Before proceeding, please review and accept the Terms & Conditions of Use and the Privacy & Data Protection Policy. These documents explain our obligations to you and your obligations to us.
Last Updated: December 17, 2024
These Terms of Use ("Terms") govern the access and use of the SPIDO application ("System") provided by BARISMA (Pty) Ltd ("BARISMA"). These Terms constitute a legally binding agreement between BARISMA and any entity or individual ("User") accessing or using the System. The Terms establish mutual obligations, rights, and responsibilities essential for the effective and secure operation of the System.
By accessing or using the System, User acknowledges reading, understanding, and agreeing to be bound by these Terms, including any subsequent modifications. If User does not agree with any part of these Terms, User must immediately cease System access and usage.
1.1 Agreement Formation and Acceptance
This section defines the conditions and processes for establishing a valid service agreement between BARISMA and User.
BARISMA shall maintain a comprehensive digital agreement system that ensures clear presentation and legally binding acceptance of these Terms. BARISMA will provide real-time verification of acceptance, maintain secure records of all acceptances, and ensure proper authentication of accepting parties. Each acceptance record shall include digital signatures, timestamps, and identifying information of the accepting party.
User must review and explicitly accept these Terms through BARISMA's designated acceptance process. For organizational Users, acceptance must come from an authorized representative with proper authority to bind the organization. User acknowledges that access to the System is contingent upon this acceptance.
BARISMA shall provide minimum thirty (30) days advance notice of any material changes to these Terms. Such notice will clearly identify all substantive changes and their potential impact on User's operations. BARISMA will maintain a complete version history of Terms and provide comparison tools for User review.
User shall review all Terms updates within the notification period and either accept the changes or initiate termination procedures. Continued use of the System after the notice period constitutes acceptance of updated Terms. User is responsible for assessing the impact of changes on their operations and implementing any necessary operational adjustments.
1.2 Account Management
BARISMA shall provide a secure account creation process that includes verification of business legitimacy, implementation of required security measures, and configuration of initial access parameters. BARISMA will maintain secure systems for managing account credentials, enable required security features, and provide account management tools appropriate to User's service level.
User shall provide accurate and complete information during account setup, including verified business registration details where applicable. User must designate and maintain at least two authorized account administrators responsible for account security and user management. These administrators shall complete BARISMA's account management training before receiving administrative access.
BARISMA shall implement and maintain robust security measures including multi-factor authentication, session management, access logging, and automated threat detection. BARISMA will monitor account security status, provide security alerts, and implement emergency security measures when necessary.
User shall maintain account security by implementing required security protocols, promptly updating security settings as advised by BARISMA, and immediately reporting any suspected security breaches. User must maintain current contact information for security notifications and respond to security alerts within specified timeframes.
1.3 Agreement Modifications
This section governs how changes to the agreement may be made and the obligations of both parties regarding such modifications.
BARISMA shall manage all agreement modifications through a controlled process that ensures transparency and proper notification. Any material changes affecting service delivery, security requirements, or User obligations will be communicated through formal notification channels. BARISMA will maintain comprehensive documentation of all modifications, including justification for changes and impact assessments.
User acknowledges that BARISMA may modify these Terms to accommodate evolving business requirements, regulatory changes, or system enhancements. User retains the right to review and accept or reject such modifications within the specified notice period. Rejection of material modifications may require service termination if continued operation under existing terms is not feasible.
BARISMA shall provide detailed impact analyses for significant modifications, including implementation timelines, required User actions, and any potential service impacts. For modifications affecting system interfaces or User operations, BARISMA will provide necessary documentation, training materials, and technical support to facilitate transition.
User shall evaluate modification impacts on their operations and implement necessary adjustments within specified timelines. User must ensure all authorized users are informed of relevant changes and complete any required additional training or certification processes.
1.4 Term Duration
BARISMA shall establish clear service periods with defined start and end dates. Initial service terms shall be specified in the service order, with automatic renewal provisions unless either party provides notice of non-renewal. BARISMA will provide renewal notifications sixty (60) days before term expiration, including any changes to service terms or pricing applicable to the renewal period.
User commits to the initial service period specified in their service order. Early termination may result in early termination fees as specified in the financial terms section. User must provide written notice of non-renewal at least thirty (30) days before the current term expires to prevent automatic renewal.
2.1 Authentication Requirements
BARISMA shall implement industry-standard authentication protocols including multi-factor authentication, biometric verification where applicable, and secure password management. Authentication systems will enforce password complexity requirements, regular password changes, and maintain audit trails of authentication attempts. BARISMA will provide secure password recovery procedures and emergency access protocols for authorized users.
User shall adhere to BARISMA's authentication policies, including:
2.2 Access Controls
This section defines the framework for controlling and managing system access, ensuring appropriate resource utilization and security.
BARISMA shall implement a comprehensive role-based access control system that enables granular permission management. This includes maintaining predefined role templates, supporting custom role definitions, and providing tools for access review and certification. BARISMA will monitor access patterns, detect anomalies, and maintain detailed access logs for security and audit purposes. Emergency access protocols will be maintained for critical situations, with appropriate controls and documentation requirements.
User shall implement the principle of least privilege when assigning system access, regularly review user access rights, and promptly revoke access for terminated employees or those changing roles. User must maintain current documentation of access assignments and complete periodic access recertification as required by BARISMA.
BARISMA shall enforce secure session management including automatic timeout of inactive sessions, prevention of concurrent logins, and secure session termination protocols. Session security measures will include encryption of session data, secure token management, and protection against session hijacking attempts.
User acknowledges and accepts session management controls including timeout periods and single-session restrictions. Users must properly terminate sessions when access is no longer needed and not attempt to circumvent session security measures.
2.3 Security Protocols
BARISMA shall maintain a secure infrastructure incorporating multiple security layers, including perimeter security, network segmentation, intrusion detection and prevention systems, and advanced threat protection. Security systems will be continuously monitored, regularly updated, and subjected to periodic security assessments. BARISMA will maintain security incident response capabilities and conduct regular security testing to validate control effectiveness.
User shall comply with all security requirements specified by BARISMA, maintain secure network environments for system access, and implement required endpoint protection measures. This includes maintaining current anti-malware protection, enabling local firewalls, and implementing recommended security controls.
BARISMA shall implement comprehensive data security measures including encryption for data in transit and at rest, secure key management, and data access controls. Security measures will be regularly reviewed and updated to address emerging threats and comply with evolving security standards. BARISMA will maintain security monitoring systems to detect and prevent unauthorized data access attempts.
User shall handle all system data in accordance with BARISMA's security requirements, implement appropriate data protection measures within their environment, and ensure compliance with data handling policies. Users must report any suspected data security incidents immediately through designated channels.
2.4 Incident Management
BARISMA shall maintain a formal incident response program including incident detection, classification, investigation, and resolution procedures. Response teams will be available 24/7 for critical security incidents, with defined escalation paths and communication protocols. BARISMA will document all security incidents, conduct root cause analysis, and implement preventive measures based on incident learnings.
User must cooperate with BARISMA's incident response processes, including providing requested information, participating in incident investigations, and implementing recommended security improvements. Users shall maintain internal incident response procedures aligned with BARISMA's requirements and participate in incident response training as required.
2.5 Device Requirements
This section specifies the technical requirements for devices accessing the system to ensure security and optimal performance.
BARISMA shall maintain current documentation of supported device configurations, provide device compliance checking tools, and regularly update device security requirements based on emerging threats. BARISMA will implement device authentication mechanisms and provide tools for managing device access credentials. Technical support will be limited to devices meeting these specified requirements.
User shall ensure all devices accessing the system meet BARISMA's minimum requirements including:
3.1 Data Ownership
BARISMA acknowledges that User retains all ownership rights to their data stored within the system. BARISMA shall maintain appropriate controls to segregate User data, prevent unauthorized access or use, and ensure data sovereignty requirements are met. BARISMA will process User data solely for the purposes specified in this agreement and as necessary to provide contracted services.
User warrants they have necessary rights and permissions for all data uploaded to the system and shall indemnify BARISMA against any third-party claims regarding uploaded data. User maintains responsibility for the accuracy and appropriateness of all data submitted to the system.
BARISMA maintains ownership rights to aggregated and anonymized data derived from system usage, including performance metrics, usage patterns, and system optimization data. This derived data will be used for system improvement, trend analysis, and service enhancement. BARISMA shall ensure derived data cannot be used to identify individual Users or their confidential information.
User grants BARISMA limited rights to utilize their data for creating aggregated datasets, provided such use does not expose User's confidential information or create competitive disadvantage.
3.2 Data Storage and Processing
BARISMA shall provide secure, redundant data storage systems with appropriate backup and recovery capabilities. Storage systems will maintain data integrity through checksums, version control, and audit trails. BARISMA will monitor storage utilization and provide advance notification when storage thresholds are approached.
User shall manage their data storage within allocated quotas, implement data archival procedures as needed, and maintain compliance with data retention requirements. User must promptly address any notifications regarding storage utilization or quota limits.
BARISMA shall implement secure data processing environments with appropriate controls to protect data confidentiality and integrity during processing. Processing systems will maintain separation between User environments and implement controls to prevent unauthorized data access or manipulation.
User shall ensure submitted data meets format requirements, contains no malicious content, and complies with system processing limitations. User must verify processing results and report any discrepancies promptly.
3.3 Data Protection
This section establishes the framework for protecting data throughout its lifecycle in the system.
BARISMA shall implement comprehensive data protection measures including encryption, access controls, and data loss prevention systems. Protection measures will cover data at rest, in transit, and during processing. BARISMA will maintain current encryption standards, regularly validate protection measures, and update security controls to address emerging threats. Data protection systems will include automated monitoring and alerting for potential security violations.
User shall comply with all data protection requirements, including proper handling of sensitive data, maintaining secure data transfer methods, and implementing required local security controls. User must classify data appropriately and apply protection measures consistent with data sensitivity levels.
BARISMA shall maintain active breach prevention systems, conduct regular security assessments, and implement continuous monitoring for potential data breaches. In the event of a suspected breach, BARISMA will initiate response procedures immediately, investigate the incident thoroughly, and provide required notifications to affected parties. BARISMA will maintain detailed documentation of all breach-related activities and implement measures to prevent similar incidents.
User shall cooperate fully in breach investigations, provide requested information promptly, and assist in implementing preventive measures as required. User must report any suspected data breaches immediately through designated channels and maintain internal procedures for breach response.
3.4 Data Quality Standards
BARISMA shall provide data validation tools, quality checking mechanisms, and data cleansing capabilities within the system. Quality standards will be clearly documented and enforced through automated validation processes. BARISMA will maintain monitoring systems to detect quality issues and provide reporting on data quality metrics.
User shall ensure submitted data meets quality standards, validate data accuracy before submission, and promptly correct any identified quality issues. User must maintain internal quality control processes and participate in periodic data quality reviews.
BARISMA shall conduct regular data quality assessments, provide quality monitoring tools, and maintain quality improvement processes. Quality metrics will be tracked and reported regularly, with notifications for significant quality issues. BARISMA will provide recommendations for quality improvement based on monitoring results.
User shall review quality reports regularly, address identified quality issues within specified timeframes, and implement recommended quality improvements. User must maintain documentation of quality control activities and participate in quality improvement initiatives.
3.5 Data Retention and Disposal
BARISMA shall implement data retention policies compliant with legal and regulatory requirements, provide tools for managing retention periods, and maintain secure archives for retained data. Retention systems will include automated enforcement of retention periods and notification of pending data expiration.
User shall establish internal retention requirements aligned with BARISMA's policies, maintain compliance with mandatory retention periods, and manage data lifecycle according to retention schedules. User must review retention notifications and take appropriate action before data expiration.
4.1 Service Availability
BARISMA shall maintain system availability at 99.9% measured monthly, excluding scheduled maintenance windows. High-availability infrastructure will be implemented across multiple geographic regions with automated failover capabilities. BARISMA will provide real-time system status monitoring, proactive issue detection, and immediate response to availability incidents.
User acknowledges scheduled maintenance windows and agrees to plan operations accordingly. User shall maintain adequate internet connectivity and local infrastructure to access the system and notify BARISMA of any access issues not reflected in system status monitoring.
BARISMA shall maintain comprehensive business continuity and disaster recovery plans, conduct regular recovery testing, and maintain backup systems ready for immediate activation. Recovery time objectives (RTO) and recovery point objectives (RPO) will be clearly defined and validated through periodic testing.
User shall develop and maintain internal business continuity procedures for scenarios where system access is unavailable, maintain local copies of critical data where appropriate, and participate in continuity testing when requested.
4.2 Performance Standards
BARISMA shall maintain system performance within defined parameters including response times, transaction processing rates, and concurrent user capacity. Performance monitoring systems will track key metrics continuously, with automated alerts for performance degradation. BARISMA will conduct regular performance optimization and capacity planning to ensure consistent service levels.
User shall adhere to published guidelines for system usage, including limitations on batch processing, concurrent operations, and data volume. User must report performance issues promptly and provide relevant details to support problem resolution.
BARISMA shall provide performance monitoring tools, maintain historical performance metrics, and conduct regular performance analysis. Performance reports will be available through the system dashboard, with detailed analysis of significant performance trends or issues.
User shall review performance metrics relevant to their operations, cooperate in performance investigations when required, and implement recommended optimizations to improve system performance.
4.3 System Updates
BARISMA shall manage system updates through a controlled process including thorough testing, staged deployment, and rollback capabilities. Update notifications will be provided at least thirty (30) days in advance for major changes, with detailed documentation of changes and potential impacts. BARISMA will maintain parallel environments during major updates to ensure service continuity.
User shall review update notifications, test their operations in provided test environments prior to updates, and ensure internal readiness for system changes. User must complete any required preparation activities within specified timeframes.
BARISMA shall maintain version control for all system components, support specified previous versions during transition periods, and provide migration tools where needed. Version documentation will include compatibility requirements and known issues.
User shall maintain compatible software versions as specified, complete version migrations within designated timeframes, and report any version-related issues promptly.
4.4 Integration Standards
BARISMA shall provide secure APIs, comprehensive integration documentation, and required support tools. Integration environments will be maintained for testing, with separate credentials and data sets from production. BARISMA will ensure backward compatibility for standard interfaces or provide adequate notice of breaking changes.
User shall follow published integration guidelines, maintain secure handling of integration credentials, and test integrations thoroughly before production deployment. User must update integrations as required when new versions are released.
4.5 Service Limitations
BARISMA shall document all service limitations including storage limits, processing caps, and API rate limits. Monitoring systems will track usage against limits and provide advance notification when thresholds are approached. BARISMA will maintain fair usage policies to ensure consistent service levels for all users.
User acknowledges published service limitations and agrees to operate within these constraints. User shall monitor their usage levels and take appropriate action when approaching limits, including upgrading service levels if needed.
5.1 Regulatory Compliance
BARISMA shall maintain compliance with applicable regulations including data protection laws, industry standards, and security frameworks. Compliance monitoring systems will ensure continuous adherence to requirements, with regular updates to address new regulations. BARISMA will maintain required certifications and provide compliance documentation as needed.
User shall comply with all applicable regulations in their use of the system, maintain necessary licenses and certifications, and cooperate with compliance verification activities. User must notify BARISMA of any compliance requirements specific to their industry or jurisdiction.
5.2 Audit Requirements
BARISMA shall maintain comprehensive audit capabilities including system activity logging, user action tracking, and data access monitoring. Audit trails will be secured against tampering and retained for a minimum of seven (7) years. BARISMA will provide audit reports for compliance purposes and support external audits as required.
User shall maintain internal audit trails of system usage, cooperate with audit activities, and provide requested information within specified timeframes. User must retain relevant audit documentation according to retention requirements.
BARISMA shall facilitate external audits required by regulations or User compliance needs, provide necessary documentation and access, and assist in responding to audit findings. BARISMA will maintain an audit calendar to coordinate multiple audit requirements and minimize operational impact.
User shall provide advance notice of audit requirements, coordinate audit timing with BARISMA, and share relevant audit findings that may impact system security or compliance.
5.3 Documentation Standards
BARISMA shall maintain current system documentation including security policies, operating procedures, and compliance records. Documentation will be version controlled and accessible to authorized users. BARISMA will update documentation promptly to reflect system changes.
User shall maintain required documentation of their system usage, including user guides, operational procedures, and compliance records. User must update their documentation to reflect changes in system usage or processes.
6.1 Support Services
BARISMA shall provide tiered support services with defined response times based on issue severity:
User shall report issues through designated support channels, provide complete information for problem diagnosis, and maintain trained internal support contacts. User must classify issues appropriately and respond promptly to support requests for additional information.
BARISMA shall provide multiple support channels including:
User shall utilize appropriate support channels based on issue severity, maintain current contact information for support purposes, and ensure authorized support contacts are trained on support procedures.
6.2 Maintenance Windows
BARISMA shall conduct system maintenance during defined maintenance windows to minimize business impact. Regular maintenance windows will be scheduled between 00:00 and 04:00 GMT on Sundays. BARISMA will provide minimum seventy-two (72) hour advance notice for scheduled maintenance, including expected duration and system impact. Emergency maintenance may be conducted outside regular windows with minimum four (4) hour notice.
User acknowledges scheduled maintenance requirements and agrees to plan operations accordingly. User shall ensure their users are informed of maintenance windows and maintain procedures for operation during maintenance periods.
6.3 Issue Resolution
BARISMA shall maintain a structured issue resolution process including:
User shall participate in issue resolution processes, provide necessary information for problem diagnosis, and validate issue resolution before case closure.
BARISMA shall maintain a problem management system to identify and address recurring issues, track known problems, and implement permanent solutions. Root cause analysis will be conducted for significant issues to prevent recurrence.
User shall report recurring issues promptly, participate in problem analysis when requested, and implement recommended solutions to prevent issue recurrence.
6.4 Training Requirements
BARISMA shall provide comprehensive training resources including:
User shall ensure their staff complete required training programs, maintain internal training records, and participate in additional training as needed for new features or roles.
6.5 Change Management
BARISMA shall implement a formal change management process for all system changes, including risk assessment, testing requirements, and rollback procedures. Changes will be categorized by impact level and managed accordingly. BARISMA will maintain change documentation and conduct post-implementation reviews for significant changes.
User shall review change notifications, assess impact on their operations, and prepare for upcoming changes within specified timeframes. User must test their operations after significant changes and report any issues promptly.
BARISMA shall provide clear communication of all changes including:
User shall maintain current contact information for change notifications, distribute change information within their organization, and acknowledge receipt of critical change notifications.
7.1 Pricing Structure
BARISMA shall maintain transparent pricing structures for all service levels, with clearly defined included services and limitations. Pricing will be reviewed annually, with any changes communicated ninety (90) days in advance. BARISMA will provide detailed documentation of all pricing components, including optional services and volume-based adjustments.
User agrees to the pricing structure specified in their service order and acknowledges that additional charges may apply for exceeding service limits or requesting additional services. User shall review pricing notifications and communicate any concerns within thirty (30) days of receipt.
BARISMA shall provide multiple service level options to accommodate varying business needs. Each service level will include defined features, support levels, and usage limits. BARISMA will assist in service level selection and provide upgrade paths as needs change.
User shall select appropriate service levels based on their requirements and monitor usage to ensure compliance with service level limitations. Service level changes must be requested in writing with minimum thirty (30) day notice.
7.2 Payment Terms
BARISMA shall invoice for services according to agreed payment schedules, provide detailed billing documentation, and maintain secure payment processing systems. Standard payment terms require payment within ten (10) days of invoice date. BARISMA will provide multiple payment options and maintain secure payment records.
User shall remit payments within specified timeframes, maintain current payment information, and ensure sufficient funds for scheduled payments. Late payments may incur penalties of 1.5% per month on outstanding balances.
BARISMA shall process billing adjustments for approved service credits or billing errors within two billing cycles. Credit balances will be applied to future invoices unless a refund is specifically requested. BARISMA will provide documentation supporting all billing adjustments.
User must submit billing adjustment requests within three (3) days of the original invoice date. Adjustment requests must include supporting documentation and clear explanation of the requested change.
7.3 Billing Procedures
BARISMA shall provide detailed monthly invoices including itemized charges, usage summaries, and applicable taxes. Invoices will be delivered electronically to designated billing contacts by the 3rd business day of each service delivery. BARISMA will maintain invoice history for seven (7) years and provide access to historical billing information through the customer portal.
User shall maintain current billing contact information, review invoices promptly upon receipt, and report any discrepancies within three (3) business days. User must maintain internal records of approved charges and payment authorizations.
BARISMA shall provide real-time usage monitoring tools, automated usage alerts, and detailed usage reports. Usage metrics will be updated daily and accessible through the customer portal. BARISMA will notify User when usage approaches defined thresholds.
User shall monitor service usage regularly, validate usage charges against internal records, and maintain documentation of authorized usage. User must respond to usage alerts and take appropriate action to prevent excessive charges.
7.4 Service Credits
BARISMA shall provide service credits for verified service level violations as specified in the Service Level Agreement. Credit calculations will be based on documented system availability and performance metrics. BARISMA will process approved credits within two billing cycles.
User must submit credit requests within thirty (30) days of the qualifying event. Requests must include incident details, impact documentation, and specific credit amount being requested.
BARISMA shall apply approved credits to future invoices unless alternative arrangements are requested. Credit notifications will include calculation details and application timeline. BARISMA will maintain records of all credit transactions.
User acknowledges that credits cannot exceed 100% of monthly service charges and are not redeemable for cash unless service is terminated. Unused credits expire after twelve (12) months.
7.5 Financial Disputes
BARISMA shall investigate all properly submitted billing disputes within ten (10) business days. Dispute investigations will include review of usage logs, billing records, and provided documentation. BARISMA will provide written response to all disputes including findings and any resulting adjustments.
User must submit billing disputes in writing with detailed explanation and supporting documentation. Disputed charges must be identified specifically, and undisputed portions of invoices must be paid according to normal payment terms.
BARISMA shall maintain documented procedures for dispute investigation and resolution. Unresolved disputes may be escalated according to established procedures. BARISMA will suspend collection activities for properly disputed charges during investigation.
User agrees to work in good faith to resolve disputes promptly and provide additional information as requested. Abuse of dispute processes may result in processing fees or service restrictions.
8.1 Ownership Rights
BARISMA retains exclusive ownership of all system components including software, databases, algorithms, user interfaces, documentation, and any derivative works thereof. BARISMA shall maintain appropriate copyright registrations, implement technical protections for intellectual property, and actively monitor for unauthorized use.
User acknowledges BARISMA's intellectual property rights and agrees not to attempt reverse engineering, decompilation, or modification of system components. User receives a limited license to use the system solely for its intended purpose.
BARISMA acknowledges User retains ownership of all original content uploaded to or created within the system. BARISMA receives limited license rights necessary to process and store User content for service delivery. BARISMA will implement controls to protect User's intellectual property rights.
User warrants they have necessary rights to all uploaded content and shall indemnify BARISMA against any third-party intellectual property claims relating to User content.
8.2 License Grants
BARISMA grants User a non-exclusive, non-transferable license to access and use the system according to these Terms and applicable service orders. This license includes use of associated documentation and tools necessary for system operation. BARISMA will provide license keys and access credentials as required.
User shall use the system within specified license parameters, maintain license compliance, and ensure authorized users understand license limitations. License rights terminate automatically upon service termination.
BARISMA obtains limited license rights to User content solely for providing contracted services, system improvement, and aggregated analytics. BARISMA will maintain confidentiality of licensed content and implement usage restrictions as specified.
User grants BARISMA necessary rights to process, store, and transmit User content while maintaining ownership and control. User may modify or revoke content licenses through defined procedures.
8.3 IP Restrictions
BARISMA shall clearly document all intellectual property restrictions including prohibited activities, usage limitations, and distribution restrictions. Protection measures will be implemented to prevent unauthorized copying, modification, or distribution of system components. BARISMA will monitor for compliance and investigate potential violations.
User agrees not to:
8.4 User Content
BARISMA shall provide secure content management tools, maintain content segregation between Users, and implement backup systems for User content. Content management systems will include version control, access tracking, and audit capabilities. BARISMA will respond promptly to takedown notices for infringing content.
User shall:
BARISMA acknowledges User retains all rights to their original content. BARISMA will not claim ownership of User content or grant rights to third parties without authorization. Content will be returned or destroyed upon service termination according to User preferences.
User warrants they have authority to grant required content licenses and will defend BARISMA against any third-party claims regarding User content.
8.5 Third-Party Rights
BARISMA shall maintain appropriate licenses for all third-party components used in the system, document third-party license terms affecting Users, and provide required attributions. BARISMA will defend Users against third-party intellectual property claims relating to system components.
User shall comply with all third-party license terms communicated by BARISMA and report any potential third-party intellectual property violations promptly.
BARISMA shall investigate intellectual property claims promptly, implement appropriate measures to address valid claims, and maintain communication with affected parties throughout resolution. BARISMA will modify or replace system components as needed to resolve intellectual property disputes.
User shall cooperate with intellectual property investigations, provide requested information promptly, and implement any required changes or restrictions resulting from claim resolutions.
9.1 Termination Rights
BARISMA reserves the right to terminate or suspend service immediately upon discovery of:
User may terminate service with thirty (30) days written notice. Early termination fees may apply during initial contract period. User must pay all outstanding balances and return any BARISMA property prior to termination date.
BARISMA shall implement immediate account suspension for security violations including credential sharing. First violation will result in 48-hour suspension and mandatory security training. Second violation will result in 30-day suspension and security audit. Third violation will result in permanent termination without refund.
User acknowledges that credential sharing constitutes a material breach of these Terms. Suspended accounts require written request and management approval for reinstatement.
9.2 Termination Process
BARISMA shall provide detailed termination procedures including:
User shall complete all termination procedures within specified timeframes, including data export, account closure confirmation, and return of BARISMA property.
9.3 Post-Termination Obligations
BARISMA shall maintain strict data confidentiality controls for a minimum of five (5) years following service termination. This includes secure storage of archived data, maintenance of access logs and audit trails, and scheduled secure destruction of data after the retention period expires. BARISMA will provide written certification of data destruction and maintain compliance documentation according to regulatory requirements.
User shall fulfill all outstanding financial obligations within thirty (30) days of termination, cease use of all BARISMA intellectual property, and maintain confidentiality of any proprietary information obtained during the service period. User acknowledges that certain obligations, including confidentiality and non-competition agreements, survive service termination.
9.4 Data Retrieval
BARISMA shall provide secure data export capabilities during the thirty (30) day post-termination access period. This includes necessary export tools, technical documentation, and standard data formats suitable for migration. BARISMA will maintain system availability during this period and provide technical assistance for complex data extraction if requested.
User must complete all data extraction activities within the designated access period and verify the completeness and accuracy of exported data. User acknowledges that access to the system will be permanently terminated after the export period, and any remaining data will be handled according to BARISMA's data retention policies.
9.5 Service Wind-Down
BARISMA shall support an orderly service transition by providing system documentation, configuration details, and cooperation with replacement service providers where appropriate. BARISMA will maintain essential services during the transition period and provide technical consultation to minimize business disruption.
User shall develop and execute a transition plan within fifteen (15) days of termination notice, including designation of a transition coordinator and completion of all transition activities within agreed timeframes. User must maintain adequate staffing during the transition period to ensure effective knowledge transfer and system migration.
BARISMA shall provide formal closure documentation including confirmation of account deactivation, data transfer completion, and final billing resolution. BARISMA will maintain records of service closure for compliance and audit purposes.
User shall provide written acknowledgment of service termination, confirming completion of data retrieval, return of BARISMA property, and settlement of all outstanding obligations. This acknowledgment formally concludes the service relationship subject to surviving obligations.
10.1 Applicable Law
BARISMA shall operate under and comply with the laws of Botswana. All aspects of this agreement, including interpretation, performance, and dispute resolution, shall be governed by Botswana law. BARISMA will maintain compliance with applicable regulations and maintain required business registrations and licenses.
User acknowledges that this agreement is subject to Botswana law regardless of User's location. User agrees to comply with all applicable Botswana laws and regulations in their use of the service.
10.2 Dispute Resolution
BARISMA shall implement a structured dispute resolution process beginning with direct negotiation, followed by mediation if necessary, and finally binding arbitration under AFSA rules in Botswana. BARISMA will maintain documentation of all dispute proceedings and work in good faith to achieve timely resolution.
User agrees to follow the prescribed dispute resolution process, beginning with direct negotiation attempts for a minimum of thirty (30) days before proceeding to mediation. User acknowledges that arbitration shall be the exclusive remedy for disputes not resolved through negotiation or mediation.
BARISMA shall support arbitration proceedings through the Arbitration Foundation of Southern Africa (AFSA) in Botswana. BARISMA will participate in arbitrator selection, provide required documentation, and implement arbitration decisions promptly.
User agrees that arbitration costs shall be shared equally unless otherwise determined by the arbitrator. User acknowledges that arbitration decisions are final and binding, subject only to the enforcement jurisdiction of Botswana courts.
10.3 Force Majeure
BARISMA shall be excused from performance obligations during events beyond reasonable control, including natural disasters, acts of war, civil unrest, pandemic conditions, or major infrastructure failures. BARISMA will provide prompt notification of force majeure events and maintain communication throughout the duration of such events.
User acknowledges that service levels and performance guarantees may be suspended during force majeure events. User shall maintain business continuity procedures for operation during such events and cooperate with any temporary service modifications required.
10.4 Severability
BARISMA shall maintain the agreement such that if any provision is found invalid or unenforceable, the remaining provisions remain in full force and effect. BARISMA will modify or replace invalid provisions to achieve the intended business purpose while maintaining compliance with applicable law.
User acknowledges that invalidation of specific provisions does not affect the enforceability of remaining terms. User agrees to negotiate in good faith to replace invalid provisions with enforceable terms that achieve similar business objectives.
10.5 Entire Agreement
BARISMA confirms that these Terms, together with any referenced documents and applicable service orders, constitute the complete agreement between parties regarding the subject matter. BARISMA will maintain records of all agreement components, including amendments and referenced documents, and make these available to User upon request.
User acknowledges that these Terms supersede all prior agreements, understandings, and representations regarding the service. User agrees that no other statements, promises, or representations outside these Terms form part of the agreement unless documented in writing and signed by both parties.
BARISMA shall process agreement modifications only through written amendments signed by authorized representatives of both parties. Version control will be maintained for all modifications, with clear documentation of changes and effective dates.
User acknowledges that verbal agreements or representations do not modify these Terms. All changes must be documented through formal amendment processes and signed by authorized representatives of both parties to be effective.
Contact Information:
Last Updated: December 17, 2024
Introduction
BARISMA (Pty) Ltd ("BARISMA", "we", "us", "our") is committed to protecting the privacy and security of personal information processed through the SPIDO application ("System"). This policy establishes comprehensive standards for data protection and privacy compliance, ensuring transparent and lawful processing of personal information.
1.1 Purpose and Commitments
BARISMA shall implement and maintain comprehensive data protection measures that ensure compliance with the Protection of Personal Information Act (POPIA) and other applicable data protection laws. BARISMA commits to processing personal information lawfully, fairly, and transparently, implementing appropriate security measures, and respecting data subject rights.
Users acknowledge that their use of the System involves the processing of personal information and agree to comply with this policy and all applicable data protection requirements.
BARISMA shall apply this policy to all personal information processed through the System, including data relating to users, their customers, employees, and other individuals whose data may be processed. This policy covers all processing activities, whether automated or manual, that form part of our operations.
Users shall ensure that any personal information they input into the System is processed in accordance with this policy and that they have necessary authority and legal basis for such processing.
1.2 Definitions
BARISMA defines the following terms for clarity and consistent application:
Users shall interpret and apply these terms consistently throughout their use of the System and in compliance with data protection requirements.
1.3 Applicability
BARISMA shall implement this policy across all aspects of the System's operation, including all personal information processing activities, user interactions, and integrated services. This coverage extends to all geographic locations where the System is accessed and encompasses both direct and indirect processing activities. BARISMA maintains the right to modify the scope based on regulatory requirements or operational needs, providing appropriate notice of any material changes.
Users shall ensure compliance with this policy in all interactions with the System, including system access, data input, information processing, and data transfers. This obligation extends to all personnel accessing the System under User's authority and any integrated systems or services User implements.
BARISMA shall maintain a comprehensive compliance framework that addresses data protection requirements across all applicable jurisdictions. While primary focus remains on POPIA compliance, BARISMA implements additional controls as necessary to meet specific regional requirements. This includes regular assessment of jurisdictional requirements and implementation of supplementary measures where needed.
Users must identify and comply with data protection requirements in their operating jurisdictions. This includes notifying BARISMA of any specific regional requirements affecting their data processing activities and maintaining appropriate documentation of compliance measures.
1.4 Legal Framework
BARISMA shall maintain active compliance with POPIA and other applicable data protection regulations. This includes regular review and updates of compliance measures, conducting impact assessments when required, and implementing appropriate controls to address new requirements. BARISMA will document all compliance measures and maintain evidence of ongoing conformity with regulatory obligations.
Users acknowledge their obligation to comply with applicable data protection laws and agree to cooperate with BARISMA's compliance efforts. This includes providing requested information, participating in compliance assessments, and implementing required controls within their operations.
BARISMA shall ensure all personal information processing activities are supported by appropriate legal basis as defined in POPIA and other applicable regulations. This includes maintaining documentation of legal basis for each processing activity and regularly reviewing the validity of such basis. Where processing relies on consent, BARISMA will implement appropriate consent management mechanisms.
Users shall maintain records demonstrating legal basis for their processing activities and obtain necessary consents before processing personal information through the System. Users must promptly notify BARISMA of any changes affecting the legal basis for processing.
2.1 Personal Information Categories
BARISMA shall collect and process personal information necessary for System operation and service delivery. This includes essential data categories such as: (a) identification information - names, ID numbers, and business titles, (b) contact information - email addresses, phone numbers, and physical addresses, (c) account information - user credentials, access rights, and authentication data, and (d) professional information - job roles, organizational affiliations, and qualifications. BARISMA maintains detailed records of all personal information categories and their processing purposes.
Users shall ensure that personal information submitted to the System falls within defined categories and is necessary for legitimate business purposes. Users must verify accuracy of submitted information and maintain appropriate records of data categories processed under their authority.
BARISMA shall implement enhanced protection measures for special categories of personal information including: (a) biometric data, (b) health information, (c) religious or philosophical beliefs, (d) racial or ethnic origin, and (e) criminal history. Processing of special personal information requires explicit justification, additional security controls, and specific consent unless exempted by law.
Users must obtain explicit authorization before submitting any special personal information to the System. This includes conducting impact assessments, implementing additional safeguards, and maintaining detailed processing records for such information.
2.2 Collection Methods
BARISMA shall collect personal information through secure, documented methods including: (a) system registration processes, (b) account management interfaces, (c) secure data upload facilities, and (d) authorized API integrations. Each collection method incorporates appropriate validation controls, consent mechanisms, and data minimization principles. BARISMA maintains detailed logs of all collection activities and implements regular reviews of collection methods to ensure continued appropriateness and security.
Users shall utilize only authorized collection methods when submitting personal information to the System. This includes validating data accuracy, ensuring appropriate consent exists, and maintaining records of information sources and collection purposes.
BARISMA shall implement automated collection mechanisms including: (a) system logging facilities, (b) security monitoring tools, (c) performance tracking systems, and (d) analytics services. Automated collection is limited to information necessary for System operation, security, and service improvement. BARISMA provides clear notice of automated collection activities and implements appropriate controls to prevent unauthorized data capture.
Users acknowledge that System usage generates automated data collection and agree to implement appropriate notices within their organizations. This includes informing data subjects of automated collection activities and maintaining necessary documentation of such processing.
2.3 Processing Purposes
BARISMA shall process personal information for clearly defined primary purposes including: (a) user authentication and access management, (b) service delivery and personalization, (c) transaction processing and record keeping, and (d) security and fraud prevention. Each processing activity is documented with specific purposes, processing methods, and data retention requirements. BARISMA regularly reviews processing activities to ensure alignment with stated purposes and implements controls to prevent unauthorized processing.
Users shall only process personal information through the System for documented, legitimate business purposes. This includes maintaining records of processing purposes, ensuring processing activities align with stated purposes, and obtaining necessary authorizations for any new processing activities.
BARISMA shall conduct secondary processing activities only where compatible with primary purposes and supported by appropriate legal basis. Secondary processing includes: (a) service improvement and optimization, (b) trend analysis and statistical research, (c) performance monitoring and reporting, and (d) regulatory compliance activities. BARISMA implements additional safeguards for secondary processing and ensures transparency regarding such activities.
Users must obtain explicit authorization before initiating any secondary processing activities involving personal information collected through the System. This includes conducting compatibility assessments, implementing additional controls, and maintaining detailed records of secondary processing activities.
2.4 Legal Basis for Processing
BARISMA shall maintain comprehensive documentation of legal basis for all processing activities. Valid legal bases include: (a) contractual necessity for service provision, (b) legal obligations under applicable laws, (c) legitimate business interests where not overridden by individual rights, (d) explicit consent for specific processing activities, and (e) vital interests of data subjects in emergency situations. BARISMA regularly reviews and validates legal bases for all processing activities.
Users shall ensure valid legal basis exists before submitting personal information for processing. This includes maintaining evidence of legal basis, updating processing records when circumstances change, and implementing appropriate consent management where required.
BARISMA shall implement robust consent management mechanisms including: (a) clear consent requests specifying processing purposes, (b) granular consent options for different processing activities, (c) easy-to-use consent withdrawal mechanisms, and (d) detailed consent records maintenance. Consent mechanisms ensure active, informed consent and maintain comprehensive audit trails of consent activities.
Users must utilize appropriate consent mechanisms when processing requires consent basis. This includes maintaining consent records, respecting consent withdrawal requests, and updating processing activities promptly when consent status changes.
3.1 Security Measures
BARISMA shall implement comprehensive technical security measures including: (a) encryption of data in transit and at rest using industry-standard protocols, (b) multi-factor authentication for system access, (c) advanced threat detection and prevention systems, and (d) automated security monitoring and alerting. BARISMA maintains security controls aligned with international standards and regularly updates measures to address emerging threats.
Users shall comply with all implemented security measures and maintain complementary controls within their environments. This includes implementing required endpoint protection, maintaining current security software, and following secure access procedures.
BARISMA shall maintain operational security procedures including: (a) regular security assessments and penetration testing, (b) vulnerability management and patch deployment, (c) security incident response protocols, and (d) business continuity and disaster recovery procedures. These procedures undergo regular review and testing to ensure effectiveness and appropriateness for evolving security challenges.
Users shall develop and maintain operational security procedures aligned with BARISMA's requirements. This includes staff training on security procedures, incident reporting protocols, and regular security awareness activities.
3.2 Access Controls
BARISMA shall implement role-based access control (RBAC) with granular permission management. Access controls include: (a) unique identification for all users, (b) principle of least privilege enforcement, (c) regular access rights review and certification, and (d) automated access monitoring and anomaly detection. BARISMA maintains comprehensive access logs and conducts regular access pattern analysis.
Users shall manage access rights for their authorized personnel following the principle of least privilege. This includes prompt access rights updates when staff roles change, regular access reviews, and maintenance of accurate access records.
BARISMA shall enforce strong authentication requirements including: (a) complex password policies aligned with current best practices, (b) mandatory multi-factor authentication for all user access, (c) secure credential management processes, and (d) regular authentication method reviews. Authentication systems include protection against brute force attacks and maintain detailed authentication logs.
Users must comply with authentication requirements and ensure their authorized personnel understand and follow authentication procedures. This includes secure credential management, prompt reporting of suspected credential compromise, and regular password updates.
3.3 Data Handling Procedures
BARISMA shall maintain strict data handling procedures throughout the data lifecycle. These procedures encompass: (a) secure data intake and validation processes, (b) controlled data processing environments, (c) secure data transfer mechanisms, and (d) protected data storage systems. BARISMA implements automated data quality checks, maintains processing logs, and conducts regular audits of data handling activities.
Users shall adhere to defined data handling procedures when processing information within the System. This includes following data input standards, utilizing secure transfer methods, maintaining data quality, and implementing appropriate controls within their processing environments.
BARISMA shall implement a comprehensive data classification system with specific handling requirements for each classification level. Classification levels include: (a) public information, (b) internal use only, (c) confidential information, and (d) highly restricted information. Each classification level has defined security controls, access restrictions, and handling requirements appropriate to the sensitivity of the information.
Users must classify information correctly upon submission to the System and apply appropriate handling procedures based on classification levels. This includes maintaining documentation of classification decisions and implementing required controls for each classification level.
3.4 Breach Prevention and Response
BARISMA shall maintain comprehensive breach prevention measures including: (a) continuous security monitoring and threat detection, (b) regular security assessments and vulnerability scanning, (c) security awareness training and testing, and (d) proactive system hardening. Prevention systems include automated attack detection, real-time alerting, and dynamic threat response capabilities.
Users shall implement required preventive measures within their environments and maintain vigilance for potential security threats. This includes prompt application of security updates, regular staff security training, and maintenance of current security controls.
BARISMA shall maintain an incident response plan that includes: (a) incident detection and classification procedures, (b) containment and eradication protocols, (c) investigation and documentation requirements, and (d) communication and reporting processes. The incident response plan undergoes regular testing and updates to ensure effectiveness.
Users must report suspected security incidents immediately through designated channels and cooperate fully in incident investigations. This includes preserving evidence, providing requested information, and implementing required remediation measures.
BARISMA shall conduct thorough post-incident analysis including: (a) root cause determination, (b) impact assessment, (c) control effectiveness evaluation, and (d) improvement recommendation development. Findings from post-incident analysis inform updates to security controls and prevention measures.
Users shall participate in post-incident reviews as required and implement recommended security improvements within specified timeframes. This includes updating internal procedures, enhancing security controls, and maintaining documentation of implemented improvements.
4.1 Available Rights
BARISMA shall protect and facilitate the exercise of data subject rights as defined in POPIA and other applicable regulations. These fundamental rights include: (a) right to access personal information, (b) right to correct or update information, (c) right to request deletion of information, and (d) right to object to processing. BARISMA maintains comprehensive procedures and systems to ensure effective implementation of these rights.
Users shall respect and support data subject rights within their scope of system usage. This includes maintaining procedures for handling rights requests, implementing required changes promptly, and documenting all actions taken in response to rights exercises.
BARISMA shall support additional data subject protections including: (a) right to data portability in structured formats, (b) right to restrict processing in specific circumstances, (c) right to withdraw consent for processing activities, and (d) right to object to automated decision-making. These protections include implementation of necessary technical capabilities and procedural safeguards.
Users acknowledge their obligation to support these additional protections and must maintain appropriate processes for handling such requests. This includes providing information in portable formats when required and respecting processing restrictions.
4.2 Exercise of Rights
BARISMA shall maintain clear procedures for data subjects to exercise their rights, including: (a) standardized request forms and submission methods, (b) identity verification requirements, (c) response timeframes and tracking mechanisms, and (d) appeal processes for denied requests. These procedures ensure efficient handling while maintaining appropriate security controls.
Users shall forward any received rights requests to BARISMA promptly and assist in request verification and fulfillment as required. This includes providing necessary information and implementing required changes within their scope of control.
BARISMA shall process rights requests within defined timeframes and maintain comprehensive response documentation. Response management includes: (a) request acknowledgment within 48 hours, (b) full response within 30 days, (c) documented justification for any extensions or denials, and (d) maintenance of complete request and response records.
Users must cooperate with BARISMA's response management processes, including providing requested information promptly and implementing required actions within specified timeframes. This includes maintaining records of their involvement in rights request fulfillment.
4.3 Response Procedures
BARISMA shall implement structured procedures for handling rights requests including: (a) request validation and scope determination, (b) information gathering and verification processes, (c) implementation of requested actions, and (d) quality assurance reviews before response delivery. BARISMA maintains detailed workflows for each type of rights request to ensure consistent handling and complete fulfillment.
Users shall support request processing by: (a) providing accurate and complete information when requested, (b) implementing required changes within their controlled environments, (c) maintaining documentation of actions taken, and (d) confirming completion of required actions to BARISMA.
BARISMA shall maintain clear communication standards for rights request responses including: (a) use of plain language explanations, (b) complete documentation of actions taken, (c) clear justification for any limitations or denials, and (d) information about available appeal processes. All communications are recorded and maintained as part of the request documentation.
Users must adhere to BARISMA's communication standards when involved in rights request responses. This includes maintaining professional communication, providing clear explanations of actions taken, and documenting all communications related to rights requests.
4.4 Limitations and Exceptions
BARISMA shall document and apply valid limitations to data subject rights where legally permitted and necessary. These limitations may apply in circumstances including: (a) legal obligations preventing disclosure or deletion, (b) technical impossibility of request fulfillment, (c) disproportionate effort requirements, and (d) protection of others' rights and freedoms. Each limitation application requires documented justification and legal review.
Users acknowledge that certain limitations may affect rights request fulfillment and must maintain records of applicable limitations within their processing activities. This includes documenting legal bases for limitations and updating such documentation when circumstances change.
BARISMA shall maintain procedures for managing exceptions to standard rights fulfillment processes including: (a) exception criteria and evaluation procedures, (b) additional verification requirements for exceptional cases, (c) special handling procedures for sensitive situations, and (d) enhanced documentation requirements for exceptions.
Users must follow exception management procedures when handling non-standard rights requests. This includes proper documentation of exception circumstances, implementation of additional required controls, and maintenance of detailed records for all exception cases.
BARISMA shall provide a structured appeals process for cases where rights requests are denied or limited. The appeals process includes: (a) clear procedures for submitting appeals, (b) independent review of appeal cases, (c) defined timeframes for appeal resolution, and (d) comprehensive documentation of appeal decisions.
Users shall cooperate with appeal investigations and implement any required changes resulting from successful appeals. This includes providing additional information as requested and maintaining records of appeal-related actions.
5.1 Internal Sharing
BARISMA shall implement strict controls over internal data sharing including: (a) role-based access restrictions, (b) need-to-know basis verification, (c) internal transfer logging and monitoring, and (d) data classification enforcement. All internal sharing must align with documented business purposes and maintain appropriate security controls throughout the sharing process.
Users shall respect internal sharing controls and ensure data transfers within their organization follow established protocols. This includes maintaining appropriate access restrictions, documenting internal transfers, and ensuring shared data remains protected.
BARISMA shall establish clear protocols for cross-departmental data access including: (a) formal access request procedures, (b) business justification requirements, (c) periodic access review processes, and (d) revocation procedures. Each departmental access grant requires documented approval and regular validation of continued access necessity.
Users must implement similar departmental access controls within their organizations and maintain documentation of internal data access authorizations. This includes regular review of access permissions and prompt updates when staff roles change.
5.2 External Disclosures
BARISMA shall maintain strict controls over external data sharing including: (a) due diligence assessment of recipients, (b) contractual safeguards implementation, (c) secure transfer method requirements, and (d) ongoing monitoring of recipient compliance. All external sharing requires documented legal basis and formal data sharing agreements.
Users must obtain BARISMA's approval before sharing system data with external parties and ensure compliance with all sharing requirements. This includes conducting appropriate due diligence on recipients and maintaining records of external sharing activities.
BARISMA shall establish procedures for handling regulatory disclosure requirements including: (a) validation of disclosure authority, (b) scope limitation assessment, (c) secure disclosure methods, and (d) disclosure documentation requirements. All regulatory disclosures are logged and reviewed to ensure compliance with legal obligations while maintaining appropriate data protection.
Users shall notify BARISMA promptly of any regulatory disclosure requirements affecting system data and cooperate in fulfilling such requirements. This includes providing necessary documentation and maintaining records of regulatory disclosures.
5.3 International Transfers
BARISMA shall implement comprehensive controls for international data transfers including: (a) assessment of destination country adequacy, (b) implementation of appropriate transfer mechanisms, (c) documentation of transfer impact assessments, and (d) maintenance of required transfer authorizations. BARISMA conducts regular reviews of international transfer arrangements to ensure continued compliance with evolving requirements.
Users must notify BARISMA of any international transfer requirements and obtain approval before initiating such transfers. This includes providing information about transfer destinations, purposes, and proposed security measures.
BARISMA shall utilize appropriate legal mechanisms for international transfers including: (a) standard contractual clauses, (b) binding corporate rules where applicable, (c) adequacy decisions recognition, and (d) specific derogations when permitted. Each transfer mechanism is documented and regularly reviewed for continued validity and effectiveness.
Users shall comply with requirements of applicable transfer mechanisms and maintain necessary documentation supporting their international transfers. This includes implementing additional safeguards when required by specific transfer mechanisms.
5.4 Transfer Safeguards
BARISMA shall implement comprehensive security measures for data transfers including: (a) end-to-end encryption for all transfers, (b) secure file transfer protocols, (c) access controls during transfer processes, and (d) transfer monitoring and logging systems. These measures ensure data protection throughout the transfer lifecycle, from initiation to completion.
Users must utilize BARISMA's approved transfer methods and implement required security measures for all data transfers. This includes maintaining appropriate security controls within their environments and documenting transfer security measures.
BARISMA shall maintain comprehensive transfer documentation including: (a) transfer impact assessments, (b) transfer authorization records, (c) security measure implementations, and (d) transfer monitoring logs. Documentation requirements apply to all types of transfers, whether routine or exceptional.
Users shall maintain records of their transfer activities and provide documentation to BARISMA upon request. This includes maintaining evidence of transfer authorizations, security measures, and any relevant impact assessments.
BARISMA shall implement monitoring systems for all data transfers including: (a) real-time transfer tracking, (b) automated anomaly detection, (c) transfer completion verification, and (d) regular transfer audit processes. Monitoring ensures compliance with transfer requirements and enables prompt detection of potential issues.
Users shall cooperate with BARISMA's transfer monitoring activities and respond promptly to any identified issues. This includes providing requested information about transfers and implementing corrective measures when required.
6.1 Retention Periods
BARISMA shall maintain defined retention periods for all data categories including: (a) active account data retained for the duration of service plus two years, (b) transaction records retained for seven years per regulatory requirements, (c) system logs retained for three years, and (d) backup data retained for 30 days. BARISMA regularly reviews and updates retention periods to ensure alignment with legal requirements and business needs.
Users shall comply with established retention periods and implement processes to ensure data is not retained beyond specified periods. This includes maintaining their own retention schedules aligned with BARISMA's requirements and documenting retention compliance.
BARISMA shall implement automated retention management systems including: (a) data age monitoring, (b) retention period tracking, (c) expiration notifications, and (d) archival triggers. These systems ensure consistent application of retention policies and timely identification of data requiring action.
Users must review retention notifications and take appropriate action within specified timeframes. This includes verifying data for continued retention needs and authorizing disposal when appropriate.
6.2 Storage Requirements
BARISMA shall maintain secure storage environments for retained data including: (a) encrypted storage systems, (b) access-controlled repositories, (c) segregated storage based on data classification, and (d) redundant storage for critical data. Storage systems include monitoring capabilities and regular integrity verification.
Users shall ensure data stored within their environments meets BARISMA's storage requirements. This includes implementing appropriate security controls and maintaining storage system documentation.
BARISMA shall implement structured archive management procedures including: (a) secure archive creation processes, (b) indexed archive storage, (c) archive access controls, and (d) archive retrieval procedures. Archive systems maintain data integrity while ensuring continued accessibility when required.
Users must follow archive procedures when required and maintain appropriate access controls for archived data. This includes documenting archive contents and maintaining archive access logs.
6.3 Disposal Procedures
BARISMA shall implement secure data deletion procedures including: (a) secure wiping of electronic records, (b) destruction of physical media, (c) verification of deletion completion, and (d) documentation of disposal actions. These procedures ensure complete and irreversible removal of data when required, with appropriate controls to prevent unauthorized or accidental deletion.
Users shall follow BARISMA's deletion procedures when disposing of system data and maintain records of all disposal actions. This includes verifying successful deletion and documenting the legal basis for disposal.
BARISMA shall maintain verification processes for data disposal including: (a) multiple-pass deletion verification, (b) independent confirmation of disposal completion, (c) automated disposal logging, and (d) retention of disposal certificates. Verification processes ensure compliance with disposal requirements and maintain audit trails of disposal actions.
Users must cooperate with disposal verification processes and maintain evidence of disposal compliance. This includes providing confirmation of disposal actions and maintaining disposal records as required.
6.4 Archival Standards
BARISMA shall establish comprehensive archival standards including: (a) criteria for determining archival requirements, (b) secure archival storage solutions, (c) archive access control mechanisms, and (d) archive restoration procedures. Archival standards ensure long-term preservation of required data while maintaining appropriate security and accessibility.
Users shall identify data requiring archival and follow BARISMA's archival procedures. This includes proper classification of archival data and maintenance of archive access records.
BARISMA shall conduct regular archive maintenance activities including: (a) periodic integrity checks of archived data, (b) format conversion for long-term accessibility, (c) storage medium updates as required, and (d) validation of archive retrieval capabilities. Maintenance activities ensure continued availability and usability of archived information.
Users must cooperate with archive maintenance activities and report any issues accessing archived data. This includes participating in archive testing when required and maintaining documentation of archive access needs.
BARISMA shall maintain controlled archive access procedures including: (a) formal access request processes, (b) authorization requirements for archive access, (c) secure retrieval methods, and (d) access logging and monitoring. These procedures ensure appropriate protection of archived data while enabling authorized access when needed.
Users must follow established procedures for requesting archive access and maintain records of archive retrievals. This includes documenting the purpose of archive access and ensuring appropriate handling of retrieved data.
7.1 Automated Decision Making
BARISMA shall implement controls for automated decision-making processes including: (a) algorithm validation and testing procedures, (b) regular accuracy assessments, (c) human oversight mechanisms, and (d) appeal processes for automated decisions. These controls ensure fairness, accuracy, and transparency in automated processing activities.
Users shall inform their data subjects about automated decision-making processes and maintain procedures for handling intervention requests. This includes documenting the logic involved in automated decisions and maintaining records of intervention cases.
BARISMA shall maintain specific safeguards for automated processing including: (a) bias detection and mitigation procedures, (b) regular performance monitoring, (c) decision audit trails, and (d) system maintenance protocols. These safeguards protect against discriminatory outcomes and ensure system reliability.
Users must implement required safeguards when utilizing automated processing features and maintain documentation of safeguard effectiveness. This includes regular review of automated decisions and prompt reporting of any concerns.
7.2 Marketing Communications
BARISMA shall maintain robust consent management for marketing activities including: (a) granular consent options for different marketing channels, (b) clear opt-in/opt-out mechanisms, (c) consent record maintenance, and (d) preference management tools. These systems ensure compliance with marketing regulations and respect for user preferences.
Users shall obtain and maintain appropriate marketing consents and respect all opt-out requests promptly. This includes maintaining accurate consent records and implementing preference changes without delay.
BARISMA shall implement controls for marketing communications including: (a) frequency limitations, (b) content approval processes, (c) suppression list management, and (d) campaign tracking systems. These controls prevent communication overload and ensure compliance with marketing standards.
Users must adhere to communication controls and maintain records of marketing activities. This includes respecting communication limits and maintaining accurate suppression lists.
7.3 Cookie Usage
BARISMA shall maintain transparent cookie management practices including: (a) comprehensive cookie classification system, (b) clear cookie consent mechanisms, (c) cookie lifetime controls, and (d) regular cookie audit procedures. BARISMA categorizes cookies as essential, functional, analytical, or marketing, with appropriate controls for each category.
Users shall implement BARISMA's cookie management requirements within their authorized integrations and maintain documentation of cookie usage. This includes obtaining necessary consents and providing clear information about cookie purposes.
BARISMA shall implement cookie control mechanisms including: (a) granular cookie preference settings, (b) cookie blocking capabilities, (c) cookie expiration enforcement, and (d) third-party cookie restrictions. These controls ensure user privacy preferences are respected and maintained throughout system usage.
Users must respect cookie preferences and implement required controls within their environments. This includes maintaining current cookie notices and updating cookie practices as required.
7.4 Children's Data
BARISMA shall implement enhanced protections for processing children's data including: (a) age verification mechanisms, (b) parental consent requirements, (c) restricted processing limitations, and (d) special security measures. These protections ensure compliance with specific requirements for processing children's personal information.
Users shall identify any children's data processing activities and implement required additional safeguards. This includes maintaining verifiable parental consent records and implementing age-appropriate security measures.
BARISMA shall maintain strict controls over children's data processing including: (a) purpose limitation enforcement, (b) data minimization requirements, (c) enhanced security protocols, and (d) specific retention restrictions. These controls ensure children's data receives appropriate protection throughout its lifecycle.
Users must comply with all processing restrictions for children's data and maintain detailed records of any such processing. This includes implementing required restrictions and promptly reporting any compliance concerns.
BARISMA shall implement robust age verification procedures including: (a) multi-factor age verification methods, (b) parental authentication processes, (c) verification record maintenance, and (d) regular verification audits. These procedures ensure accurate identification and appropriate handling of children's data.
Users shall cooperate with age verification procedures and maintain necessary verification documentation. This includes implementing required verification steps and maintaining evidence of compliance.
8.1 Roles and Responsibilities
BARISMA shall maintain a defined governance structure including: (a) appointed Data Protection Officer, (b) privacy steering committee, (c) designated privacy champions within key departments, and (d) clear reporting lines for privacy matters. This structure ensures effective oversight and management of data protection activities.
Users shall establish appropriate internal governance structures and designate responsible individuals for privacy compliance. This includes defining clear roles and responsibilities for data protection within their organization.
BARISMA shall implement accountability measures including: (a) regular compliance assessments, (b) documented decision-making processes, (c) performance metrics for privacy programs, and (d) regular reporting to senior management. These measures demonstrate ongoing compliance and commitment to data protection principles.
Users must maintain their own accountability measures and provide evidence of compliance when requested. This includes participating in compliance assessments and maintaining required documentation.
8.2 Training and Awareness
BARISMA shall provide comprehensive privacy training including: (a) initial privacy orientation for all users, (b) role-specific privacy training, (c) regular refresher courses, and (d) specialized training for high-risk processing activities. Training programs are updated regularly to address emerging privacy risks and regulatory changes.
Users shall ensure their personnel complete all required training and maintain training records. This includes implementing internal privacy awareness programs and verifying training completion.
BARISMA shall maintain ongoing privacy awareness programs including: (a) regular privacy bulletins, (b) security alerts and updates, (c) privacy incident case studies, and (d) best practice guidelines. These programs ensure continuous attention to privacy requirements and emerging risks.
Users must participate in awareness programs and disseminate relevant information within their organizations. This includes maintaining records of awareness activities and measuring their effectiveness.
8.3 Compliance Monitoring
BARISMA shall implement comprehensive compliance monitoring including: (a) automated compliance scanning tools, (b) regular compliance assessments, (c) real-time policy violation detection, and (d) compliance reporting systems. These monitoring activities ensure continuous oversight of privacy compliance across all system operations.
Users shall participate in compliance monitoring activities and respond promptly to identified issues. This includes providing access to required compliance information and implementing corrective actions as needed.
BARISMA shall maintain regular audit procedures including: (a) scheduled privacy audits, (b) ad-hoc compliance checks, (c) third-party assessments, and (d) audit finding remediation tracking. Audit processes ensure independent verification of compliance with privacy requirements.
Users must cooperate with audit activities and provide necessary documentation and access. This includes maintaining audit readiness and implementing audit recommendations within specified timeframes.
8.4 Documentation Requirements
BARISMA shall maintain comprehensive documentation including: (a) privacy impact assessments, (b) processing activity records, (c) consent records, and (d) compliance evidence. Documentation requirements ensure demonstrable compliance with privacy obligations and regulatory requirements.
Users shall maintain required documentation within their organizations and make such documentation available upon request. This includes keeping records current and properly organized for efficient retrieval.
BARISMA shall implement documentation control procedures including: (a) version control systems, (b) document retention schedules, (c) access controls for documentation, and (d) regular document review processes. These controls ensure documentation remains accurate, current, and properly protected.
Users must follow documentation management procedures and maintain appropriate controls over privacy-related documentation. This includes implementing document security measures and regular review procedures.
BARISMA shall maintain evidence of compliance including: (a) activity logs, (b) change management records, (c) training completion records, and (d) incident response documentation. Evidence maintenance ensures ability to demonstrate compliance when required.
Users shall maintain evidence of their compliance activities and provide such evidence upon request. This includes organizing evidence in an easily accessible manner and ensuring its completeness.
9.1 Review and Updates
BARISMA shall conduct regular policy reviews including: (a) annual comprehensive policy assessments, (b) impact analysis of regulatory changes, (c) effectiveness evaluations, and (d) stakeholder feedback incorporation. These reviews ensure policies remain current, effective, and aligned with legal requirements and business needs.
Users shall participate in policy review processes when requested and provide feedback on policy effectiveness. This includes identifying operational impacts of policies and suggesting improvements based on practical experience.
BARISMA shall maintain structured update procedures including: (a) policy change assessment, (b) stakeholder consultation processes, (c) version control management, and (d) update implementation planning. These procedures ensure orderly and effective policy updates.
Users must review policy updates when issued and implement required changes within specified timeframes. This includes updating internal procedures to align with policy changes.
9.2 Communication of Changes
BARISMA shall implement comprehensive change communication processes including: (a) advance notification of policy changes, (b) detailed change documentation, (c) implementation guidance provision, and (d) acknowledgment tracking. These processes ensure effective dissemination of policy updates.
Users shall acknowledge receipt of policy changes and disseminate updates within their organizations. This includes maintaining records of change notifications and implementation actions.
BARISMA shall provide updated training materials reflecting policy changes including: (a) change impact summaries, (b) modified procedure guides, (c) updated compliance requirements, and (d) refresher training modules. These materials support effective implementation of policy changes.
Users must ensure relevant personnel complete updated training and understand policy changes. This includes maintaining records of training completion and understanding verification.
9.3 Implementation Procedures
BARISMA shall maintain structured implementation procedures including: (a) phased rollout schedules, (b) impact assessment reviews, (c) resource allocation planning, and (d) success criteria definition. These procedures ensure smooth transition to updated policies while minimizing operational disruption.
Users shall develop implementation plans for their organizations and coordinate with BARISMA during rollout phases. This includes assigning implementation responsibilities and tracking completion of required changes.
BARISMA shall conduct implementation verification including: (a) compliance checkpoints, (b) implementation audits, (c) effectiveness measurements, and (d) corrective action tracking. These measures ensure successful policy implementation across all affected areas.
Users must participate in verification activities and provide evidence of successful implementation. This includes maintaining documentation of compliance efforts and addressing any identified gaps.
9.4 Exception Handling
BARISMA shall implement exception management procedures including: (a) formal exception request processes, (b) risk assessment requirements, (c) approval workflows, and (d) exception monitoring protocols. These procedures ensure controlled management of necessary policy exceptions.
Users shall follow established exception procedures and maintain documentation of approved exceptions. This includes periodic review of existing exceptions and timely removal when no longer required.
BARISMA shall maintain risk assessment processes for exceptions including: (a) risk evaluation criteria, (b) mitigation requirement identification, (c) regular risk reviews, and (d) risk acceptance documentation. These processes ensure appropriate risk management for policy exceptions.
Users must implement required risk mitigation measures for approved exceptions and maintain risk monitoring procedures. This includes regular reporting on exception-related risks and mitigation effectiveness.
BARISMA shall maintain comprehensive exception records including: (a) exception justifications, (b) approval documentation, (c) implemented controls, and (d) review schedules. This documentation ensures proper tracking and management of all policy exceptions.
Users shall maintain records of exceptions applicable to their operations and provide updates as required. This includes tracking exception expiration dates and initiating renewal processes when needed.
10.1 Contact Information
BARISMA shall maintain dedicated privacy support channels including: (a) Data Protection Officer contact details, (b) privacy support helpdesk, (c) compliance team contact information, and (d) emergency response contacts. These channels ensure efficient communication for privacy-related matters.
Users shall maintain current contact information and utilize appropriate channels for privacy-related communications. This includes documenting all significant privacy-related communications and their outcomes.
BARISMA shall implement clear escalation procedures including: (a) issue severity classification, (b) response time commitments, (c) escalation paths for unresolved issues, and (d) management notification triggers. These procedures ensure appropriate handling of privacy concerns based on their urgency and impact.
Users must follow defined escalation procedures and maintain records of escalated issues. This includes tracking resolution progress and documenting final outcomes.
10.2 Complaint Procedures
BARISMA shall maintain structured complaint management processes including: (a) complaint intake procedures, (b) investigation protocols, (c) resolution tracking, and (d) response documentation. These processes ensure consistent and fair handling of privacy-related complaints.
Users shall cooperate with complaint investigations and provide requested information promptly. This includes implementing required remedial actions and maintaining records of complaint resolutions.
10.3 Regulatory Authorities
BARISMA shall maintain procedures for interaction with regulatory authorities including: (a) designated points of contact, (b) response protocols for regulatory inquiries, (c) notification procedures for reportable events, and (d) compliance reporting mechanisms. These procedures ensure appropriate engagement with regulatory bodies.
Users shall notify BARISMA promptly of any regulatory communications concerning data processed through the System. This includes providing copies of relevant correspondence and cooperating with regulatory responses.
BARISMA shall maintain processes for regulatory reporting including: (a) breach notification procedures, (b) periodic compliance reports, (c) audit result submissions, and (d) regulatory filing schedules. These processes ensure timely and accurate regulatory communications.
Users must provide necessary information for regulatory reporting and maintain records of their regulatory interactions. This includes implementing any required changes resulting from regulatory guidance.
10.4 Additional Resources
BARISMA shall provide comprehensive support resources including: (a) privacy guidance documentation, (b) compliance toolkits, (c) training materials, and (d) best practice guides. These resources support effective privacy program implementation and maintenance.
Users shall utilize provided resources appropriately and maintain current versions of support materials. This includes ensuring relevant staff have access to necessary resources.
BARISMA shall maintain an updated knowledge base including: (a) frequently asked questions, (b) case studies and examples, (c) implementation guides, and (d) troubleshooting procedures. This knowledge base provides self-service support for common privacy matters.
Users shall consult available resources before escalating issues and contribute to knowledge base improvement through feedback. This includes documenting solutions to unique privacy challenges for future reference.
BARISMA shall maintain access to professional privacy support including: (a) legal counsel for privacy matters, (b) technical privacy specialists, (c) audit support resources, and (d) implementation consultants. These resources provide expert assistance for complex privacy issues.
Users must engage professional support through appropriate channels and maintain confidentiality of provided guidance. This includes documenting received advice and its implementation.
Contact Information:
