ZZ2 GROUP INTERNET, EMAIL, SOFTWARE AND ELECTRONIC DEVICE USE POLICY

All devices (Desktop, Laptop, Tablet or Mobile Phone and any other electronic device ) issued to an employee remain the property of ZZ2.

Electronic communications systems and all messages, data and/or information generated on or handled by electronic communications systems or through the IT infrastructure of ZZ2, including back-up copies, are considered to be the property of ZZ2, and are not the property of users of the electronic communications services.

Should personal electronic communication or content of a personal nature be stored on ZZ2 property it will be deemed as property of ZZ2, and ZZ2 or its representatives hold the right to access the communication at any given time. Examples of such information/data includes(but is not limited to):Files, emails, Instant Messages, Telephone Calls, Video Conferences, SMS Messages etc.

Although this policy refers to any means of electronic communication it also specifically refers to ZZ2’s website- and email facilities.

1. As a productivity enhancement tool, ZZ2 encourages the business use of electronic communications (voice mail, sms, email, FTP, VoIP, fax, Skype for Business, Whatsapp, Telegram, Google Meet etc).
2. The use of the Internet, email, software, telephone, cellphone, devices and other mobile facilities (hereinafter "facilities") provided by ZZ2 must be consistent and in alignment with the business goals and objectives of ZZ2. Usage thereof is authorised to conduct official business only
3. Email addresses are assigned to employees individually and the security of each email address remains the responsibility of that employee. Employees are required to inform theZZ2 IT Department in the event that such employee resigns or is transferred to another department within ZZ2.
4. An employee’s email address may also be linked to one or more “Group addresses''. Once you are a member of such a group you will be notified of mail sent to that group. Emails sent to a group address cannot be replied to other than by the individual members of that group. In the event that you are transferred to another Department within ZZ2 and have no further interest in a group, you have the option of leaving the group, or you can request IT to remove you from the group.
5. Email is to be used for business purposes only. This must be kept in mind when sending or forwarding non-business emails to associates, family or friends, internal or external. Non-business related emails waste company time and attention and can be the source of risk in terms of viruses and malware. This specifically relates to hoax emails as well as mails from friends (and co-workers) with pictures, powerpoint shows or other animations displayed or attached. Usually these types of mails request the receiver to forward it to as many contacts as possible, inducing you to participate in the waste of valuable time and company resources whilst increasing risk.
6. Where emails (and/or other electronic messages) are being sent (especially to parties outside the ZZ2 Group), due care should be taken to make sure that the intention of the message is well thought out and its execution matches closely. Some examples of the above(including, but not limited to):
   - .If the intention is not to disclose the addresses of other intended recipients (outside theZZ2 domain), then the BCC function should be used.
   - .If the intention is not to disclose the full email trail in a message, then care should betaken to redact the message to only include the intended content.
7. Notwithstanding the above, the facilities may be used to a limited extent for private matters i.e. online banking, on condition that such use also complies with the criteria as set out below, and in a manner that would be considered by ZZ2 to be reasonable and acceptable.
8. Employees will be expected to exercise responsible, ethical behavior when using the facilities. Inappropriate or illegal use of the facilities will result in the loss of privileges, and may possibly lead to dismissal. Employees’ conduct should be governed and aligned with theZZ2 value system

• Use of the facilities is a privilege and not a right; consequently, employees and/or partners ofZZ2 are expected to strictly adhere to the following user guidelines:

• Transmission of any material in violation of any laws, regulation, or management policy is prohibited
• Users should not create, access, display, view, download, save or transmit any text, file picture, graphic, or sound clip or engage in any conference that includes material which is gambling related, obscene, libelous, indecent, vulgar, profane, lewd or which advertises any product or service not permitted to minors by law
• .Users should not create, access, display, view, download, save or transmit threatening, racist, sexist, obscene, offensive, defamatory, annoying or harassing language and/or materials such as broadcasting unsolicited messages or sending unwanted mail(including but not limited to Spam)
• The sending of Bulk ZZ2 email notifications shall be limited to the office of the CEO, Human Resources, Admin and IT departments.
• Use of the facilities for private commercial related activities or for political activities or purposes is prohibited.
• Users must ensure that their devices’ screensavers are automatically activated after an appropriate time period and that the password is needed in order to resume the session. Keep your passwords and PIN codes private. The same applies for Cellphones where lockout screens with passkey/passcode must be activated within at least 60seconds. Passwords and PIN codes should comply with the complexity policy of each of the services as well as with the retention period for that password or PIN code.
• .In cases where it was necessary to log into another device with your profile, users must remember to log out properly once finished. Same applies for files that were shared temporarily
• Users should adhere to all copyright, trademark, and licensing agreements and laws regarding the use of software, including seeking permission when required. In particular any use of software must strictly adhere to the terms and conditions of the license. Any unauthorised downloading, reproduction and/or use of proprietary software is strictly prohibited. We do not condone the use of Pirate Software. Should users become aware of any misuse of software or related documentation, the IT Manager should be informed immediately
• .Users should not download any executable programs (e.g., self-extracting zip files) or program modules (i.e software applications or applets including operating systems), or install executable attachments to email, except as authorised by and under direct supervision of the IT Department.
• Software and other executable programs on any device only to be installed by representatives of the IT Department, or in case of external consultants, under direct supervision of the IT Department. This includes apps being downloaded on cell phones. Users may not change any registry/security and/or startup settings without consulting with the IT Department
• The IT Department changes the default software and solutions from time to time. This is as a result of changes in the technological landscape and/or for enhanced functionality and/or for standardisation and/or for the mitigation of security and business risks. It is usually as a result of extensive consultation with industry experts and all major stakeholders in the business. It is also paired with relevant training (either formal or informal). The user should endeavour to comply with these changes and seek assistance and/or additional training where necessary.
• Users should not, under any circumstances, leak or share proprietary or confidential information for illegitimate and/or non work-related purposes. This includes (but is not limited to): Sharing a drive or documents or sending work documents, templates, source-code or confidential information to any email address or by any other means for future use.. All sharing notifications (as per user authorised to do so) to be accompanied by the following notification “Please note that the information contained on this shared file or drive comprises Intellectual Property of the ZZ2 Group of companies. The information contained in this drive may therefore be processed for the purposes in respect of which it is shared, only.”
• Employees are allowed to mention in their public profiles (with special regard to private social media including (but not limited to) Facebook, Instagram, Twitter, LinkedIn and a myriad of others) that they are in fact employees of ZZ2. However no other information regarding ZZ2 may be published without the written consent of the CEO (Rule 1 of the Workplace Rules and Regulations of ZZ2). ZZ2 has its own curated Facebook/Twitter (and other Social Media) sites and should one want to contribute, such contributions to be forwarded to the CEO or Marketing Manager for publication, if they deem it appropriate. Also be aware that anything you publish on your social media pages is considered as published publicly – be careful with negative or libelous comments regarding people as you could face possible defamation charges
• Users should be aware of computer viruses and other destructive computer programs, and take all reasonable steps to avoid being a victim or unwitting distributor of these processes. Should a user become aware that his/her Computing Device has been infected or that his/her Anti-Virus is due to expire the IT department must be notified immediately.
  - Do not be fooled by email “Hoaxes” regarding viruses – rather confirm it with the IT department before forwarding it to all your contacts.
  - Do not be fooled by Phishing or Spear Phishing messages that urge you to act quickly or outside the formal business processes. Contact the IT department if you are the recipient of any suspicious messages.
• Cell Phones may not be “Rooted” or “Jailbroken” and
  - Should be protected by Anti-virus software; and
  - Properly protected from unwanted access using the mechanisms available on the Device (PIN Code, Password, Facial Recognition and/or Fingerprint Recognition or other similarly secure biometrics).
• Cellphone Apps may only be downloaded from the relevant Apps Store and installed after the IT department’s approval in writing.
• Users will be responsible for the proper backup of data on their workstations. This must be done in conjunction with the IT Department.
• Users must, to the best of their ability, ensure that the content of all authorised communications are accurate and concise. Users should use the same care in drafting and sending electronic communications as that afforded to traditional written communication - taking special care to consider the relevance of the recipient(s) and the intention of your communication. Refer to Section 4.4 above.
• Users may not plug any routers/switches or other foreign network devices onto the LAN (Local area Network), connect any network cables without instruction from the IT Department or try to interfere with any network (wireless or otherwise).
• Passwords for Wireless LAN hotspots to be kept confidential

• All communications generated, sent, received or stored by electronic means by Users are prima facie deemed to be of a business nature and subject to monitoring and interception in terms of the provisions of the Regulation of Interception of Communication and Provision of Communication-Related Information Act 75 of 2002. The Electronic Communications and Transactions Act 25 of 2002 will also apply. By using facilities provided by ZZ2, all users agree to such monitoring
• All emails sent must be covered by ZZ2’s standard email signature and disclaimer – no “custom” signatures allowed.
• As the monitoring of communications on ZZ2’s communication infrastructures (whether it be information technology or any other communication infrastructures operated by ZZ2) is necessary for the support and maintenance of ZZ2’s communication infrastructures, ZZ2administrators may deem it necessary to search any computer drive or file system for alleged violations of this policy. In particular, ZZ2 retains the right to randomly monitor and intercept all employee communications, regardless of whether they are of a business or personal nature, including but not limited to email, Internet usage, telephone calls, video conferences and instant messaging.
• Information available on ZZ2’s information technology infrastructures may only be used at the sole discretion of ZZ2 as owner of the information. Users may not disseminate to third parties any proprietary information belonging to ZZ2. When Web sites and other Internet locations require information about ZZ2 or its resources as a condition of registration or access, users should not disclose sensitive or proprietary information. Providing public information about ZZ2 is permissible, but users should confirm any disclosure of confidential or proprietary information with the IT Department.
• Any use of the facilities in direct contravention of the above guidelines will be considered to be a misuse of the facilities
• Same rules with regard to responsible, ethical behaviour and conduct in line with the ZZ2value system will be applied to voice communication – telephone and mobiles

1. ZZ2 may monitor users’ use of email, internet, telephones, computers and devices provided to them by ZZ2. This monitoring is carried out in ZZ2’s legitimate purposes, for security purposes, to detect unauthorised use and to ensure that ZZ2’s policies are adhered to.
2. Through the monitoring referred to above, ZZ2 may obtain a variety of information, including(but not limited to):
   - Telephone numbers dialed by the user;
   - Websites visited by the user;
   - emails sent and received by the user.
3. Information obtained through monitoring may be shared internally and with third parties(including, but not limited to, legal advisors and law enforcement).
4. Information obtained through monitoring will be retained for as long as ZZ2 has a lawful purpose for it.
5. Users have rights in accordance with POPIA. For further information, see ZZ2’s Internal Privacy Notice

1. Due care must be taken to prevent loss of devices. Do not leave it in open sight or unattended
2. In case of loss or theft of any device:

• .Immediately Phone IT and report it
• Thereafter report it at databreach@zz2.co.za and disclose details of:
  - Any Personal Information of individuals and/or legal entities that was on the device
  - Telephone Numbers, Cell phone numbers
  - ID Numbers
  - Account Numbers
  - Any Intellectual Property of ZZ2
  - Any other confidential information regarding ZZ2’s operations
• Report the loss at SA Police Services and send case Number to databreach@zz2.co.za
• Should the loss or theft of the device be due to the negligence of the employee, the employee may be held liable for the replacement costs

1. Monthly Invoices regarding Company provided sim cards (with or without a device) will be monitored closely by the administration department. Any costs regarding unauthorised MSISDN (Telephone number), VAS (Value added Services) and WASP (Wireless Application Service Providers) or any other services will be recoverable from the employee.
2. The Company may Soft/Hard block or process a SIM swap on the employee's allocated company’s MSISDN without notice.

1. Utmost care must be exercised to keep the devices safe from damage. This includes using the correct charger(s).
2. Should a device be damaged to such extent that it is deemed unusable, it must immediately be reported to the employee’s direct manager as well as the IT Department for further instructions
3. If it is found that the device was damaged due to user negligence, the employee may beheld liable for the repair or replacement costs

Should the employee's contract be terminated due to whatever reason, the employee needs to hand the SIM and/or device(s) over to the IT department or Relevant Manager inworking condition. Should it be damaged Clause(9) will apply

Not all sources on the Internet provide accurate, complete or current information. Employees need to be good information consumers, questioning the validity of the information.

Ultimate responsibility for resolution of problems related to the invasion of an employee's privacy or loss of data resides with that specific employee. ZZ2 assumes no liability for loss or damage to data or for any damage, injury or loss arising from invasion of the staff member's privacy, or misuse of the facilities.

1. I understand that all electronic communications (including email and Internet facilities)are a resource operated and managed by ZZ2.
2. I understand that any misuse of the facilities may result in ZZ2 taking appropriate disciplinary action against me.
3. All disciplinary actions instituted for misuse of the facilities, shall be consistent with current disciplinary policies and procedures.
4. Irrespective of internal disciplinary proceedings, ZZ2 reserves the right to proceed with legal action, both civil and criminal, against me for any alleged violations of current law.

ZZ2 reserves the right to revise this policy, as it deems necessary