Please read these Terms carefully.
Britam refers to Britam Asset Managers (Kenya) Limited, a limited liability company incorporated in accordance with the laws of Kenya and licensed with the Capital Markets Authority. Britam has partnered with Koa to provide you with access to its investment products (including collective investment schemes) for saving and investment purposes.
Account means a customer account held with a Third Party Partner to facilitate investment in the various investment products (where available) offered by the Third Party Partners.
Koa (“Koa,” “we,” or “us”) is an online saving platform (the “App”) that allows you to grow your money using our personalised goal-based savings platform (collectively, “the Services”), among other things.
Third Party Partners are any third parties such as financial services institutions and related entities that Koa partners with to provide you access to their investment products for saving and investment purposes.
T&Cs means Koa’s and Third Party Partners’ Terms and Conditions.The App is offered through our websites, app, and any other website or mobile application owned or product or service, operated or controlled by us (we’ll collectively refer to these as the “Koa Sites”).
The policy can be found here: https://ke.britam.com/privacy-policy.](https://ke.britam.com/privacy-policy. The Disclaimer can be found here: Britam is regulated by the Capital Markets Authority. The indicative rate of return shall not be guaranteed and past performance does not guarantee future investment performance. The indicative rate of return is not fixed and may, as such, vary from time to time depending on the investment period and prevailing economic, political or social circumstances.If you download the App through the Apple App Store, Google Play or other app store or distribution platform (“App Provider”), you acknowledge and agree that: (i) these Terms are between us, and not with the App Provider, and that we are responsible for the Service, not the App Provider; (ii) the App Provider has no obligation to furnish maintenance and support services or handle any warranty claims; (iii) the App Provider is not responsible for addressing any claims you or any third party have relating to the App; and (iv) the App Provider is a third party beneficiary of these Terms as related to your use of the App, and the App Provider will have the right to enforce these Terms as related to your use of the App against you.
In order to use the Service, you must:be at least eighteen (18) years old and able to enter into contracts;complete the account registration process;agree to these Terms;provide true, complete, and up-to-date contact and billing information;not be based in any other territory that is subject to a U.S. government embargo, or that has been designated by the U.S. government as a “terrorist-supporting” country;not be listed on any U.S. government list of prohibited or restricted persons; andprovide the following information:identification information relating to your beneficiaries (next of kin who will inherit the funds in your Account upon your demise);personal identification information which may include: name, ID number, telephone number, physical address, email address, names of beneficiaries and identification information, bank account details etc.By using the Service, you represent and warrant that you meet all the requirements listed above, and that you won’t use the Service in a way that violates any laws or regulations. Note that by representing and warranting, you are making a legally enforceable promise.Koa may refuse service, close accounts of any Members, and change eligibility requirements at any time.The information will be submitted online through the App and sent directly to our Third Party Partners. Once the necessary information has been provided to Koa through the App, this information will be shared with our Third Party Partners for ‘Know-Your-Customer’ (“KYC”) verification, before opening an account on your behalf. Once the KYC verification process is complete, your Account will be accessible and the funds reflecting the deposited funds. The general operating hours of our Third Party Partners are between 08:00 and 15:00, during which KYC verification and account opening will take place.
By signing up for an account and agreeing to these Terms, the Agreement between you and Koa is formed, and the term of the Agreement (the “Term”) will begin. The Term will continue for as long as you have a Koa account or until you or we terminate the Agreement in accordance with these Terms, whichever happens first.If you sign up for an account on behalf of a company or other entity, you represent and warrant that you have the authority to accept these Terms and enter into the Agreement on its behalf.
Your Use of the Services:
The minimum amount to deposit into your Koa account is Kenya Shillings One Hundred (KES 100). Any further deposits must be at or above the minimum of Kenya Shillings One Hundred (KES 100). Once a deposit has been made, this will be reflected in your account within one (1) business day, and these funds will begin to earn interest the following day.
Your initial withdrawal is required to remain held in your investment account for a minimum of fourteen (14) days before you can instruct us to withdraw any part of these funds. Any withdrawal requests can only be made from your available funds in your investment account, a withdrawal process is initiated by triggering a transaction to M-PESA through the App.Once a withdrawal request is made, Koa may take two (2) to four (4) business days to effect the withdrawal request and the standard M-PESA charges applicable will be paid by you. Any funds withdrawn shall be sent to your M-PESA mobile number provided to Koa.Funds cannot be transferred to any third party. We are not responsible for any third party fees incurred in the withdrawal of your funds.
The standard M-PESA paybill charges shall apply and be payable by you when transferring money into and out of your Account. In addition to the M-PESA charges, Koa reserves the right to charge you other expenses subject to the provision of prior notice before effecting the charges.
Interest earned on the funds deposited in an Investment Account will accrue interest on a daily basis. Our Third Party Partners will share the daily interest rates with Koa which will be reflected on the App. Koa does not control or have any influence over the interest rates set by the Third Party Partners.
Closing Your Account
You or Koa may terminate the Agreement at any time and for any reason by terminating your Koa account or giving notice to the other party. We may suspend the Service to you at any time, with or without cause. Once your account is terminated, you acknowledge and agree that we may permanently delete your account and all the data associated with it, unless otherwise required by law.
We may change any of the Terms by posting revised Terms on our Koa Site. Unless you terminate your account, the new Terms will be effective immediately upon posting and apply to any continued or new use of the Service. We may change the Service, Add-ons, or any features of the Service at any time, and we may discontinue the Service, Add-ons, or any features of the Service at any time.
Account, Password and Security
You’re responsible for keeping your account name and password confidential. You’re also responsible for any account that you have access to and any activity occurring in such account, whether or not you authorized that activity. You’ll immediately notify us of any unauthorized access or use of your accounts.
We’re not responsible for any losses due to stolen or hacked passwords. We don’t have access to your current password, and for security reasons, we may only provide you with instructions on how to reset your password. We have the right to update any of your contact information in your account for billing purposes.
In addition, you represent and warrant that all information you provide to us when you establish an account, and when you access and use the Service, is and will remain complete and accurate. We may contact you, or any seat, authorized user, or login added to your account, based on the information provided in your account.
You will be responsible for ensuring the safety, confidentiality, functionality, operation and restricted access to your mobile device or any other electronic device which you use to access the App.
Unless express written or oral communication is provided by you, Koa will assume that any instructions received in relation to your Koa Account are valid and accurate. Koa will not be responsible for any losses, damages, charges, harm or expenses that may be incurred in the event your mobile phone is stolen and any funds you hold with us are misappropriated or stolen where we receive instructions from a party other than yourself.
If your phone is stolen, we recommend that you notify us immediately to ensure that we do not process any unauthorized transaction requests. We shall reserve the right to accept or decline any further instructions until we receive notification to our satisfaction that you have full custody and control of your Koa Account in compliance with the T&Cs.
You won’t request access to or information about an account that’s not yours, and you’ll resolve any account-related disputes directly with the other party. We decide who owns an account based on a number of factors, including the content in that account, and the contact and profile information listed for that account. In cases where differing contact and profile information are present or we are unable to reasonably determine ownership, we’ll require you to resolve the matter through proper channels outside of Koa.When a dispute is identified, we may suspend any account associated with the dispute, including disabling login and sending capabilities, to protect the security and privacy of the data held within the account until the dispute is properly resolved.
Charges for Add-Ons
If you use an Add-on that has a charge, then you’ll be billed that separately for as long as the Add-on is active. Certain Add-ons may require upfront payment for their entire billing cycle.
We may change our fees, by posting a new pricing structure to our Koa Site or in your account and/or sending you a notification by email.
Feedback and Proprietary Rights
Right to Review Content and Campaigns
We may aggregate and anonymize data, including from the Content, to create statistical information. Aggregated anonymized statistical information may be shared externally for research, marketing, or other lawful purposes.
RULES AND ABUSE
By agreeing to these Terms, you promise to follow these rules:
Compliance with Laws
You represent and warrant that your use of the Service will comply with all applicable laws and regulations. You’re responsible for determining whether the Service is suitable for you to use in light of your obligations under any regulations.You agree to indemnify and hold us harmless from any losses, including all legal fees and expenses, that result from your breach of this Section.
LIABILITYLimitation of Liability
YOUR USE OF KOA SITE AND SERVICES IS AT YOUR OWN RISK. YOU AGREE TO THE LIMITATION LIABILITY CLAUSE TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: KOA WILL IN NO WAY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL PUNITIVE, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES OR ANY DAMAGES INCLUDING DAMAGES RESULTING FROM REVENUE LOSS, PROFIT LOSS, USE, DATA, GOODWILL, BUSINESS INTERRUPTION OR ANY OTHER INTANGIBLE LOSSES (WHETHER KOA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR NOT) ARISING OUT OF KOA’S WEBSITE OR SERVICES (INCLUDING, WITHOUT LIMITATION TO INABILITY TO USE, OR ARISING FROM THE RESULT OF USE OF KOA’S WEBSITE OR SERVICES) WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, TORT, CONTRACT, STATUTE OR ANY OTHER LEGAL THEORY.SOME JURISDICTIONS DO NOT ALLOW EXCLUSION OF CERTAIN WARRANTIES OR LIMITATIONS ON THE SCOPE AND DURATION OF SUCH WARRANTIES, SO THE ABOVE DISCLAIMERS MAY NOT APPLY TO YOU IN THEIR ENTIRITIES, BUT WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
To the maximum extent permitted by law, we provide the Service as-is. This means that, except as expressly stated in these Terms, we don’t provide warranties, conditions, or undertakings of any kind in relation to the Service, either express or implied. This includes, but isn’t limited to, warranties of merchantability and fitness for a particular purpose, which are, to the fullest extent permitted by law, excluded from the Agreement. Since Members use the Service for a variety of reasons, we can’t guarantee that it’ll meet your specific needs.Use of our site is at your own risk. You are responsible for securing and configuring your information technology, computer programmes and platform in order to access our Services.IndemnityYou agree to indemnify and hold us and our Team harmless from any losses, including legal fees and expenses that directly or indirectly result from any claims you make that aren’t allowed under these Terms due to a “Limitation of Liability” or other provision. You also agree to indemnify and hold us harmless from any losses, including legal fees and expenses, that directly or indirectly result from (i) your use of the Service, (ii) your violation of any laws or regulations, (iii) third-party claims that you or someone using your password did something that, if true, would violate any of these Terms, (v) any misrepresentations made by you, or (vi) a breach of any representations or warranties you’ve made to us.
Your violation of these Terms may cause irreparable harm to us and our Team. Therefore, we have the right to seek injunctive relief or other equitable relief if you violate these Terms.
If we have to provide information in response to a court order, or other legal, governmental, or regulatory inquiry related to your account, then we may charge you for our costs. These fees may include attorney and employee time spent retrieving the records, preparing documents, and participating in legal proceedings.
We and our Team aren’t responsible for the behaviour of any third parties, agencies, linked websites, or other Members, including third-party applications, products, or services for use in connection with the Service (each, a “Third-Party Integration”). Your use of any Third-Party Integration and rights with respect to such Third-Party Integration are solely between you and the applicable third party. We are not responsible for the privacy, security or integrity of any Third-Party Integration or the practices and policies of any Third-Party Integration. We make no warranties of any kind and assume no liability of any kind for your use of any Third-Party Integration.
You may not assign any of your rights under this Agreement to anyone else. We may assign our rights to any other individual or entity at our discretion.
Choice of Law
The Laws of the Republic of Kenya, will apply to any dispute related to the Agreement or the Service. Each party consents to personal jurisdiction in those courts.
We won’t be held liable for any delays or failure in the performance of any part of the Service, from any cause beyond our control. This includes, but is not limited to, acts of God, changes to law or regulations, embargoes, war, terrorist acts, riots, fires, earthquakes, nuclear accidents, floods, strikes, power blackouts, volcanic action, unusually severe weather conditions, and acts of hackers, or third-party internet service providers.
Even if this Agreement is terminated, the following sections will continue to apply: Feedback and Proprietary Rights, Compliance with Laws, Limitation of Liability, No Warranties, Indemnity, Choice of Law, Severability, and Entire Agreement.
If it turns out that a section of these Terms isn’t enforceable, then that section will be removed or edited as little as required, and the rest of the Agreement will still be valid.
If we don’t immediately take action on a violation of these Terms, we’re not waiving any rights under the Terms, and we may still take action at some point.
You’ll provide all true and accurate documents and take any actions necessary to meet your obligations under these Terms.
Notification of Security Incident
If we become aware of a security incident related to our systems or databases that contain personal information of you or your contacts, we’ll notify you if required by law. In that event, we’ll also provide you with information about that incident so that you can evaluate the consequences to you and any legal or regulatory requirements that may apply to you, unless we’re prevented from doing so by legal, security or confidentiality obligations. Notifying you of a security incident or cooperating with you to respond to one will not be deemed an acknowledgement or assumption of any liability or fault of Koa for such incident.
Any notice to you will be effective when we send it to the last email or physical address you gave us or when posted on our Site. Any notice to us will be effective when delivered to us along to any addresses as we may later post on the Site.
These Terms and any additional terms you’ve agreed to by enabling any Add-ons make up the entire agreement between us in relation to its subject matter and supersede all prior agreements, representations, and understandings. Any Additional Terms will be considered incorporated into the Agreement when you activate the corresponding Add-on.Where there’s a conflict between these Terms and the Additional Terms, the Additional Terms will control to the extent of the conflict.
Koa reserves the right to change, revise or modify these Terms from time to time by updating this page. The most current version of the Terms will continue to govern our relationship with you.
ContactsIf you have any complaints, questions or queries, contact us at email@example.com.
EFFECTIVE DATE: 11th December, 2020.
Koa is a trademark of KOASAVE Africa Ltd. (Koa). Koa Technology Inc is a Kenyan limited liability company with offices at Metropolitan Estate, 10 Riverside, Nairobi, Kenya.As the data collector, Koa ("we" “us” “our”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and how you can exercise your privacy rights. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://www.withkoa.com/ (“our Site”) you are accepting and consenting to the practices described in this policy.Please note that by clicking the “Connect with Google or Apple” button you are agreeing that Google or Apple may share personal data held by them with us. The collection and processing of your personal data is in accordance with the National Information Technology Development Agency Act 2007, the Kenya Data Protection Act, 2019 (the “Acts”) and the provisions and prescriptions of Section 5; Part 1 and Part 2 of National Information Systems and Network Security Standards and Guidelines.
2. Information we may collect from youThe information that we collect depends on the context of your interaction with Koa, your account settings, the products and features you use, your location and any applicable laws. We may collect and process the following data about you:
Information you give us: You may give us information about you by filling in forms on our site (https://www.withkoa.com/ ) and by allowing us to access your information on social media sites (including but not limited to Facebook, Twitter and LinkedIn) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, search for a feature, your activity levels on boards or other social media functions on the applicable social media sites, the applications you use on social media sites, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, login information for social networking sites, financial and credit card information, personal description, current and former places of employment, education, names of colleagues, contacts and friends, photographs, and lists of family members.
Information we collect about you: With regard to each of your visits to our site we may automatically collect the following information:technical information: including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. If you are using your mobile phone to access our site, we may also collect information about the cellular network of you mobile device, your mobile device’s operating system or platform and the type pf mobile device you are using.Log and usage data: including information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, performance of our services, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from others: We may obtain information about you if you use any of the other websites we operate, the other services we provide and/or the social media sites which you login to via our site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, social media sites, advertising networks, analytics providers, search information providers, credit bureaus, and financial services and credit providers) and may receive information about you from them.
Use of the Information We use information collected (alone or in combination with other data we source) about you in the following ways:
Disclosure and sharing of your information
6. International data transfers
Information that we collect may be stored, processed in, and transferred between any of the countries in which we operate, in order to enable us to use the information in accordance with this policy. We take reasonable steps to ensure any such information transferred to other countries shall be in compliance with applicable data protection laws and regulations.
8. Where we store your personal data
The data that we collect from you is stored on our secure servers using AWS. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorizes access.
You have the right to ask us not to process your personal data for marketing purposes and to withdraw your consent at any time. Please note that the withdrawal of your consent will not affect the lawful processing of data which we have obtained based on your previous consent. We will usually inform you (before collecting your data) if we intend to use your data for the aforementioned purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
You can also exercise the right at any time by contacting us via email at firstname.lastname@example.org. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
11. Dispute resolution:
Koa maintains a data breach procedure in order to deal with incidents concerning Personal Information or practices leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information stored or processed.The following key measures and guidelines will be followed in the case of other disputes:Koa shall respond to and maintain a complaint register of all complaints lodged through our service contacts in a CRM. The user will be contacted to verify issues through a series of manual user testsFor any complaint relating to fraud or system breaches, Koa will respond to the complaints after due inquiry / investigation.The senior management will review complaints register along with responses and the unresolved complaints at the end of each day and ensure that complaint resolution guidelines are complied with.
13. Limitation of liability
14. Access to informationThe Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee in providing you with details of the information we hold about you.We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy.
EFFECTIVE DATE: 11th December, 2020.
Our Cookies Policy explains our principles when it comes to the collection, processing, and storage of your information though Koa’s website (the Website) and mobile application (the Koa App). This policy specifically explains how we, our partners, and users of our services deploy cookies, as well as the options you have to control them.
This policy explains the following:
- What are cookies?
- What type of cookies do we use?
- What data is tracked or collected?
- How can you control cookies?
What are cookies?
Cookies are small files that will be stored on your computer once you have visited our Website. The cookies hold specific data on how you as the user interact with our Website.
What types of cookies do we use?
As Koa we may opt to use a variety of cookies which are outlined below.
First party cookies - they collect data on page views, sessions and number of users. These cookies persist on your browser.
Session cookies - they expire immediately or within a few seconds of you leaving our Website. We use these cookies while you are logged in and calculate each session for analytical purposes.
Persistent cookies - used to keep you logged in to the account on our Website.
Secure cookies - they are encrypted files that enable us to securely facilitate safe money transactions.
What data is tracked or collected?
The cookies collect the following data:A randomly generated and unique number used to recognize your computer;The domain name of the website that the cookie refers to;Time spent on the Website or individual sub-pages;Data entered via web forms- such as email address, name or telephone number; andMetadata including the expiry date or time of a cookie, the path, and the security specifications.
How can you control cookies?
The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed by Koa or are of no value are discarded at the proper time in accordance with Koa’s policies and prevailing laws and regulations.
This Policy is also for the purpose of aiding employees and consultants of Koa in understanding their obligations in retaining all personal information in written paper for or electronic documents - including e-mail, Web files, text files, sound and movie files, PDF documents, and all Microsoft Office or other formatted files. All employees and consultants of Koa, contractors and external parties with access to Koa’s information systems are bound by this Policy.
Description of types data retained
In its day to day functions Koa retains data about:
- Current, past and prospective employees and consultants;
- and Other third parties who interact with Koa.
The information we retain may include:
- Physical addresses
- Copies of identification documents Passports information
- KRA PIN certificates
- Medical bio data of our employees/consultants
- History of conviction Sexuality
- Education and professional qualifications
- Marital status
- Family information
- Financial information
Guidelines and Procedures
It is our intention to ensure that all records and the information contained therein is:
Accurate - records are always reviewed to ensure that they are a full and accurate representation of the transactions, activities or practices that they document.
Accessible - records are always made available and accessible when required (with additional security permissions for select staff where applicable to the document content).
Complete - records have the content, context and structure required to allow the reconstruction of the activities, practices and transactions that they document
Compliant - records always comply with any record keeping legal and regulatory requirements.
Monitored – company, staff, and system compliance with this Data Retention Policy is regularly monitored to ensure that the objectives and principles are being met.
Documents are always retained in a secure location, with authorized personnel being the only ones to have access. Once the retention period has elapsed, the documents are either deleted, erased, anonymized or pseudonymized depending on their purpose, classification and action type.
All records retained during their specified periods are traceable and retrievable. Any file movement, use or access is tracked and logged, including inter-departmental changes. All information is retained, stored and destroyed in line with legislative and regulatory guidelines. For all data and records obtained, used and stored by Koa, we:
- carry out periodical reviews of the data retained, checking purpose, continued validity, accuracy and requirement to retain;
- establish periodical reviews of data retained; and
- establish and verify retention periods for the data, with special consideration given specifically to the Koa’s business needs, types of personal data and subjects, the nature of and lawful basis of data processing necessary.
Where it is not possible to define a statutory or legal retention period, as per the law Koa will identify the criteria by which the period can be determined and provide this to the data subject on request.
Destruction and Disposal of Records and Data
All information of a confidential or sensitive nature on paper or electronic media must be securely destroyed when it is no longer required after a period of seven (7) years. This ensures compliance with the Data Protection laws and the duty of confidentiality we owe to our employees, clients and customers.
We are committed to the secure and safe disposal of any confidential waste and information assets in accordance with our contractual and legal obligations and that we do so in an ethical and compliant manner.
Suspension of record disposal in event of litigation or claims
In the event Koa is served with any request for documents or any employee/consultant becomes aware of a governmental investigation or audit concerning Koa or the commencement of any litigation against or concerning Koa, such employee/consultant shall inform Koa’s Management and any further disposal of documents shall be suspended until such time as Koa’s Management, with the advice of counsel, determines otherwise. Koa’s Management shall take such steps as is necessary to promptly inform all staff of any suspension in the further disposal of documents.
Right to erasure and rectification
We recognize that data subjects have the right to request us to: rectify without undue delay personal data in our possession or control that is inaccurate, outdated, incomplete or misleading; orerase or destroy without undue delay personal data that we are no longer authorized to retain or that is irrelevant, excessive or obtained unlawfully.The procedure for making a request for erasure or rectification can be found in the Data Requests Procedure manual.
Retrieval of data
All requests for data shall be made by filling a data request form which shall be lodged with the relevant department and the designated data protection officer (where applicable). Every customer has the right to access their information held by Koa and shall be guided to do so as set out in the Data Request Manual.
Retrieval of online records shall not exceed 30 days unless there are certain prevailing circumstances preventing compliance in which case, the requesting customer shall be informed of the delay immediately.
Where any information requested is required for purposes of protection of life or liberty of a person, the duration for retrieval shall be within 48 hours from the time of request. Koa may, where such retrieval requires an extensive search through a large amount of information and meeting the stipulated time will unreasonably interfere with its activities or where consultations are necessary before the information is released, extend the period to not more than fourteen (14) days or as the law may provide from time to time.
Appropriate information handling is critical to the protection of customer data, employees’ information, third party information and for the security of Koa’s operations. Any employee who does not comply with this policy shall be subject to disciplinary action.
Any third party who has access to Koa and its customers’ information who does not comply with this policy shall be in breach of their contractual terms and obligations.
All employees/consultants shall be responsible for the implementation and maintenance of the requirements of the law and this policy.
Koa shall be accountable for ensuring that appropriate security controls are identified, and their compliance measured and shall audit the security controls from time to time.
Where systems, procedures or processes are not able to meet these requirements they should be reviewed by Koa’s Management. Where an appropriate business justification exists, exceptions may be sought.