal break. They need to take it between 12.00 pm and 14.00 pm. Lunch breaks are not included in the working hours. If possible, schedule these breaks in advance so your team will know when you will be unavailable. For certain positions, we may schedule lunch breaks to avoid any negative impact on our operations.
  • Rest breaks. Employees can take 2 breaks 15 minutes each during the day. Rest breaks are included in your working hours.
  • If you need to perform any kind of work (e.g. a meeting, a call, etc.) we expect you to take your break before or after.

The positions/employees for which flexible working hours are applicable are always determined by an ordinance of the managers. You can have flexible working hours unless otherwise specified. The opportunity for flexible working hours may be at any time withdrawn for certain positions/employees upon the discretion of the managers if they consider that there are objectives, other reasons which require to do so or if the employee is under a CAP.
It is very important to respect any scheduled meetings and attend them on time. You can work overtime only if you were specifically asked to do that, and your role and duties require that. Overtime work shall be in any case performed in compliance with the rules of the labor legislation.

Employee Attendance

All employees need to collaborate with their colleagues to do their job. To make this collaboration easier, we expect you to be punctual and follow the schedule you and your manager have agreed on. If you are absent, late on occasion or you need to leave early, you need to have a good reason and must inform your manager.

What are absenteeism and tardiness?
  • Absenteeism refers to frequent absence from an employee’s job responsibilities.
  • Tardiness refers to coming in late, taking longer breaks than you’re entitled to and constantly leaving earlier from work without reason.

You are responsible to record and monitor your working hours.

Unforeseen absences

If you can’t come into work one day, notify the Employee Experience Expert as soon as possible. Please record this in BambooHR as quickly as possible. Unexcused or unreported absence for more than three days will be considered job abandonment. We will understand if you have good reasons for being absent, even if you don’t report it. Those reasons involve serious accidents and family or acute medical emergencies. We will ask you to bring us doctor’s notes or other verification.
The following list includes reasons that we don’t consider good reasons for being absent:

  • Waking up late.
  • Stopping on the way to work for personal reasons.
  • Bad weather.
  • Holidays that haven’t been approved.

Procedure

If there's any suspicion about drug or alcohol abuse in the workplace, we will ask the relevant employee to leave the office and to return the next day if there's a condition for that. Here are instances that constitute reasonable suspicion:

  • Abnormal behavior.
  • Physical evidence of drugs and alcohol or observation (including odors.)
  • Patterns of failing to complete a task due to confusion or disorientation.
  • Reports from colleagues that an employee admitted to using drugs, was seen using drugs or was shown to be under the influence at work.

If you see that your prescription drugs unexpectedly affect your senses, thinking or movements, please ask for time off. To ensure we enforce this policy, we ask managers to keep detailed, verifiable records of drug-related incidents, behaviors or reports.

Policy violation

In case the employee does not follow this policy, the following action will be taken:

  • Corrective Action Plan (CAP): if a minor violation
  • Termination of Employment(see page 63): if a frequent or severe violation

Note that if you become inebriated and behave inappropriately towards colleagues, customers or stakeholders, we will terminate your contract immediately.

Procedure

  • If you are late for work and will arrive before 10h30am, you need to inform your manager and compensate at the end of the working day.
  • If you are late for work and will arrive after 10h30am, you need to take half the day-off that will be subtracted from your available paid-leave days and it should be recorded in BambooHR.
  • If you need to leave early, you must inform your manager and compensate for the absent hours within a week

Manager’s responsibility

  • If you manage employees you are responsible to monitor their attendance. If you notice that a team member is consistently late or absent, arrange a private meeting to discuss.
  • If you suspect that your team member abuses their sick leave or is wilfully tardy, you should inform HR and start a progressive discipline process.

Policy violation

In case this policy is not abode by employees the following actions will be taken: Disciplinary action: if a minor violation Corrective Action Plan (CAP): if severe and/or frequent violation


Shiftwork Policy

Policy brief & purpose

This policy explains what are the criteria for employees' attendance when working in shifts.

Scope

This policy applies to all employees that are eligible to work in shifts.

Policy Elements

Working hours

Our employees work the conditions of 40-hours per week and following the specified rules of the Bulgarian Labor Code.
Employees under this working model should follow the availability time, during which they can be outside the company, but should be available and immediately arrive at their workplace.

Procedure

  • Your shift will be scheduled through BambooHR and you should follow as it's defined
  • Employees that work in shifts should be available, with easy access to a phone/laptop in case of an emergency such as repairs in the system, failure in the server, etc. The employees might be asked to come to the premises of the company, depending on the severity of the situation.

Policy violation

In case this policy is not abode by employees the following actions will be taken: is policy is not abode by employees the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Corrective Action Plan (CAP): if severe and/or frequent violation


Overtime Policy

Policy brief & purpose

This policy explains what are the conditions and requirements for employees when overtime hours are needed/ requested.

Scope

This policy applies to all employees that are hired under a full-time contract.
The employees working in shifts are not eligible for this policy.


Policy Elements

Our employees work five days a week under the conditions of the 8-hours working day. In some specific cases, you might need to stay overtime in the office so you can request overtime hours in BambooHR. Our employees can request overtime hours in case:

  • Some urgent task needs to be completed
  • One project has to be delivered and it requires extra effort
  • Every three months, the overtime hours are calculated and the employee will be granted the equivalent amount of time off.

Procedure

  • You have to request overtime hours by logging a request in BambooHR.
  • The request needs to be done as you or your manager realize the need. Please note: if you're the requester, your manager will need to approve the overtime hours.
  • You must get the request approved by your direct manager before working overtime.

Policy violation

Overtime is guaranteed by the Bulgarian Labor Law, therefore there are no consequences if you require them.


Employee Time Off Policy

Policy brief & purpose

This policy explains what are the conditions and requirements for employees to have time off from work.

Scope

This policy applies to all employees.

Policy Elements

Our company will grant 20 days ( 12months/1.67 days per month) of paid leave. They are to be taken proportionally throughout the year. E.g. end of March you have 3 times 1.67 days to take.
We offer 1 extra day for every year you are with Secure Group.
We give a day off on your birthday as a benefit so you can enjoy a day-off on the date of your birthday.

Procedure

You have to request days off by logging a request in BambooHR. The request needs to be done at least 2 weeks prior unless it is an emergency. You must get the request approved by your direct manager before taking these days. After you get it approved, you must sign that request on paper with the Office Manager. It is not permitted to have 2 people from the same team taking days off at the same time. Please try to use your Paid leave throughout the year and not accumulate your entire leave for the end. Unused Paid leave may be passed on to the next calendar year partially. In some cases, an employee may use up all their Paid leave and still need to be absent from work. In such cases, we may consider granting that employee unpaid time off.

National Holidays

Our company observes the Bulgarian holidays. These holidays are days off for employees unless a particular department of our company must operate during these days.

Procedure

National Holidays have already been registered automatically in BambooHR. There's no action needed by our employees.

Sick Days

Our employees may be unable to perform their duties if they get sick. Our company follows legal guidelines that apply to sick days.

Procedure

If you are sick, you must inform the Office Manager as soon as possible. They will further inform your direct manager, and log it in BambooHR. You should also inform the Office Manager for how long you’ll be absent.

Policy violation

Time off is guaranteed by the Bulgarian Labor Law, therefore there are no consequences when it's required.

Remote Office Policy

Policy brief & purpose

This policy has the objective of clarifying the eligibility, conditions, and requirements for employees that want to work from home on certain days.

Scope

Our employees are allowed to work remotely from home only if their job duties permit it and upon additional agreement with the employer. You are not eligible to work remotely if you need to be in direct physical contact with other employees or team members. Therefore, the employer is entitled due to this fact and considering the specifics and the needs of the working process in the Company and in particular those related to your work to deny giving consent for some employees to work remotely from home. The employees working in shifts are not eligible for this policy.

Policy Elements

  • Employees that are Level 1 or 2 can take 5 days to work remotely during the year only upon approval by the manager at BambooHR.
  • Employees that are Level 3 and UP can take 13 days to work remotely during the year only upon approval by the manager at BambooHR.

Remote Office is a company benefit that will give you a better work/life balance. Remote Office needs to be done with a clear plan of what you work on that day. You must be available to communicate with your manager and team members all the time during the working hours of the Company as you are in the office.
You cannot benefit from Remote Office if:

  • You have to take care of your young children at home, or
  • You need to be somewhere else doing something else besides work, or
  • The Remote Office days are not taken in a row
  • The Company has doubts that you use working time also for purposes not related to your work.
  • The Company has the right to deny to give approval for certain days/cases for objective reasons:
  • You are under a Corrective Action Plan (CAP).

Procedure

When employees plan Remote Office days, this procedure must be followed:

  • Employees file a request through BambooHR in advance and with the description of the activities, they will focus on a specific day.

Management will consider the following elements:

  • Is the employee eligible by the nature of their job?
  • Are there any cybersecurity and data privacy concerns?
  • Will collaboration with the employee’s team become difficult?
  • Do employees have the necessary equipment or software installed at home?
  • What are the conditions of employees’ home (noise, internet connection. etc.)?

Their direct manager approves or rejects the request considering all elements as mentioned above.
For all issues related to the working remotely which are not explicitly regulated in this policy, the provisions of the relevant provisions of the Bulgaria Labour Code shall apply.

Policy Violation

In case the employee does not follow the Remote Office requirements, the following action will be taken:

  • Disciplinary action and suspension of the benefit if a minor violation
  • Corrective Action Plan (CAP): if a severe violation.

Smoke-Free Workplace Policy

Policy brief & purpose

This policy explains what are the accepted conditions for smoking in the surroundings of the office.

Scope

This policy applies to all employees. Our employees who smoke need to follow this policy so they will:

  • Protect non-smokers from second-hand smoking
  • Avoid setting off alarms and smoke detectors
  • Preserve an image of a clean workplace
  • Avoid fires from discarded cigarettes

We’ll follow any legal guidelines regarding indoor smoking.

Policy Elements

Our policy refers to all tobacco products. As a general rule, smoking is prohibited indoors at any time. This rules refers to:

  • Working areas
  • Hallways
  • Staircases
  • Restrooms
  • Kitchen and Cafeterias

Procedure

We permit smoking during breaks at:

  • Balconies
  • Any outer premises including yards and sidewalks outside of our building.

If you smoke you must:

  • Extinguish their cigarettes and discard them only in appropriate ashtrays.
  • Avoid smoking near flammable objects and areas.

Policy Violation

In case the employee does not follow this policy, the following actions will be taken:

  • Disciplinary action and suspension of the benefit if a minor violation
  • Corrective Action Plan (CAP): if a severe violation.

Employee Referral Program Policy

Policy brief & purpose

Compared to other recruiting strategies, our employee referral program has a higher return on investment (ROI). Employee referrals are a great way to improve our time, cost and quality of hire. This policy clarifies the conditions for referring candidates to our selection process.

Scope

This Employee Referral Program Policy applies to employees who refer a candidate to our company. It does not apply to employees working in the HR department or that are involved in the Selection process, or that were part of a Marketing campaign/initiative.

Policy Elements

Secure Group considers referrals the best way to attract talent. We already trust our employees’ judgment at work – why not trust them about who will be a good addition to our team? And given the effect of personal relationships on team spirit, why not count on relationships that are already good?
Now, we introduce tiers, depending on the position of the referred person. Naturally, some roles are key to our operations and call for a bigger reward if someone tips us off about top talent in these fields. For referring a candidate for an open position, team members receive a total of BGN 4,000:

  • BGN 500 when the candidate signs a contract
  • BGN 1,500 when they pass their six-month probation period
  • BGN 2,000 when they make one year in the company

For all other positions, the reward totals BGN 1,000:

  • BGN 200 when the person signs a contract
  • BGN 300 when they pass their six-month probation period
  • BGN 500 when they make one year in the company.

Procedure

In order to refer a person to work in Secure Group, you should communicate with our Talent Acquisition Director and share the curriculum vitae of the candidate. A brief explanation on why you believe the person will be a valuable asset to Secure Group may be required for the documentation of the Selection Process.

Policy Violation

This policy is optional and there are no consequences if employees do not refer candidates

Moonlighting Policy

Policy brief & purpose

The main purpose of this policy is to set out the expectation we have on how employees will treat their work at our business as their primary job and will not allow other jobs to interfere with the performance of the primary job.

Scope

  • This policy applies to our employees.
  • This policy applies to lawful activities. We will take legal action if you use our company’s equipment, resources or information to support any illegal activities.

Policy Elements

We want our employees to be transparent about their side jobs so we can prevent conflicts with their main jobs more easily. Our main rule is that our employees must treat their job in our company as their primary occupation. Any other job should come second. With this rule in mind, our employees must not:

  • Take up a job or project with our competitors. Doing so will violate our non-compete agreement and we will terminate you.
  • Take up a job or project if its working hours overlap with those of their main job. We expect you to use your working hours to work for our company only.
  • Take up a job or project that’s so demanding it interferes with the main job duties. For example, if you’re too tired to do your main job properly, you will face negative performance reviews.
  • Take up a job or project that could create a conflict of interest. For this reason, we advise against working for or with our company’s clients, vendors or contractors outside your job.

Procedure

What you should do if you want to take up side jobs

We define a side job as paid, regular work (temporary or permanent) with specific job responsibilities. For example, working at a coffee shop qualifies as a side job if you are expected to work there regularly, regardless of whether you have pre-determined shifts or a fixed number of hours. Managing a business, working as a consultant or advisor to companies and serving as a board member of an organization falls under our definition too.
When you want to (or have taken) a side job, you must inform HR and your manager to help us ensure you don’t inadvertently violate this policy.

Using company equipment and resources

Employees must not use company equipment, resources or materials for their outside activities. Using or disclosing our confidential or proprietary information outside the scope of your job with us is prohibited.

Policy Violation

In case the employee does not follow this policy, the following action will be taken:

  • Corrective Action Plan (CAP)
  • Termination of Employment and legal action: if an extremely severe violation

Anti-discrimination Policy

Policy brief & purpose

Our anti-discrimination policy explains how we prevent discrimination and protect our employees, customers, and stakeholders from offensive and harmful behaviors. This policy supports our overall commitment to creating a safe and happy workplace for everyone. Our company complies with all anti-discrimination laws. We explicitly prohibit offensive behavior and disrespectful behavior.

Scope

This policy applies to all employees, contractors, visitors, customers, and stakeholders.

Policy Elements

Discrimination is any negative action or attitude directed towards someone because of protected characteristics, like race and gender. Other protected characteristics are:

  • Age
  • Religion
  • Ethnicity/ nationality
  • Disability/ medical history
  • Marriage / civil partnership
  • Pregnancy / maternity/ paternity
  • Gender identity/ sexual orientation

Discrimination and harassment

Our anti-discrimination and anti-harassment policies go hand-in-hand. We will not tolerate any kind of discrimination that creates a hostile and unpleasant environment for employees, customers or partners. Here are some instances that we consider discrimination:

  • Employees making sexist comments.
  • Employees sending emails disparaging someone’s ethnic origin.

We will not be lenient in cases of assault, sexual harassment or workplace violence, whether physical or psychological. We will terminate employees who behave like this immediately.

Procedure

Actions to prevent discrimination

To ensure that our conduct and processes are fair and lawful, we:

  • Use inclusive language in job ads
  • Set formal job-related criteria to hire, promote and reward team members.
  • Offer compensation and benefits according to position, seniority, qualifications, and performance, not protected characteristics.
  • Require managers to keep detailed records of their decisions concerning their team members and job candidates.

What to do in cases of discrimination

If you are the victim of discriminatory behavior (or if you suspect that others are being discriminated against,) please talk to the HR or your direct manager as soon as possible. HR is responsible for hearing your claim, investigating the issue and determining the consequences.
Punishment for discriminatory behavior depends on the severity of the offense.

How we address discrimination complaints

HR is proactive and responsive to determining whether discrimination occurs. We will look into similar claims about the same person or process to determine if discrimination is systemic. We will investigate all claims discreetly. We will never disclose who made a complaint to anyone or give out information that may help others identify that person (e.g. which department or role they work in.) We should all strive to prevent and address discrimination. Be aware of your implicit biases and speak up whenever you or your colleagues are discriminated against.

Policy Violation

In case this policy is not abode by employees the following actions will be taken (depending on the severity of the behavior):

  • Disciplinary action: if a minor violation
  • Corrective Action Plan (CAP): if a severe violation
  • Termination of Employment: in case of workplace violence

Violence In The Workplace Policy

Policy brief & purpose

It's in Secure Group's priorities to provide a safe workplace for employees and for visitors to the workplace. This policy explains what are the non-accepted type of violent behavior and the consequences for it.

Scope

This policy applies to all employees.

Policy Elements

“Workplace violence” refers to physical acts of violence or threats to harm a person or property. Abusive behaviors, whether verbal, psychological or physical, are also considered violence. More specifically:

  • Verbal abuse can be using unwelcome, embarrassing, offensive, threatening or degrading language.
  • Psychological abuse is an act that provokes fear or diminishes a person’s dignity or self-esteem.
  • Sexual abuse is any unwelcome verbal or physical assault.


Examples of violent behavior among co-workers include but are not limited to:

  • Intimidating or bullying others
  • Abusive language
  • Physical assault
  • Threatening behavior
  • Concealing or using a weapon
  • Sexual or racial harassment

Procedure

Our company doesn’t tolerate violence. Employees must report any concerns or violent acts to HR as soon as possible.

Policy Violation

In case this policy is not abode by employees the following actions will be taken (depending on the severity of the behavior):

  • Corrective Action Plan (CAP): if a minor violation
  • Termination of Employment: if a severe violation

Workplace Harassment Policy

Policy brief & purpose

Secure Group prohibits harassment of any kind, including sexual harassment, and will take appropriate and immediate action in response to complaints or knowledge of violations of this policy. For purposes of this policy, harassment is any verbal or physical conduct designed to threaten, intimidate or coerce an employee, co-worker, or any person working for or on behalf of Secure Group.

Scope

This workplace harassment policy applies to all employees, contractors, customers and anyone else whom employees come into contact with at work.

Policy Elements

What is the definition of harassment in the workplace?

Harassment includes bullying, intimidation, direct insults, malicious gossip. Instances that we consider harassment:

  • Sabotaging someone’s work on purpose
  • Being rowdy and disruptive
  • Yelling and speaking loudly and in a rude manner to any of your colleagues
  • Engaging in frequent or unwanted advances of any nature, including sexual harassment.
  • Commenting derogatorily on a person’s ethnic heritage or religious beliefs
  • Starting or spreading rumors about a person’s personal life.
  • Ridiculing someone in front of others.

Procedure

Reach out to HR in any case of harassment no matter how minor it may seem. For your safety, contact HR as soon as possible in cases of serious harassment (e.g. sexual advances) or if your manager is involved in your claim. Anything you disclose will remain confidential.

Policy Violation

In case this policy is not abode by employees the following actions will be taken (depending on the severity of the behavior):

  • Corrective Action Plan (CAP): if a minor violation
  • Termination of Employment: if a severe violation

Source Code Policy

Policy brief & purpose

This policy has the objective of ensuring that all employees are informed of how to use open source. The Source Code policy exists to maximize the impact and benefit of using open source and to ensure that any technical, legal or business risks resulting from that usage are properly mitigated.

Scope

This policy applies to all our employees and anyone who has permanent or temporary access to our systems and hardware.


Policy Elements

Usage of Open Source

Our employees are allowed to use Open Source accordingly to the license.

Share Company's Source Code

Sharing our Company Source Code is strictly forbidden. This includes and is not restricted to:

  • Publish our source code in a public repository
  • Share (written or verbally) our source code and guidelines with anyone outside our Company
  • Copy or distribute our source code for any purpose that is not related to our business.

Procedure

If you're using Open Source, discuss the licensing implication with your manager.

Policy Violation

In case the employee does not follow this policy, the following action will be taken:

  • Termination of Employment

Data Protection and Privacy Policy

Policy brief & purpose

The core purpose of our business is cybersecurity and data protection. Because of that, we also have a policy for the information of our employees. This policy has the objective of clarifying how our organization processes personal data and how it applies data protection principles.

Scope

This policy and privacy notice refer to all parties (employees, job candidates, customers, suppliers, etc.) who provide any amount of information to us.

Who is covered under the Data Protection Policy?

Employees of our company and its subsidiaries must follow this policy. Contractors, consultants, partners, and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.

  • Information about the company, being the personal data controller:
Name of the company, Seat and Registered Address SECURE GROUP LAB OOD

Sofia 1113, Iztok Dstr., 13b Tintyava str., floor 6

Contact with SECURE GROUP LAB OOD https://lab.securegroup.com/

[email protected]
Tel.: +35924167745 ext. 616

Represented by Dominic Gingras and Evdokia Garkova

Policy Elements

As part of our operations, we need to obtain and process information for you as our employee, containing personal data. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data, etc.
Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply. Our data will be:

  • Accurate and kept up-to-date
  • Collected fairly and for lawful purposes only
  • Processed by the company within its legal and moral boundaries
  • Protected against any unauthorized or illegal access by internal or external parties
  • Your data, which you provide to us will not be:
  • Communicated informally
  • Stored for more than a specified amount of time
  • Transferred to organizations, states or countries that do not have adequate data protection policies
  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data, the company has direct obligations towards you - individuals to whom the data belongs. Specifically, we must:

  • Let the individuals know which of their data is collected
  • Inform individuals about how we’ll process their data
  • Inform individuals about who has access to their information
  • Dispose of with procedures in cases of lost, corrupted or compromised data
  • Allow individuals to request that we modify, erase, reduce or correct data contained in our databases

List of categories and types of personal data, which we shall process for you as employees of “Secure Group Lab” OOD

In order for us to conclude an employment/ civil contract with you, we shall collect and use the following information of yours, which represents personal data: contact details:

  • name, permanent address, e-mail address, phone number;
  • data related to payment services and receipt of your employment remuneration/ fees: bank account number, financial status;
  • data in connection with education and qualifications: data from diploma for accomplished educational degree, membership in professional organizations, qualifications, etc.;
  • data about your professional experience: former job positions, employment length of service, social insurance length of service and references from previous employers;
  • data for the conclusion of the employment/ civil contract, related to the physical identity: three names, PIN, address, ID data, place of birth, citizenship, nationality.


In the event it becomes necessary for us to request additional information from you in the course of your work at the Company, we shall collect, keep and use (i.e. process) your personal data in accordance with this Data protection policy. Such additional data could be, for instance, data about your family identity, such as marital status regarding the payment of paid leave due to contracted marriage. In certain cases, in order to fulfill some statutory or other legal obligations, arising out of the concluded employment/ civil contract, we shall collect and process personal data provided by you, which pertains to your health status.
Use of personal data provided when applying for a job position with our Company: When entering into employment/ civil contracts with the Company, we shall collect, keep and use the personal data, as provided by you by means of your CV and/or application form. In all events, all information representing personal data that have been extended to us for the purposes of your job application with us shall be collected, kept and used in accordance with this Privacy Notice.
Use of personal data during the course of your duties and functions:

  • Video data from the video surveillance system: in order to ensure smooth and unimpeded passing of the working process, as well as to protect the Company’s assets from illegal encroachment in the offices and common premises.
  • Geolocation data: for accounting and reporting purposes and in connection with all company expenses, including fuel expenses and company cars consumables, as well as tracing out the observance of the working time, and reporting of time for performance of deliveries, we have placed GPS tracking devices on all company vehicles. During their driving, data are being reported and processed, including personal data, related to the location of the vehicle.
  • Data about the internet activity of the employees realized during work time or with company devices, such as visited IP address, time of visit, name, and version of the web-browser, operation system and other parameters, provided from the web-browser, through which the access is made and all other information in this respect.

How do we protect your personal data?

Your personal data are kept on electronic carriers on servers located in the European Union and are accessible only by other designated employees of the Company (the Manager, the Financial Manager and/or HR Administration) and/or employees of the external accountancy, for the processing purposes pointed hereinabove.

Transfer of personal data

We do not provide your personal data outside the EU/EEA. In the event that your personal data are provided (transferred) outside the borders of the EU/ EEA, we shall ask for your additional consent and shall, in addition, provide you with information about the safeguards, which the receiving party ensures in connection with the personal data protection.

Retention periods

We retain your personal data only for as long as necessary, so to observe the statutorily prescribed period of time, as defined by the labor legislation, as well as so to protect the legitimate rights and interests of Secure Group Lab OOD in the event of possible claims, appeals, litigation proceedings, inquiries and investigations throughout or after termination of your employment/ civil contract. According to the requirements of the Labour Code, Tax and Social Procedure Code, the Accounting Act and the Ordinance of the Labour Record and the Labour Length of Service, the employer shall retain for a period not shorter than 50 (fifty) years, as of 1st of January of the reporting period, following the reporting period, which they pertain to, on paper and/ or electronic carrier, the employment contract, and all documents, attesting the remunerations paid to the employees. All other documents from the employee file will be kept, on paper and/ or electronic carrier, for a period of 6 (six) years as of the termination of the respective labor relationship.
Civil contracts and documents attesting the remunerations paid to the contractors are to be kept for a period of 10 (ten) years, as of 1st of January of the reporting period, following the reporting period, which they pertain to, on paper and/ or electronic carrier; any other documents from the contractor file will be kept for a period of 5 (five) years as of termination of the respective relationship.

Your rights

You may accomplish each of the below-pointed rights, which you dispose of, by addressing us with an application in writing at the contact addresses listed in point I hereinabove. Your rights in connection with your personal data are the following:

  • The right of access to information regarding the modalities of the processing of personal data and information what personal data Secure Group Lab OOD is processing for your;
  • In the event you consider that some personal data are untrue or incomplete, the right to request rectification or supplementation/ update of your personal data;
  • The right to request form the Company to restrict or prohibit the processing of your personal data for certain specific purposes;
  • The right to data portability;
  • The right to file a request for your personal data to be deleted; and
  • The right to file an appeal with the Personal Data Protection Commission
  • All applications and requests received by Secure Group Lab OOD shall be reviewed in accordance with the relevant legislation in the sphere of personal data protection.

Your obligations as employee

  • You shall undertake to inform the representatives of the Company or the Manager of the department that you work in if you become aware of a breach or violation in the process of collecting, processing or storing of personal data.
  • You shall be acquainted with the overall policy for personal data protection, which the Company abides by.
  • You shall be acquainted with the risks relating to the personal data, processed by the Company.
  • As our employee, you undertake to not disseminate to third parties, including to other staff members from the personnel of the Company, the personal data which you have gained access to during or on the occasion of fulfilling your duties in the Company.
  • You shall undertake to destruct any information carriers (on paper and electronically), containing personal data, according to the Procedure for due destruction of personal data, adopted in the Company.
  • You shall be acquainted with and accept the Internal Employment Rules, approved by the Employer.

Employee Confidentiality Policy

Policy brief & purpose

This policy explains what's the appropriate and ethical behavior when it comes to confidential data we use in our Company.

Scope

This policy applies to all employees who have access to confidential information.

Policy Elements

Confidential and proprietary information is secret, valuable, expensive and/or easily replicated. Common examples of confidential information are:

  • Unpublished financial information
  • Data of Customers/Partners/Vendors
  • Patents, formulas or new technologies
  • Customer lists (existing and prospective)
  • Data entrusted to our company by external parties
  • Pricing/marketing and other undisclosed strategies
  • Documents and processes explicitly marked as confidential
  • Unpublished goals, forecasts, and initiatives marked as confidential

Procedure

What employees can do

  • Lock or secure confidential information at all times
  • Shred confidential documents when they’re no longer needed
  • Make sure they only view confidential information on secure devices
  • Only disclose information to other employees when it’s necessary and authorized
  • Keep confidential documents inside our company’s premises unless it’s absolutely necessary to move them

What employees can't do

  • Use confidential information for any personal benefit or profit
  • Disclose confidential information to anyone outside of our company
  • Replicate confidential documents and files and store them on insecure devices
  • Share source code to any external parties
  • Maintain personal relations with former employees, suppliers and/or clients that have on-going litigation with Secure Group
  • Maintain personal relations with former employees that were dismissed because of severe immoral behavior

Confidentiality Measures

Measures to ensure that confidential information is well protected:

  • Store and lock paper documents
  • Encrypt electronic information and safeguard databases
  • Keep our source code secure on your workstation or in our version control system (Bitbucket, Gerrit, Harbor)
  • Ask employees to sign non-compete and/or non-disclosure agreements (NDAs)
  • Ask for authorization by senior management to allow employees to access certain confidential information

Exceptions

Confidential information may occasionally have to be disclosed for legitimate reasons. Examples are:

  • If a regulatory body requests it as part of an investigation or audit
  • If our company examines a venture or partnership that requires disclosing some information (within legal boundaries)
  • In such cases, employees involved should document their disclosure procedure and collect all needed authorizations. We’re bound to avoid disclosing more information than needed.

Policy Violation

In case the employee does not follow this policy, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Corrective Action Plan (CAP): if a severe violation
  • Termination of Employment and legal action: if an extremely severe violation

We’ll investigate every breach of this policy. We’ll terminate any employee who willfully or regularly breaches our confidentiality guidelines for personal profit. We may also have to punish any unintentional breach of this policy depending on its frequency and seriousness. We’ll terminate employees who repeatedly disregard this policy, even when they do so unintentionally. This policy is binding even after the separation of employment.

Procedure

To exercise data protection we’re committed to:

  • Restrict and monitor access to sensitive data
  • Develop transparent data collection procedures
  • Train employees in online privacy and security measures
  • Build secure networks to protect online data from cyber attacks
  • Establish clear procedures for reporting privacy breaches or data misuse
  • Include contract clauses or communicate statements on how we handle data
  • Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization, etc.)

Policy Violation

In case this policy is not abode by employees the following actions will be taken (depending on the severity of the behavior):

  • Disciplinary action: if a minor violation
  • Termination of Employment and legal action: if a severe violation