Data Sharing Policy

Introduction and Scope

At AxieIT.consulting, we believe that data is not just an asset; it is a responsibility. In the evolving landscape of digital transformation, IT consulting, and AI-powered solutions, responsibly sharing data can accelerate innovation, foster trust, and drive collective progress.

This Data Sharing Policy outlines how AxieIT.consulting will handle, manage, and share data collected and processed during the delivery of our services, including but not limited to:

• IT consultancy projects.
• AI and machine learning model development.
• software implementation projects.
• cybersecurity assessments.
• system optimization and data analytics services.
• and other technology-driven solutions provided to clients.

We are committed to a transparent, ethical, and secure approach to data sharing that aligns with our mission of enabling businesses to achieve operational excellence through technology while ensuring the confidentiality, integrity, and availability of client and participant data.

Why Data Sharing Matters at AxieIT

In the consulting and technology sector, responsible data sharing can:

1. Enable clients to maximize the value of their project data for benchmarking, performance tracking, and predictive analysis.
2. Facilitate the improvement of algorithms and solutions across industries while respecting data protection laws and ethical considerations.
3. Avoid redundant data collection and accelerate collective learning across industries.
4. Support open innovation in cybersecurity, cloud transformation, and AI model training while protecting sensitive client data.
5. Enhance transparency and trust between AxieIT, its clients, and their stakeholders.

We view client-owned data as the client’s property and will only share data externally under explicit agreement, legal and regulatory compliance, and aligned with the highest ethical standards.

Principles Guiding AxieIT’s Data Sharing

We adhere to the following principles when considering data sharing:

1. Client-Centric Stewardship
   We will manage client data in alignment with contractual agreements, respecting all legal, regulatory, and ethical obligations while considering the client's interests as paramount.
   
   
2. Maximizing Value, Minimizing Risk
   We aim to maximize the benefits of data sharing (e.g., cross-project learning, industry benchmarking) while minimizing risks related to confidentiality, misuse, and unintended disclosures.
   
   
3. Transparency and Accountability
   We will clearly communicate our data sharing practices to clients and stakeholders, including the purposes for which data may be shared, under what conditions, and with whom.
   
   
4. Data Security and Privacy
   All data sharing will adhere to AxieIT’s Data Protection Framework, ensuring strong encryption, controlled access, and privacy-preserving methods such as anonymization or pseudonymization where applicable.
   
   
5. Compliance with Applicable Laws
   All data sharing activities will comply with applicable data protection regulations (e.g., GDPR, HIPAA, local data privacy laws) and contractual obligations with clients.
   
   
6. Responsible Innovation
   We will foster innovation through data sharing while ensuring ethical AI practices and responsible model development.
   
   

Scope of This Policy

This Data Sharing Policy applies to:

1. All data collected, generated, processed, or managed by AxieIT.consulting during the execution of projects and consulting engagements.
2. All services provided by AxieIT globally, including data processed on behalf of clients across jurisdictions.
3. Requests for data sharing received from internal teams, partner organizations, research institutions, or regulatory bodies.
4. Prospective and completed projects, assessments, and consulting engagements, regardless of the data's source.

Excluded from this policy:

❌ Personal data belonging to employees, contractors, or applicants, which is handled    under AxieIT’s HR Privacy Policy.
❌ Data explicitly excluded under contractual agreements with clients.
❌ Data under legal hold or regulatory restriction preventing its sharing.

Objectives of the Policy

1. To define clear processes for requesting, evaluating, and granting data sharing requests in alignment with client agreements and privacy regulations
2. To establish the governance structure for data sharing, including roles and responsibilities across AxieIT’s teams
3. To ensure data sharing is executed securely, transparently, and in a way that respects clients’ proprietary interests while enabling innovation.
4. To manage potential conflicts of interest and ensure that data sharing does not compromise client trust or AxieIT’s ethical standards.
5. To build a scalable framework for responsible data collaboration with partners, clients, and the broader technology ecosystem.

Alignment with Industry Standards

In developing this policy, AxieIT.consulting has reviewed and aligned its approach with globally recognized data sharing principles, including but not limited to:

• The FAIR Data Principles (Findable, Accessible, Interoperable, Reusable).
• GDPR guidelines on data minimization, purpose limitation, and data subject rights.
• Ethical AI frameworks for responsible data handling.
• Industry best practices for secure data handling in IT consulting.
  
  

We recognize that data sharing in the technology consulting industry requires a careful balance between enabling progress and protecting client interests. This policy establishes a framework that allows us to responsibly support clients’ objectives while contributing to industry innovation.

2. Definitions and Roles

To ensure clarity in implementing and enforcing this policy, AxieIT.consulting defines the following key terms and roles related to data sharing:

Key Definitions

Data Sharing Agreement (DSA):
A legally binding agreement between AxieIT.consulting and a Requester that outlines the specific terms, conditions, purposes, security measures, and limitations under which data will be shared.

Collection:
Any dataset, system logs, project data, AI/ML model outputs, anonymized user or client datasets, or system-generated analytics owned or managed by AxieIT during consulting engagements or service delivery.

Requester:
An individual, client representative, academic researcher, partner organization, or regulatory authority formally seeking access to data from AxieIT’s Collection.

Custodian:
The designated AxieIT team member or lead consultant responsible for a specific Collection. Custodians ensure data is managed, shared, and protected in accordance with this policy and relevant agreements. This is typically the Project Lead, Technical Lead, or designated Data Manager.

Data Sharing Coordinator:
A designated individual at AxieIT responsible for coordinating the data sharing process, including receiving requests, guiding requesters on the process, facilitating DSA drafting, and ensuring alignment with AxieIT’s Data Protection Framework. Typically held by the Head of Data Governance or an appointed delegate.

Data Sharing Committee (DSC):
A governance body at AxieIT responsible for:

• Reviewing and updating this Data Sharing Policy.
  
  
• Advising teams and clients on responsible data sharing practices.
  
  
• Reviewing and approving data sharing requests where there is complexity, potential risk, or where no active Custodian is available.
  
  
• Resolving disputes or conflicts of interest related to data sharing requests.
  
  

Proposal:
A structured request submitted by a Requester detailing the purpose, methodology, data required, intended use, data handling plan, and expected outcomes of the proposed data use.

Data Management Plan (DMP):
A documented plan prepared during project initiation, outlining how data will be collected, processed, stored, secured, and shared during and after project completion, ensuring readiness for potential sharing while protecting confidentiality.

Anonymization:
A process of removing personally identifiable information from datasets so that individuals cannot be identified directly or indirectly, allowing for safe sharing while maintaining utility for analysis and innovation.

Roles and Responsibilities

2.2.1 Custodian

The Custodian:

1.  Ensures that data under their management is prepared and maintained for potential sharing, adhering to AxieIT’s Data Protection Framework and this Policy.
2. Reviews Proposals related to their Collection and decides on approval, modification, or rejection in consultation with the Data Sharing Coordinator.
3. Determines appropriate anonymization or pseudonymization methods before data release.
4. Ensures data sharing aligns with client agreements and applicable legal and regulatory frameworks.

If a Custodian is unavailable (e.g., post-project, staff transitions), the Data Sharing Committee may designate an Acting Custodian.

Data Sharing Coordinator

The Data Sharing Coordinator:

1. Acts as the primary point of contact for Requesters
2. Guides Requesters on the Proposal submission process.
3. Coordinates with Custodians and the Data Sharing Committee to assess, document, and manage requests.
4. Facilitates drafting and execution of Data Sharing Agreements.
5.  Ensures that shared data transfers comply with AxieIT’s data security protocols.
6. Tracks data sharing requests, approvals, and rejections for audit and transparency.

Data Sharing Committee (DSC)

The DSC:

1. Periodically reviews and updates the Data Sharing Policy to reflect industry best practices, legal requirements, and AxieIT’s evolving services.
2. Monitors and oversees all data sharing activities across AxieIT.
3. Reviews complex, high-risk, or contested data sharing requests.
4. Adjudicates appeals from Requesters if a Proposal is denied by a Custodian.
5. Ensures that data sharing aligns with AxieIT’s strategic goals and ethical standards.

The DSC is chaired by the Chief Data Officer (CDO) and includes representatives from Legal, Data Governance, and Project Delivery teams.

Requester

Requesters:

1. Must submit a clear Proposal that outlines the background, purpose, methodology, intended use, and expected outcomes of the requested data use.
2. Must demonstrate expertise and capacity to responsibly use the requested data
3. Must disclose potential conflicts of interest and funding sources for the proposed work.
4. Are responsible for maintaining confidentiality and complying with all terms in the Data Sharing Agreement, including restrictions on data use and transfer.Must agree not to attempt to re-identify individuals from anonymized datasets.
5. Must report immediately if inadvertent identification occurs.

Project Teams and Consultants

All project teams at AxieIT involved in data collection, processing, and delivery:

1. Must prepare a Data Management Plan (DMP) for each project, addressing data sharing potential, security measures, and client-specific restrictions.
2. Must manage project data in anticipation of potential sharing requests, ensuring data quality, security, and readiness.
3. Must liaise with the Data Sharing Coordinator when receiving informal data sharing inquiries from clients, partners, or third parties.

Policy Governance and Review

1. This Data Sharing Policy is overseen by the Data Sharing Committee under the broader governance of AxieIT’s Information Security and Compliance Board.
2. The policy will be reviewed annually, or more frequently if legal, technological, or operational changes require updates.
3. Updates will be communicated to all staff, and training will be provided to ensure compliance.

Why This Matters

By defining these roles and terms:

1. AxieIT ensures clarity and accountability across all data sharing activities.
2. Clients and stakeholders gain confidence in how AxieIT manages and shares data responsibly.
3. Our teams are equipped to handle data sharing requests in a structured, compliant, and efficient manner.
4. We maintain a strong foundation for secure, ethical, and innovative data-driven services

Responsibilities, Eligibility, Terms, and Limits

This section establishes who can request data, under what conditions AxieIT.consulting will share data, and the safeguards in place to protect client interests while enabling responsible innovation.

Responsibilities of AxieIT Consultants and Teams

All AxieIT consultants, engineers, analysts, and project managers are responsible for:

1. Designing and managing projects with the expectation that data may be shared post-project or post-publication, in compliance with this Policy and client agreements.
2. Preparing and maintaining a Data Management Plan (DMP) for each project, including details on secure storage, anonymization readiness, and potential for future sharing aligned with AxieIT’s service objectives.
3. Ensuring that client agreements explicitly define data ownership, usage rights, and permissible sharing conditions before project initiation.
4. Maintaining confidentiality, data integrity, and chain-of-custody documentation throughout the project lifecycle.
5. Abiding by data protection laws, including GDPR, HIPAA, and local privacy regulations, as well as industry-specific compliance frameworks applicable to the client.

Eligibility to Request Data

Data sharing requests will be considered only if:

1. The Requester is a legitimate entity (e.g., recognized academic institution, health service provider, technology research organization, regulatory body, or existing AxieIT client).
2. The purpose of the request aligns with AxieIT’s mission, public good, and the consent under which the data was collected.
3. The Requester demonstrates relevant expertise and capacity to handle the requested data responsibly.
4. There are no conflicts of interest that would compromise the objectivity or intended public benefit of data use.
5. The request complies with client agreements and legal frameworks governing the data.

Ineligible Requests:

❌ Requests aiming to unblind or interfere with ongoing experimental comparisons, pilots, or confidential proofs-of-concept.
❌ Requests from individuals or organizations intending to use data for commercial purposes in ways that conflict with AxieIT or client interests.
❌ Requests that would violate confidentiality agreements or contractual obligations.
❌ Requests without clear, documented proposals or those unable to ensure data security and responsible use.

Terms of Sharing

Data will only be shared under a formal Data Sharing Agreement (DSA) specifying:

1. Purpose: Data will only be used for the purpose outlined in the approved Proposal and DSA.
2. Scope: Only data explicitly agreed upon will be shared, and only with the named Requester and approved personnel within their organization.
3. Security: The Requester must use appropriate data security measures aligned with AxieIT’s standards and industry best practices.
4. Non-Transferability: Data cannot be transferred to third parties without AxieIT’s written approval.
5. Non-Reidentification: Requesters must not attempt to identify individuals from anonymized datasets. If accidental re-identification occurs, the Requester must notify AxieIT immediately, take no further action, and delete the identifiable information.
6. No Linking Without Approval: Requesters may not link AxieIT-provided datasets with other datasets without prior written permission.
7. Data Handling: Data must be stored securely and deleted upon request or upon completion of the agreed-upon analysis.
8. Publication Acknowledgement: AxieIT’s contribution must be acknowledged in publications or outputs resulting from shared data, and opportunities for co-authorship will be discussed when appropriate.

Period of Data Availability

Data will typically be made available:

1. After a reasonable period following project closure or public reporting of results, as determined by the Custodian or Data Sharing Committee.
2. Once all legal, ethical, and client-specific conditions are satisfied.
3. For a limited period, typically up to 24 months unless extended under mutual agreement, to allow Requesters to complete analysis and reporting.

Unavailability Periods:

❌ During ongoing projects, pilots, or while data is under regulatory or legal hold.
❌ While awaiting publication of results critical to clients or AxieIT’s operational objectives.

Limits on Data Sharing

In some cases, AxieIT may delay, restrict, or deny data sharing, including when necessary to:

1. Protect client confidentiality and intellectual property.
2. Respect the terms of participant or client consent regarding data use.
3. Allow AxieIT or clients to pursue additional hypotheses or innovations before wider sharing.
4. Manage potential conflicts of interest, such as when requests are tied to competitive commercial interests contrary to public or client benefit.
5. Comply with legal, regulatory, or contractual restrictions.

The Data Sharing Committee retains discretion to approve, modify, or deny requests to protect ethical standards, client interests, and AxieIT’s operational integrity.

Managing Conflicts of Interest

Requesters must:

1. Declare funding sources, affiliations, and any potential conflicts of interest.
2. Update AxieIT if new funding or affiliations arise during or after data sharing.
3. Disclose conflicts of interest in any publications or presentations using AxieIT data.

AxieIT may refuse data sharing if conflicts of interest present adversarial risks or if the Requester’s intentions are misaligned with AxieIT’s values and obligations.