This Acceptable Use Policy outlines the responsibilities of all personnel when using Sphere IT Consultants DWC-LLC (Sphere IT) information resources. All users must support legitimate business functions and comply with UAE laws and Sphere IT systems policies.

Personnel must promptly report harmful events or violations involving company assets or information to their manager or a member of the Incident Handling Team. Reportable events include, but are not limited to:

• Technology incidents: Any event causing failure, interruption, or loss in the availability of Sphere IT’s Information Resources.
• Data incidents: Any loss, theft, or compromise of Sphere IT information.
• Unauthorized access incidents: Any unauthorized access or attempted access to Sphere IT.
• Facility security incidents: Any damage or unauthorized access to Sphere IT owned, leased, or managed facilities.
• Policy violations: Any suspected violation of this or other Sphere IT policies, standards, or procedures.

Personnel must not intentionally:

• Harass, threaten, impersonate, or abuse others.
• Degrade the performance of Sphere IT information resources.
• Deny authorized personnel access to systems or data.
• Obtain additional computing resources without approval.
• Circumvent Sphere IT security controls.

Additionally, employees must not:

• Download, install, or run unauthorized software, including password crackers, packet sniffers, port scanners, or similar tools.
• Intentionally access, create, store, or transmit materials deemed offensive, indecent, or obscene by Sphere IT.

• All inventions, intellectual property, and proprietary materials—including but not limited to reports, software code, designs, workflows, data, blueprints, and technical documentation—developed during working hours or using Sphere IT’s resources are considered the sole property of Sphere IT Consultants DWC-LLC (Sphere IT).
• Employees are prohibited from removing, distributing, or disclosing such information to external parties without proper authorization. Upon termination or change in employment, individuals must return or securely delete any proprietary information in their possession.
• Any use or sharing of proprietary materials must align with Sphere IT's confidentiality agreements, data protection policies, and applicable intellectual property laws.

• Encryption tools must be used in accordance with company policies to protect sensitive and confidential data during storage or transmission. However, the use of encryption must not impede access by authorized personnel when needed for operational, legal, or investigative purposes.
• All encryption solutions must be approved and implemented by the Information Security team. Employees may not use personal or unapproved encryption tools to protect or obscure company data.
• Access credentials and encryption keys must be securely stored and shared only with designated personnel.

Use of Sphere IT resources, including internet access, systems, email, and hardware, must be primarily for business purposes. Limited personal use is permitted only if it does not:

• Interfere with job responsibilities.
• Consume significant bandwidth or storage.
• Violate Sphere IT policies or any applicable laws.

Sphere IT strictly prohibits the use of its resources for activities related to personal business ventures, gambling, spreading malware, engaging in political campaigns, or viewing or distributing obscene, defamatory, or discriminatory content.

Employees are expected to respect intellectual property laws and adhere to proper licensing terms for all software, media, and content used during their employment. Downloading or sharing pirated materials is strictly forbidden.

Employees are required to fully cooperate with all internal and external investigations, including regulatory audits, cybersecurity inquiries, and legal proceedings. This includes providing timely responses, accurate records, and unrestricted access to systems when authorized.

• Monitor network traffic, user activity, and data transfers.
• Audit usage of company resources.
• Investigate policy violations.
• Take disciplinary action up to and including termination, depending on the severity of the violation.

Repeated or serious violations may result in civil or criminal liability under UAE law.

Sphere IT Consultants DWC-LLC (Sphere IT) provides its services, systems, and resources on an “as-is” and “as-available” basis. While we take all reasonable steps to ensure the security, availability, and reliability of our IT infrastructure and services, Sphere IT expressly disclaims liability for any damages resulting from:

• Loss of data, unauthorized access, system downtime, or service interruption.
• Malware, viruses, or harmful code introduced through third-party software or network vulnerabilities.
• Delays or failures in performance due to acts of God, cyberattacks, utility failures, or other force majeure events.
• Errors or omissions in data input, configuration, or software development.
• Unauthorized use of credentials, access rights, or employee negligence.

To the maximum extent permitted by applicable law, Sphere IT shall not be held liable for:

• Indirect, incidental, consequential, special, punitive, or exemplary damages, including loss of profits, revenue, business opportunities, or goodwill.
• Any claims arising from user misuse of IT resources in violation of this policy or applicable laws.
• Legal action resulting from an employee’s unauthorized or malicious use of systems.

In no event shall Sphere IT total cumulative liability exceed the total fees paid to Sphere IT for the specific services or period during which the incident occurred, or AED 50,000, whichever is lower, unless otherwise required by applicable law or contract.

This limitation shall not apply in cases involving:

• Proven gross negligence or willful misconduct by Sphere IT personnel.
• Legal obligations under UAE Data Protection Law where data subject rights are affected.
• Liability that cannot be excluded under applicable local law.

All personnel are required to read, understand, and sign an acknowledgment form indicating that they agree to comply with this Acceptable Use Policy. Continued use of Sphere IT and resources constitutes implied acceptance of these terms.

Personnel who do not understand any aspect of this policy must contact the Information Security Committee for clarification before engaging in any related activities.