1. Introduction & Purpose

This Confidentiality & Non-Disclosure Policy (the "Policy") establishes the standards, guidelines, and procedures for protecting confidential information and trade secrets belonging to Nexly Corporation ("Nexly" or the "Company") and its clients, partners, and other stakeholders. Located at 701 South Street Suite 100, Mountain Home, AR 72653, Nexly recognizes that the protection of confidential information is critical to its business operations, competitive advantage, and legal and ethical obligations. This Policy is designed to:

• Protect Confidential Information: Define and safeguard all confidential information and trade secrets belonging to Nexly and its clients, partners, and other stakeholders from unauthorized access, use, disclosure, or loss.
• Ensure Compliance with Legal Obligations: Ensure compliance with all applicable laws, regulations, and contractual obligations related to confidentiality and non-disclosure.
• Maintain Competitive Advantage: Protect Nexly's competitive advantage by preventing the unauthorized disclosure of proprietary information.
• Protect Intellectual Property: Safeguard Nexly's intellectual property rights, including patents, trademarks, copyrights, and trade secrets.
• Establish Clear Responsibilities: Define the roles and responsibilities of all Nexly employees, contractors, and other individuals with access to confidential information.
• Provide Guidelines and Procedures: Offer clear guidelines and procedures for handling, storing, transmitting, and disposing of confidential information.
• Provide Consequences of Non-Compliance: Establish the consequences of failing to comply with the Policy.

This Policy applies to all Nexly employees, contractors, consultants, interns, vendors, and any other individuals or entities with access to, or who may come into contact with, confidential information of Nexly or its clients (collectively, "Covered Parties"). This Policy is to be read in conjunction with other Company policies, including, but not limited to, the Code of Conduct, the Information Security Policy, the Data Privacy Policy, and the Intellectual Property Policy.

2. Definitions

For the purposes of this Policy, the following definitions apply:

• Confidential Information: Any information, regardless of its form or the medium on which it is stored, that is not generally known to the public or to competitors of Nexly Corporation and is:
  • Proprietary to Nexly: Developed, owned, or controlled by Nexly, including trade secrets, business plans, marketing strategies, financial information, customer lists, product designs, software code, and research data.
  • Proprietary to a Client or Third Party: Information provided to Nexly by a client, partner, or other third party, that the Company is obligated to keep confidential.
  Confidential Information may include (but is not limited to) trade secrets, technical data, formulas, patterns, compilations, programs, devices, methods, techniques, processes, designs, drawings, specifications, customer lists, financial data, business strategies, marketing plans, personnel information, contracts, pricing, and any other information of a similar nature. This includes tangible and intangible information. It is considered confidential whether it is marked as such or not, if it is something that should be reasonably protected.
• Trade Secret: Information, including a formula, pattern, compilation, program, device, method, technique, or process that:
  • Derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, other persons who can obtain economic value from its disclosure or use.
  • Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
  This may be a subset of Confidential Information.
• Protected Information: Any Confidential Information and/or Trade Secret.
• Disclosure: Any communication, transmittal, or other means by which Confidential Information is made known to any person or entity.
• Covered Parties: All Nexly employees, contractors, consultants, interns, vendors, and any other individuals or entities with access to, or who may come into contact with, Confidential Information of Nexly or its clients.
• Need to Know: A legitimate business need to access or use Confidential Information in order to perform one's job duties or responsibilities.
• Non-Disclosure Agreement (NDA): A legally binding agreement between Nexly and another party that protects Confidential Information.

3. Responsibilities

All Covered Parties have a responsibility to protect Confidential Information. The following outlines specific responsibilities:

• 3.1. All Covered Parties:
  • Confidentiality Obligation: Must protect Confidential Information and treat it with the utmost care and discretion.
  • Limited Access: May access Confidential Information only on a "need to know" basis.
  • Appropriate Use: May use Confidential Information only for legitimate business purposes related to their job duties.
  • Prohibition on Disclosure: Must not disclose Confidential Information to any unauthorized person or entity, either directly or indirectly.
  • Security Measures: Must take reasonable steps to protect Confidential Information from unauthorized access, use, disclosure, or loss, including following all Company policies and procedures.
  • Reporting Violations: Must promptly report any known or suspected breaches of confidentiality to their manager, Legal Counsel, or the designated point of contact within the Information Security Department.
  • Adherence to NDA: Adhere to all Non-Disclosure Agreements (NDAs) to which Nexly is a party.
• 3.2. Management and Supervisors:
  • Implementation: Implement this Policy within their respective departments or areas of responsibility.
  • Guidance and Training: Provide guidance and training to their employees on this Policy and the proper handling of Confidential Information.
  • Oversight: Oversee employee compliance with this Policy.
  • Prompt Reporting: Report any suspected or known breaches of this Policy immediately to Legal Counsel and the Information Security Department.
• 3.3. Legal Counsel:
  • Legal Review: Review, and oversee, the Non-Disclosure Agreements entered into by Nexly.
  • Policy Interpretation: Provide legal guidance and interpret this Policy.
  • Investigation and Enforcement: Investigate any alleged violations of this Policy and take appropriate action.
• 3.4. Information Security Department:
  • Data Security: Develop and implement security measures and protocols to protect Confidential Information.
  • Monitoring and Auditing: Monitor and audit systems and data access to ensure compliance with this Policy and other security policies.
  • Incident Response: Manage and respond to security incidents and breaches involving Confidential Information.
• 3.5. Third-Party Vendors, Contractors, and Consultants:
  • Compliance with NDA and Policy: Must comply with all applicable confidentiality provisions in their contracts with Nexly and with this Policy.
  • Use of Data: Use any confidential information for the purposes specified in their contract.
  • Data Security: Implement security measures to protect any data they receive from or on behalf of Nexly, including returning all data upon the contract’s conclusion.

4. Protection of Confidential Information

To protect Confidential Information, the following practices must be followed:

• 4.1. Physical Security:
  • Secure Storage: Store Confidential Information in a secure location, such as locked cabinets, secure file servers, and password-protected computers.
  • Access Controls: Limit physical access to areas where Confidential Information is stored to authorized personnel only.
  • Secure Disposal: Dispose of Confidential Information in a secure manner, such as shredding paper documents or securely wiping electronic media.
  • Visitor Management: Visitors must be escorted and must not be given access to Confidential Information unless under supervision of an authorized employee.
• 4.2. Electronic Security:
  • Password Protection: Use strong passwords and protect all devices and accounts with appropriate security measures.
  • Encryption: Encrypt sensitive data, both at rest and in transit.
  • Firewalls and Antivirus: Use firewalls and antivirus software to protect computer systems from malware and unauthorized access.
  • Secure Communication: Use secure communication channels, such as encrypted email or secure file-sharing services, when transmitting Confidential Information.
  • Remote Access: Use secure methods, such as Virtual Private Networks (VPNs), to access Company systems remotely.
  • Data Loss Prevention: Utilize data loss prevention (DLP) tools and technologies to prevent the unauthorized disclosure of Confidential Information.
• 4.3. Data Handling:
  • Need-to-Know Basis: Access Confidential Information only on a "need to know" basis.
  • Limited Copying and Reproduction: Limit the copying and reproduction of Confidential Information. Only make copies when necessary for business purposes.
  • Data Disposal: Dispose of Confidential Information in accordance with the Company's data retention and disposal policies and procedures.
  • Clear Desk Policy: Keep desks and workspaces free of Confidential Information when unattended.
  • Transporting Data: Do not transport sensitive data in any unsecured way (e.g., unencrypted email, unencrypted USB drive).
• 4.4. Communication:
  • Confidentiality in Conversations: Avoid discussing Confidential Information in public places or in front of unauthorized individuals.
  • Secure Emailing: Use the Company's secure email system and avoid sending Confidential Information via unencrypted email. Always use appropriate encryption methods.
  • Presentation Security: Ensure that presentations and other documents containing Confidential Information are protected from unauthorized access and disclosure.
• 4.5. Social Media and Public Communications:
  • No Unauthorized Disclosure: Do not disclose any Confidential Information on social media, blogs, or other public platforms.
  • Follow the Social Media Policy: Adhere to the Nexly Corporation Social Media and Online Communication Policy [link to Social Media Policy].
• 4.6. Third-Party Relationships:
  • NDA Requirements: Require all third parties (e.g., vendors, contractors, consultants) who will have access to Confidential Information to sign a Non-Disclosure Agreement (NDA) before granting them access.
  • Due Diligence: Conduct appropriate due diligence on third parties to assess their ability to protect Confidential Information.
  • Contractual Obligations: Include confidentiality provisions in all contracts with third parties.
  • Oversight: Monitor third-party compliance with confidentiality obligations.
• 4.7. Information Security Training: The Company will provide regular information security training to employees and contractors. The training will cover:
  • This Policy and any related policies.
  • Methods and best practices for protecting Confidential Information.
  • Identifying and reporting security breaches.
  • The importance of using strong passwords and enabling two-factor authentication.

5. Reporting Breaches of Confidentiality

Any Covered Party who becomes aware of a potential or actual breach of confidentiality must report it immediately.

• 5.1. Reporting Obligation: All Covered Parties are required to report any actual or suspected breach of this Policy. This includes, but is not limited to:
  • Unauthorized access to Confidential Information.
  • Unauthorized disclosure of Confidential Information.
  • Loss or theft of devices containing Confidential Information.
  • Suspected security breaches.
• 5.2. Reporting Channels: Reports of a breach should be made immediately through one of the following channels:
  • Immediate Supervisor: The employee's immediate supervisor.
  • Legal Counsel: The Company's Legal Counsel.
  • Information Security Department: The Information Security Department.
  • Ethics Hotline (if applicable): The Company's Ethics Hotline [Specify Contact Information].
• 5.3. Content of Report: The report should include as much detail as possible, including:
  • The nature of the breach.
  • The date and time of the breach.
  • The individuals or entities involved.
  • The Confidential Information that was affected.
  • Any steps taken to contain the breach.
• 5.4. Investigation and Response:
  • Investigation: All reported breaches will be investigated promptly and thoroughly.
  • Remedial Action: The Company will take appropriate action to address the breach, which may include:
    • Containment of the breach.
    • Notification of affected parties.
    • Recovery of Confidential Information.
    • Legal action (if warranted).
    • Disciplinary action against responsible parties.

6. Enforcement & Penalties

Nexly Corporation takes breaches of this Policy very seriously. Any violation of this Policy may result in disciplinary action, up to and including termination of employment or contract.

• 6.1. Disciplinary Action:
  • Severity: The severity of the disciplinary action will depend on the nature and severity of the violation.
  • Range of Actions: Disciplinary action may include:
    • Verbal or written warnings.
    • Suspension without pay.
    • Demotion.
    • Termination of employment or contract.
• 6.2. Legal Action: Nexly Corporation reserves the right to pursue all available legal remedies, including, but not limited to, seeking injunctive relief and damages, against any Covered Party who violates this Policy.
• 6.3. Notification to Authorities: In cases of serious breaches, Nexly may be required to notify law enforcement or other regulatory authorities, and will cooperate fully with any investigation.
• 6.4. Indemnification and Legal Costs: If the breach results in any legal action against Nexly Corporation, the Covered Party may be responsible for indemnifying the Company for all damages, losses, costs, and expenses (including legal fees) incurred as a result of the breach.

7. Policy Review & Updates

This Confidentiality & Non-Disclosure Policy will be reviewed and updated regularly to ensure its continued effectiveness and compliance with applicable laws and regulations.

• Review Frequency: This Policy will be reviewed at least [Specify Frequency, e.g., annually] or more frequently as needed, such as in response to changes in the Company's business, the legal and regulatory landscape, or industry best practices.
• Review Process: The review process will involve:
  • Input from Stakeholders: Seeking input from relevant stakeholders, including Legal Counsel, the Information Security Department, Human Resources, and other departments.
  • Best Practices Review: Examining current industry best practices and the confidentiality policies of other companies.
  • Legal Review: Reviewing the Policy to ensure compliance with all applicable laws and regulations.
  • Effectiveness Assessment: Assessing the effectiveness of the Policy and its implementation.
• Policy Amendments and Distribution: Any amendments to this Policy will be approved by [Specify Approving Authority, e.g., the Board of Directors or a designated executive committee] and communicated to all Covered Parties through [Specify Communication Channels, e.g., company-wide email, intranet posting, training sessions]. All Covered Parties are responsible for being aware of and adhering to any changes.
• Policy Ownership: Legal Counsel, in collaboration with the Information Security Department, is responsible for maintaining and updating this Policy.

8. Policy Accessibility

Nexly Corporation will make this Confidentiality & Non-Disclosure Policy readily accessible to all Covered Parties.

• Availability: This Policy will be readily accessible to all employees and contractors through:
  • The Nexly Corporation Intranet at [Insert Intranet Link].
  • The Company's Employee Handbook.
  • Upon request from the Legal Department or the Information Security Department.
• Distribution: This Policy will be provided to all new employees and contractors during their onboarding process.
• Acknowledgment: Employees and contractors will be required to acknowledge that they have read, understood, and agree to abide by this Policy.
• Updates: All updates to this Policy will be communicated to employees and contractors through the established communication channels (e.g., email, intranet postings, training sessions).