General Terms and Conditions

May 2026

Contents

1. Definitions
2. Purpose
3. General
4. Obligations of the parties and fees
5. Relationship between the parties
6. Change request for services
7. Confidentiality and information disclosure
8. Limitation of liability and indemnity
9. Force majeure
10. Assignment
11. Termination
12. Dispute escalation and resolution
13. Governing law
14. Miscellaneous
15. Freedom of Information
16. Anti-bribery and corruption and other customer obligations
17. Security
18. Data protection
19. Part A – Controller to processor data processing agreement
20. Annex – Description of Personal Data to be processed under the Agreement
21. Part B – Controller to controller data process agreement

1              DEFINITIONS

In the Agreement, unless the context otherwise requires, the following expressions have the following meanings:

1.1 “Account Manager” means the point of contact in the first instance of a dispute or change request;

1.2 “Acquired Rights Directive” means the Council Directive 77/187 of 14 February 1977;

1.3 “Agreement” means the agreement for the provision of the Deliverables consisting of the Proposal, the Special Conditions, if any, and these General Terms and Conditions;

1.4 “Assumptions” means the assumptions (if any) made by the Parties to the Agreement, in relation to the supply of the Services and the performance of the Agreement, which are set out in the relevant Proposal;

1.5 “Bribery Act” means the Bribery Act 2010 and any subordinate legislation made under that Act from time to time, together with any guidance or codes of practice issued by the relevant government department concerning the legislation;

1.6 “CEDR” has the meaning given in Clause 12.5 (Dispute Escalation and Resolution);

1.7 “Change Request” has the meaning given in Clause 6.1 (Change Request for Services);

1.8 “Claiming Party” means the Party affected by a Force Majeure Event;

1.9 “Confidential Information” means all correspondence, conversations, information or data (whether oral, visual, recorded in writing, in any other medium or by any other method) disclosed to or obtained by one Party from the other or from a third-party, including any information relating to a Party’s IPR, operations, processes, plans, intentions, Rate Cards, pricing structures, know-how, design rights, trade secrets, software, market opportunities, customers, business affairs, personal and family affairs, the Agreement or information which the Parties knew or ought reasonably to have known to be confidential (whether or not marked as confidential or marked in accordance with the UK Government Security Classifications Policy (where applicable));

1.10 “Cost Estimates” has the meaning given in Clause 6.3 (Change Request for Services);

1.11 “Customer” means the person whose details are set out in the relevant Proposal who is purchasing Services from FCDO Services;

1.12 “Customer Delay” means any delay to FCDO Services in performing its obligations under the Agreement which is caused by, or is attributable to, a failure by the Customer to promptly
perform its own obligations under the Agreement, including but not limited to the prompt provision of information;

1.13 “Data Processing Agreement” means the agreement between the Parties in the form set out in the Schedule hereto;

1.14 “Deliverables” means the Services, any goods and/or any Documentation provided by FCDO Services in order to provide the Services or provided as part of the Services under the Agreement;

1.15 “Documentation” means the documentation created by FCDO Services in connection with the Services supplied;

1.16 “Environmental Information Regulations” means the Environmental Information Regulations 2004;

1.17 “Effective Date” means the date upon which the Agreement comes into effect as set out in Clause 3.8 (General);

1.18 “FCDO Services” means FCDO Services an Executive Agency of the Foreign, Commonwealth & Development Office, and a Trading Fund whose head office is at Hanslope Park, Milton Keynes, MK19 7BH United Kingdom;

1.19 “Financial Year” means the United Kingdom’s public sector fiscal year running from 1st April in one year to 31st March in the subsequent year;

1.20 “FOIA” means the Freedom of Information Act 2000 and any subordinate legislation made under such Act from time to time;

1.21 “Fees” means the price payable to FCDO Services by the Customer for the Services as set out in the relevant Proposal;

1.22 “Force Majeure Event” means, but is not limited to, the occurrence after the date of this Agreement of events which result from circumstances outside the control of the Claiming Party and
which directly cause the Claiming Party to be unable to comply with all or a material part of its obligations (other than payment) under this Agreement;

1.23 “General Terms and Conditions” means these terms and conditions forming part of the Agreement;

1.24 “Government” means the government of the United Kingdom including any government minsters, government departments, and any government bodies, persons, commissions or agencies;

1.25 “IPR” means:

(a) copyright, rights related to or affording protection similar to copyright, rights in databases, patents and rights in inventions, semi-conductor topography rights, trademarks, service marks, database rights, rights in internet domain names and website addresses and other rights in trade names, designs, know-how, trade secrets, and other rights in Confidential Information;

(b) applications for registration, and the right to apply for, renew or extend registration, for any of the rights listed at (a) that are capable of being registered in any country or jurisdiction; and

(c) all other rights having equivalent or similar effect in any country or jurisdiction;

1.26 “Information” the meaning given under Section 84 of the Freedom of Information Act 2000;

1.27 “Mediator” has the meaning given in Clause 12.5 (Dispute Escalation and Resolution);

1.28 “Party or Parties” means either the Customer or FCDO Services and together means the Parties;

1.29 “Prohibited Act” means of the Customer (a) to directly or indirectly offer, promise or give any person working for or engaged by FCDO Services a financial or other advantage to: (i) induce that person to perform improperly a relevant function or activity; or (ii) reward that person for improper performance of a relevant function or activity; (b) to directly or indirectly request, agree to receive or accept any financial or other advantage as an inducement or a reward for improper performance of a relevant function or activity in connection with an Agreement or any other agreement; or (c) committing any offence: (i) under the Bribery Act; (ii) under legislation creating offences concerning fraudulent acts; (iii) at common law concerning fraudulent acts relating to an Agreement or any other contract or arrangement with FCDO Services; or (iv) defrauding, attempting to defraud or conspiring to defraud FCDO Services;

1.30 “Proposal” means the agreed proposal detailing the Deliverables to be supplied by FCDO Services to the Customer;

1.31 “Rate Cards” means the list of prices applicable to the Services, or any or any part of them, as amended from time to time and as set out in the relevant Service Definition or as otherwise published or notified to the Customer by FCDO Services;

1.32 “Recipient” means a Party in receipt of the other’s Confidential Information;

1.33 “Relevant Transfer” means a transfer of employment to which the Transfer of Undertaking (Protection of Employment) Regulations 2006 (SI 2006/246) or COSOP (Cabinet Office Statement of Practice) (as applicable) as amended or replaced or any other Regulations implementing the Acquired Rights Directive applies;

1.34 “Request for Information” means a request for information or an apparent request under the FOIA or the Environmental Information Regulations;

1.35 “Security Aspects Letter” means the written guidance between the Parties detailing the minimum requirements for the safekeeping of the assets involved in the contract;

1.36 “Service Definitions” means the details and / or specifications for the Services, or any of them as set out or amended and notified to the Customer from time to time by FCDO Services in writing;

1.37 “Service Requirements” means the requirements for the supply of Services, or any of them as set out or amended and notified to the Customer from time to time by FCDO Services in writing;

1.38 “Services” means the services to be supplied by FCDO Services to the Customer as detailed in the relevant Proposal;

1.39 “Special Conditions” means the special conditions for the supply of Services attached to the relevant Proposal;

1.40 “Specification” means the specification for Services annexed to the relevant Proposal;

1.41 “Trading Fund” means a body or part of government established by means of an order under the Government Trading Funds Act 1973;

1.42 “UK Government Security Classifications Policy” means the Government’s security classifications policy accessible at https://www.gov.uk/government/publications/government-security-classifications/government-security-classifications-policy-html#definitions-for-official-secret-and-top-secret, as amended from time to time; and

1.43 “Working Day” means a day that is not a weekend, or a public, statutory or bank holiday in England.

2             PURPOSE

2.1 These General Terms and Conditions set out the general terms which will govern trading between the Customer and FCDO Services where the Customer tasks FCDO Services to supply the Deliverables.

3             GENERAL

3.1  Any reference to a statute, statutory provision or statutory instrument includes a reference to that statute, statutory provision or statutory instrument together with all rules and regulations made under it and as from time to time amended, consolidated or re-enacted and in the case of FOIA and Environmental Information Regulations shall include any guidance and/or codes of practice issued by the relevant government department or statutory body.

3.2 Words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa.

3.3 The terms “including”, “include”, “in particular” or any similar expression shall be construed as illustrative and shall not limit the sense of the words preceding those terms.

3.4 Clause headings shall not affect the interpretation of these General Terms and Conditions.

3.5 References to Clauses and Schedules are to the clauses of and schedules to these General Terms and Conditions unless the contrary is stated.

3.6 If there is any inconsistency between the provisions of the applicable Proposal, Special Conditions and the General Terms and Conditions, the terms shall prevail in the following descending order:

(a) any Change Request;

(b) General Terms and Conditions which include the Special Conditions;

(c) agreed Proposal;

(d) the agreed Service Definition(s); and

(e) the Service Requirements.

3.7 These General Terms and Conditions apply to the Agreement to the exclusion of any other terms, conditions, or representations that the Customer seeks to impose or incorporate, whether oral or written, in any purchase order, or otherwise, or which are or have been implied by trade, custom, practice or course of dealing. Except as expressly permitted by the Agreement, no addition to or modification of the Agreement, including of these General Terms and Conditions, shall be binding upon the Parties unless made by a written instrument signed by duly authorised representatives of FCDO Services and the Customer.

3.8 Subject to a data processing agreement being entered into (if required) in accordance with Clause 18.2, the Proposal shall be deemed to be accepted on signature of the Proposal by the Customer. Acceptance of the provision of the Deliverables shall be deemed conclusive evidence of the Customer’s acceptance of the Agreement.

4             OBLIGATIONS OF THE PARTIES AND FEES

4.1 FCDO Services shall use its reasonable endeavours to provide the Services specified in the Proposal.

4.2 In the event of a Customer Delay, FCDO Services shall be entitled to a reasonable extension of time to perform its obligations, and the Customer shall not be entitled to any remedy for such late performance and FCDO Services shall not be held liable for such Customer Delay.

4.3 After the Customer Delay, FCDO Services is entitled to:

(a) reconsider whether or not it can deliver the Deliverables and the attainment of any milestones agreed prior to the Customer Delay (and reserves the right to require an extension of time not less than the duration of the Customer Delay (for which the Customer shall not unreasonably withhold its consent) and/or suspend or terminate entirety of the Agreement under Clause 11 (Termination) or any part of the Deliverables if it cannot provide the Deliverables and/or attain the milestones as a result of the Customer Delay); and/or

(b) retain any monies paid for the Deliverables already provided; and/or

(c) recover from the Customer any additional costs incurred by FCDO Services during the Customer Delay; and

(d) charge the Customer increased rates if the delivery of the Deliverables falls into the next Financial Year.

4.4 The Customer shall pay the Fees to FCDO Services as set out in the relevant Proposal. If any Assumptions prove to be incorrect, then FCDO Services may make an equitable adjustment to the fees to take account of any such inaccuracy.

4.5 FCDO Services shall be entitled to invoice the Customer as follows and the Customer shall pay such invoice within thirty (30) days of the date of invoice unless otherwise set out in the relevant Proposal:

(a) on a monthly basis in arrears;

(b) for single payment Fees on or after the date stipulated in the Proposal;

(c) for recurring Fees, in advance on or after the Effective Date and thereafter at such periodic intervals as specified in the Proposal for the relevant Services;

(d) otherwise at such stages or intervals as shall have been agreed in writing with the Customer in respect of a particular Service; and/or

(e) if no payment date and/or interval is specified in the Proposal or otherwise agreed in writing by the Parties on or after the Effective Date, payment will become due thereafter on a monthly basis as applicable.

4.6 Subject to any Special Conditions stated in the relevant Proposal, FCDO Services may invoice the Customer for the Fees monthly in arrears after the date of commencement of the provision of the Deliverables.

4.7 The Customer shall pay the Fees, by the time period specified in Clause 4.5, without deduction or set off (whether formally demanded or not) in UK sterling (or such other currency specified in the relevant Proposal).

4.8 Time for payment shall be of the essence.

4.9 The Fees are exclusive of shipping costs, insurance, value added tax, import duties, withholding tax, stamp duties, sales, use, consumption, transfer or other taxes or similar charges (if any). All such fees, charges, duties, and taxes shall be paid by the Customer at the rates and in the manner for the time being prescribed by applicable law.

4.10 No payment shall be deemed to have been received until FCDO Services has received cleared funds.

4.11 If any sum payable under the Agreement is not paid by the due date specified in Clause 4.5 for reasons not attributable to FCDO Services then:

(a) FCDO Services shall be entitled to charge the Customer interest on the overdue amount, from the due date specified in Clause 4.5 up to the date of receipt of cleared funds, after as well as before judgement, at the rate of 8 per cent per annum above the base rate for the time being of the Bank of England. Such interest shall accrue on a daily basis and be compounded quarterly;

(b) FCDO Services may suspend the supply or further supply of the Deliverables under the Agreement until receipt by FCDO Services of all outstanding amounts in full; and

(c) if payment of all outstanding sums is not received by FCDO Services within fourteen (14) Working Days of the due date specified in Clause 4.5, FCDO Services shall be entitled to terminate the Agreement with immediate effect pursuant to Clause 11.1(a) and the provisions of Clauses 11.7 and 11.8 (Termination) will apply.

4.12 Each Party shall always act in good faith towards the other Party in connection with this Agreement. This includes a duty to act with honesty and sincerity in all aspects of the Agreement, including but not limited to entering into, conducting its obligations in, or exercising any of its rights under, this Agreement.

5             RELATIONSHIP BETWEEN THE PARTIES

5.1 Neither Party shall have any right or power whatsoever to contract on behalf of the other Party or bind the other in any way in relation to third-parties, except as specifically authorised in writing by that Party.

5.2 It is agreed that nothing contained in the Agreement shall be construed as or have effect as constituting the relationship of employer and employee or a partnership or joint venture between the Customer and FCDO Services, nor authorise any Party to act as the agent of the other Party, nor authorise either Party to make or enter into any commitments for or on behalf of the other Party.

5.3 FCDO Services shall, acting reasonably, be entitled to assume, and the Customer shall ensure, that the Customer contact identified in the relevant Proposal, or any other Customer contact identified (whether formally or informally) by the Customer from time to time is duly authorised to represent and make any decisions on behalf of the Customer in respect of the Agreement (including decisions relating to any Change Request, extension or renewal of the Agreement).

5.4 For the duration of the Agreement and for a period of twelve (12) months thereafter the Customer shall not employ or offer employment to any of FCDO Service’s staff who have been associated with the procurement, Service delivery and/or the contract management of the Services without FCDO Service’s prior written consent, save as to when a Relevant Transfer applies to such member of staff.

6             CHANGE REQUEST FOR SERVICES

6.1 Where either Party (“the Initiating Party”) wishes to make material changes to the Specification, which may materially alter the manner in which the Services are provided, supplied or delivered, then the Initiating Party shall notify the other Party of these proposed changes in writing (“Change Request”).

6.2 The Change Request shall contain sufficient detail to enable the recipient of the Change Request to determine the full impact of the proposed change.

6.3 FCDO Services will produce a cost estimate for the implementation of the proposed change and a proposal as to how such costs will be met (“Cost Estimate”).

6.4 The Parties will negotiate any Change Request and the Cost Estimate in good faith but a change will only be implemented where both duly authorised Parties agree to it in writing.

6.5 Where the Customer is the Initiating Party, FCDO Services shall be entitled to make a reasonable charge for considering any Change Request.

6.6 FCDO Services reserves the right to make any change to the Services or Specification which is necessary to comply with any change in legislation and/or regulation taking effect after the date of this Agreement. All costs of such change shall be met by the Customer, or where in FCDO Services’ reasonable opinion a change is necessary to ensure compliance with any legislation and/or regulation, FCDO Services reserves the right to terminate the Agreement immediately (at its sole discretion) by serving written notice on the Customer (subject to a reimbursement (on a pro-rata basis and the Customer paying the monies due under Clause 11.7(e) (Termination)) of any Fees already paid by the Customer for any Deliverables not yet provided by FCDO Services in the event that:

(a) FCDO Services determines that it is not reasonably and/or commercially possible to make a change to the Services in order to comply with the change required in Clause 6.6 without materially affecting the Services and/or the Agreement; and/or

(b) the Customer notifies FCDO Services that it shall not pay the costs of preparing and effecting such changes determined necessary by FCDO Services in response to change required in this Clause 6.6.

6.7 FCDO Services reserves the right to make any changes to the Specification which are required to conform with any applicable laws, regulatory policies, Service Requirements, guidelines or industry codes, regulatory and/or statutory or European Union requirements or, where the any Deliverables are to be supplied to FCDO Services’ specification, which do not materially affect their quality or performance.

6.8 If any changes are made in accordance with this Clause 6 then FCDO Services shall make appropriate modifications to the Fees to reflect such changes as agreed. The provisions of the Agreement shall then apply to the Fees as so modified.

6.9 On or before the Effective Date, the Parties will each identify to the other in writing, the name and contact details of their Account Manager within their respective organisations to whom any request for change should be addressed.

7             CONFIDENTIALITY AND INFORMATION DISCLOSURE

7.1 No Party will disclose, and each Party will take all proper steps to keep confidential, all Confidential Information of the other which is disclosed to or obtained by it under or as a result of the Agreement and will not divulge it to any third-party or employee, except for the purposes of carrying out their obligations under the Agreement. A Party in receipt of the other’s Confidential Information (“Recipient”) must ensure that its employees and relevant third-parties, including but not limited to its professional advisers, are aware of the confidential nature of the Confidential Information and comply with the provisions of this Clause 7 as if named as a Party to the Agreement. No Party shall use for its own or another’s commercial advantage any Confidential Information relating to the other Party. Each Party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents or any other third parties in violation of the terms of the Agreement.

7.2 If the Recipient loses any material or item containing Confidential Information of the other Party, the Recipient must promptly, and without delay, notify the other Party of the loss and all the circumstances surrounding it. For the avoidance of doubt, this reporting obligation includes any information marked under a classification in the UK Government Security Classifications Policy, which must be reported in accordance with the obligations under the UK Government Security Classifications Policy.

7.3 The obligations of confidentiality under this Clause 7 do not apply to any information or material which the Recipient can prove:

(a) was already known to it before it received it from the disclosing party;

(b) was subsequently disclosed to it lawfully by a third-party who did not obtain it (whether directly or indirectly) from the disclosing Party;

(c) was in the public domain at the time of receiving it or has subsequently entered into the public domain other than by reason of breach of this Clause 7 or of any obligation of confidence owed by the Recipient or by any of its sub-contractors or sub-licensees to the disclosing party;

(d) was required to be disclosed by law, order of a court of competent jurisdiction or a governmental or regulatory body; or

(e) is independently developed by the receiving Party, where such independent development can be shown by written evidence.

7.4 The obligations of confidentiality imposed by this Clause 7 will remain in full force and effect notwithstanding expiry or termination of the Agreement for any reason.

7.5 FCDO Services may at any time disclose its appointment by the Customer to third-parties and the general nature of the Deliverables provided, with no reference to Fees, as a reference in the reasonable conduct of its business.

7.6 Nothing in the Agreement shall prevent FCDO Services from using outside of the Agreement any general knowledge, experience or skill which was in FCDO Services’ possession prior to the Agreement or which is independently developed or acquired otherwise than in the supply of the Deliverables.

7.7 The Customer acknowledges that (notwithstanding the provisions of this Clause 7) FCDO Services may, acting in accordance with the Secretary of State’s Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (the “Code”), be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Customer or the Services:

(a) in certain circumstances without consulting the Customer including for the avoidance of doubt Confidential Information); or

(b) following consultation with the Customer and having taken their views into account,
provided always that where Clause 7.7(a) applies FCDO Services shall, in accordance with any recommendations of the Code, take reasonable steps, where appropriate, to give the Customer advanced notice, or failing that, to draw the disclosure to the Customer’s attention after any such disclosure.

7.8 If the Customer is subject to the requirements of FOIA and/or the Environmental Information Regulations:

(a) FCDO Services shall assist and co-operate fully with the Customer to enable the Customer to comply with its Information disclosure obligations; and

(b) the rights and obligations of the Customer set out in this Clause 7 shall apply to FCDO Services (and the rights and obligations of FCDO Services set out in these Paragraphs shall apply to the Customer) mutatis mutandis.

7.9 The Customer acknowledges and agrees that nothing in this Clause 7 shall impose any obligations on FCDO Services to disclose to any third-party any Customer Data stored in relation to the Deliverables.

7.10 The Customer acknowledges that it may from time to time receive information from FCDO Services which is classified under the UK Government Security Classifications Policy and agrees that it shall comply with:

(a) the UK Government Security Classifications Policy; and

(b) all instructions notified to it by FCDO Services with respect to the handling of such information;
at all times. The Customer shall promptly notify FCDO Services of any breaches of the UK Government Security Classifications Policy and/or the instructions notified to it by FCDO Services regarding the handling of such information and shall take all such steps as required by FCDO Services to rectify such breach(es).

8             LIMITATION OF LIABILITY AND INDEMNITY

8.1 Subject to Clause 8.9, FCDO Services shall not be liable to the Customer because of any Force Majeure Event, representation or any warranty (express or implied), condition or other term, or any duty at common law, or under the express terms of the Agreement, for:

(a) any loss of profit, business, contracts, opportunity, goodwill, revenues, anticipated savings, or similar loss; and/or

(b) any indirect, special, or consequential loss or damage (whether for loss of profit or otherwise); and/or

(c) any loss or damage caused to goods in transit as title and risk vests with the Customer during carriage,
whether caused by the negligence, breach of contract, tort, breach of statutory duty of FCDO Services or otherwise arising out of or in connection with the Agreement.

8.2 Subject to Clauses 8.1 and 8.9, the total liability in aggregate of FCDO Services to the Customer:

(a) in contract, tort (including negligence), breach of statutory duty otherwise arising out of or in connection with the Agreement but excluding breach of its obligations under Clause 18 (Data Protection) in the period of twelve (12) months measuring back from the proximate date of causation, shall be limited to a sum equal to fifty percent (50%) of the aggregate Fees actually paid by the Customer to FCDO Services pursuant to the Agreement in such twelve (12) month period; and
The Customer shall not be entitled to set-off any liabilities of FCDO Services.

8.3 The Customer warrants that the Assumptions are valid, correct and accurate and the Customer shall be responsible for and shall defend, indemnify and hold harmless FCDO Services, from and against all claims, losses, damages, costs (including legal costs), expenses and liabilities of every kind or nature in respect of personal injury, illness or death or damage to or loss of the personal property of any officer, employee, consultant, agent, sub-contractor or representative of the Customer and any other third-party, arising out of or in connection with the Assumptions proving to be inaccurate or incorrect.

8.4 The Customer accepts that the indemnity set out in Clause 8.3 above is reasonable in respect of the Deliverables provided and that it will insure against such liability and warrants that it will maintain adequate insurance with a reputable insurer to cover any resulting liability.

8.5 Except in relation to fraudulent misrepresentation:

(a) no Party shall have any right or liability in respect of any statement, representation or promise made; and

(b) each Party acknowledges and accepts that, in entering into these Terms and Conditions, it has not relied upon any statement, representation or promise except as set out in these Terms and Conditions.

8.6 Subject to Clause 8.9, FCDO Services shall have no liability under the Agreement unless all Fees due to FCDO Services under the Agreement have been received in full and in cleared funds by FCDO Services.

8.7 FCDO Services may at any time, without notice to the Customer, set off any liability of the Customer to FCDO Services against any liability of FCDO Services to the Customer, whether either liability is present or future, liquidated or unliquidated, and whether or not either liability arises under this Agreement. If the liabilities to be set off are expressed in different currencies, FCDO Services may convert either liability at a market rate of exchange into GBP for the purpose of set-off. Any exercise by FCDO Services of its rights under this Clause shall not limit or affect any other rights or remedies available to it under this Agreement or otherwise.

8.8 FCDO Services shall maintain insurance policies it is required to under English law to cover its relevant potential liabilities under this Agreement, any and all of which shall have a limit on an aggregate basis and shall not be multiple-claim policies. On the written request of the Customer, FCDO Services shall provide the Customer with a copy of the schedule of insurance policies. For the avoidance of doubt, nothing in this Agreement shall be construed as a waiver by FCDO Services or its insurer of any right of subrogation its insurer may have save to the extent expressly agreed in any insurance policies maintained in accordance with this Clause.

8.9 Nothing in the Agreement will operate or be construed to operate so as to exclude or restrict the liability of FCDO Services to the Customer for fraud or for death or personal injury caused by the negligence of FCDO Services or for any matter which it would be illegal for the FCDO Services to exclude or attempt to exclude its liability.

9             FORCE MAJEURE

9.1 Neither Party shall have any liability or be deemed to be in breach of the Agreement for any failure to perform its obligations as a result of or due to a Force Majeure Event which affects it ability to perform its obligations.

9.2 The Claiming Party shall promptly notify the other Party in writing of the circumstances of the Force Majeure Event and when the Force Majeure Event ceases.

9.3 Without prejudice to Clause 9.4, if a Claiming Party is prevented from performing its obligations for a continuous period in excess of sixty (60) calendar days, FCDO Services may terminate the Agreement immediately by serving written notice on the Customer, in which case neither Party has any liability to the other except as regards rights and liabilities which have already accrued, which will continue to subsist or are expressed to continue beyond the termination of the Agreement.

9.4 FCDO Services shall have the right to terminate the Agreement at any time by serving written notice on the Customer during a period of Force Majeure if, in the reasonable opinion of FCDO Services, it is no longer economically viable for FCDO Services to continue providing the Deliverables.

9.5 Notwithstanding the occurrence of a Force Majeure Event, payment is to be provided for all Deliverables already supplied by FCDO Services to the Customer.

10           ASSIGNMENT

10.1 The Customer may not assign, transfer, sub-contract, or charge any of its rights, obligations, or liabilities in respect of the Agreement without the prior written consent of FCDO Services (at FCDO Services’ sole discretion).

11           TERMINATION

11.1 Without prejudice to any rights that have accrued under the Agreement or any of its rights or remedies, FCDO Services may terminate the Agreement without liability to the Customer immediately (or following such notice period as it sees fit), if:

(a) the Customer fails to pay any amount due under the Agreement on the due date for payment specified in Clause 4.5 and does not remedy such default in accordance with Clause 4.11; or

(b) the Customer repeatedly breaches any of the terms of the Agreement in such a manner as to reasonably justify the opinion of FCDO Services that the Customer’s conduct is inconsistent with it having the intention or ability to give effect to the terms of the Agreement; or

(c) the Customer suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or (being a company) is deemed unable to pay its debts within the meaning of Section 123 of the Insolvency Act 1986 or (being a natural person) is deemed either unable to pay its debts or as having no reasonable prospect of so doing, in either case, within the meaning of Section 268 of the Insolvency Act 1986 or (being a partnership) has any partner to whom any of the foregoing apply; or

(d) the Customer commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors; or

(e) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or on connection with the winding up of the Customer; or

(f) an application is made to court, or an order is made, for the appointment of an administrator or if a notice of intention to appoint an administrator is given or if an administrator is appointed over the Customer; or

(g) a floating charge holder over the assets of the Customer has become entitled to appoint or has appointed an administrative receiver; or

(h) a person becomes entitled to appoint a receiver over the assets of the Customer or a receiver is appointed over the assets of the Customer; or

(i) the Customer, being an individual, is the subject of a bankruptcy petition or order; or

(j) a creditor or encumbrancer of the Customer attaches or takes possession of, or a distress, execution, sequestration, or other such process is levied or enforced on or sued against, the whole or any part of its assets and such attachment or process is not discharged within fourteen (14) calendar days; or

(k) any event occurs, or proceeding is taken, with respect to the Customer in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in Clause 11.1(c) to Clause 11.1(j) (inclusive); or

(l) the Customer suspends or ceases, or threatens to suspend or cease, to execute all or a substantial part of its business; or

(m) the Customer, being an individual, dies or, by reason of illness or incapacity (whether mental or physical), is incapable of managing his or her own affairs or becomes a patient under any mental health legislation; or

(n) or if FCDO Services has reasonable grounds for suspecting that the Customer is about to undergo any of the events specified in this Clause 11.1; or

(o) there is a change of control of the Customer; or

(p) in the event of a breach by the Customer of its anti-bribery obligations under Clause 16 (Anti-Bribery and Corruption and other Customer Obligations).

11.2 FCDO Services is entitled to terminate the Agreement immediately by giving written notice to the Customer if the Customer commits an irremediable material breach of the Agreement, including but not limited to its obligations under Clauses 15 (Freedom of Information) or 16 (Anti-Bribery and Corruption and other Customer Obligations), any modern slavery requirements or obligations, fraudulent conduct, or any other material breach of the Agreement and fails to remedy that breach within fifteen (15) calendar days of being required to do so.

11.3 If any of the provisions or part of a provision of the Agreement is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions or provision will not be prejudiced unless the substantive purpose of the Agreement is then frustrated, in which case the relevant provisions or part of the provision will deemed to be amended to the minimum extent possible to render it legally enforceable and in-keeping with the spirit of the Agreement.

11.4 If either Party consider a provisions or part provision of the Agreement to be illegal or unenforceable, it shall notify the other Party and the Parties shall negotiate in good faith to agree a replacement provision, amended to the minimum extent possible, to achieve the intended commercial result of the original provision. Such consent shall not be unreasonably withheld by either Party.

11.5 FCDO Services may terminate the Agreement in accordance with Clauses 4.3(a) and 4.11(c) (Obligation of the Parties and Fee), Clause 6.6 (Change Request for Services), and Clauses 9.3 and 9.4 (Force Majeure).

Partial Termination

11.6 Where FCDO Services has the right to terminate the Agreement, FCDO Services may do so in whole, or in part provided that the remaining parts of the Agreement can still operate effectively to deliver the intended purpose. Where FCDO Services terminates this Agreement in part the remainder of the Agreement shall remain in force and unaffected.
Consequences of Termination

11.7 Termination of the Agreement shall be without prejudice to the accrued rights or remedies of the Parties under the Agreement or in law or equity at the date of termination and will not affect the coming into force or the continuation in force of any of its provisions which expressly or by implication are intended to come into force or to continue in force on or after termination. Upon termination of the Agreement pursuant to this Clause 11 unless otherwise provided for in writing by the Parties:

(a) the licence rights granted to Customer in relation to the Documentation under Clause 14.8 (Miscellaneous) the Agreement will immediately terminate except where such rights are stated to survive termination in the Agreement;

(b) the Customer will:

(i) promptly return to FCDO Services any property of FCDO Services in their possession and/or control; and

(ii) destroy any Confidential Information and provide a certificate of destruction for the balance of Confidential Information (save for a single copy of FCDO Services’ Confidential Information which the Customer may retain if required or permitted by law); and

(iii) provide a single copy of all Confidential Information being retained as required or permitted by law (if required for statutory purposes) to FCDO Services,
and shall procure that its sub-contractors do the same,

(c) FCDO Services will return to the Customer any and all Confidential Information of the Customer in its possession or provide a single copy of all Confidential Information to Customer and provide a certificate of destruction for the balance of the Confidential Information (save for a single copy of the Customer’s Confidential Information which FCDO Services may retain if required or permitted by law);

(d) the Customer will pay to FCDO Services any amounts payable for the Customer’s use of the Deliverables to the date of the termination; and

(e) the Customer will pay to FCDO Services any and all costs arising from early termination and any other costs whether or not they are stipulated in the Price List, the Order Form, or as otherwise indicated by FCDO Services as payable for early termination including any incidental costs FCDO Services incurs arising from the early termination and/or for the transfer to a third party service provider.

11.8 In the event of termination of the Agreement, the Customer and FCDO Services shall use reasonable endeavours to cooperate in order to ensure the smooth transition or hand over of the Services. This shall include as a minimum a jointly produced exit plan, the preparation and deployment of which may incur an exit fee for the jointly produced exit plan. FCDO Services reserves the right to charge the Customer at FCDO Services’ standard commercial rates in force at the time of the termination for the exit-related services. FCDO Services will invoice for such exit-related services in accordance with Clause 4.5 (Obligations of the Parties and Fees). The Customer shall pay for all such exit-related services in accordance with Clause 4.4. FCDO Services will use its reasonable endeavours to notify the Customer with an estimate of the charges in advance of the termination.

12           DISPUTE ESCALATION AND RESOLUTION

12.1 The Parties shall commence negotiations for a settlement to any dispute between them arising out of or in connection with the Agreement within ten (10) Working Days of either Party notifying the other of the dispute such efforts shall involve the escalation of the dispute to the authorised representative (or equivalent) of each Party as previously notified in or pursuant to the Agreement.

12.2 Nothing in this dispute resolution procedure shall prevent the Parties from seeking from any court of the competent jurisdiction an interim order restraining the other Party from doing any act or compelling the other Party to do any act.

12.3 If the dispute cannot be resolved by the Parties pursuant to Clause 12.1 the dispute shall be referred to mediation pursuant to the procedure set out in Clause 12.5 unless (a) FCDO Services considers in its sole discretion that the dispute is not suitable for resolution by mediation; or (b) the Customer does not agree to mediation.

12.4 The performance of the Agreement shall not be suspended, cease or be delayed by the referral of a dispute to mediation and FCDO Services (or its employee, agent, supplier, or sub-contractor) shall comply fully with the requirements of the Agreement at all times.

12.5 The procedure for mediation and consequential provisions relating to mediation are as follows:

(a) a neutral adviser or mediator (the “Mediator”) shall be chosen by agreement between the Parties or, if they are unable to agree upon a Mediator within ten (10) Working Days after a request by one Party to the other, or if the Mediator agreed upon is unable or unwilling to act (together the “Mediator Proposal Date”), either Party shall within ten (10) Working Days of the Mediator Proposal Date apply to the Centre for Effective Dispute Resolution (“CEDR”) to appoint a Mediator;

(b) the Parties shall within ten (10) Working Days of the appointment of the Mediator, meet with them in order to agree a programme for the exchange of all relevant information and the structure to be adopted for negotiations to be held. If considered appropriate, the Parties may at any stage seek assistance from CEDR to provide guidance on a suitable procedure;

(c) unless otherwise agreed, all negotiations connected with the dispute and any settlement agreement relating to it shall be confidential and without prejudice to the rights of the Parties in any future proceedings. The Customer hereby acknowledges and agrees that FCDO Services reserves the right to report such information to the Government when FCDO Services is directed to disclose it by the Government or the Government’s request for disclosure of said information is made as part of its duties and/or function;

(d) if the Parties reach settlement on the resolution of the dispute, the settlement shall be reduced to writing and shall be binding on the Parties once it is signed by their duly authorised representatives;

(e) failing agreement, either of the Parties may invite the Mediator to provide a non-binding but informative opinion in writing. Such an opinion shall constitute Confidential Information and shall be provided on a without prejudice basis and shall not be used in evidence in any proceedings relating to the Agreement without the prior written consent of both Parties; and

(f) if the Parties fail to reach agreement in the structured negotiations within thirty (30) Working Days of the Mediator being appointed, or such longer period as may be agreed by the Parties, then any dispute or difference between them may be referred to and finally determined by the arbitration procedure set out in Clause 12.6.
12.6 If any arbitration proceedings are commenced pursuant to Clause 12.5(f), the following provisions shall apply:

(a) the arbitration shall be governed by the provisions of the Arbitration Act 1996;

(b) FCDO Services shall give a written notice of arbitration to the Customer (the “Arbitration Notice”) stating:

(i) that the dispute is referred to arbitration; and

(ii) providing details of the issues to be resolved;

(c) the London Court of International Arbitration (the “LCIA”) procedural rules in force at the date that the dispute was referred to arbitration in accordance with Clause 12.5(f) shall be applied and are deemed to be incorporated by reference to the Agreement and the decision of the arbitrator shall be binding on the Parties in the absence of any material failure to comply with such rules;

(d) the tribunal shall consist of a sole arbitrator to be agreed by the Parties;

(e) if the Parties fail to agree the appointment of the arbitrator within 10 (ten) days of the notice of arbitration or if the person appointed is unable or unwilling to act, the arbitrator shall be appointed by the LCIA;

(f) the arbitration proceedings shall take place in London and in the English language; and

(g) the arbitration proceedings shall be governed by, and interpretations made in accordance with, English law.

13           GOVERNING LAW

13.1 The Agreement and these General Terms and Conditions are governed by and shall be construed in accordance with the laws of England and Wales and any dispute arising out of or in connection with it shall be subject to the exclusive jurisdiction of the courts of England and Wales.

13.2 Clause 13.1 shall be binding upon any Party who acquires rights under the Agreement by operation of law or otherwise. Any such Party who intends to commence legal proceedings in relation to a dispute arising out of or in connection with the Agreement shall, as a precondition of commencing such proceedings, give prior written notice to all the Parties to the Agreement that it agrees to be bound by Clause 13.1.

14           MISCELLANEOUS

14.1 Both Parties warrant that they have the requisite power and authority to enter into and perform their obligations under the Agreement and that the representative, who signs the Agreement, holds duly delegated authority to do so.

14.2 FCDO Services may perform any or all of its obligations under the Agreement through agents or sub-contractors.

14.3 Any typographical, clerical, or other error or omission in any sales literature, Rate Card, contract proposal, Proposal, or invoice issued by FCDO Services shall be subject to correction without any liability on the part of FCDO Services.

14.4 Subject to the specific limitations set out in the Agreement, no remedy conferred by any provision of the Agreement is intended to be exclusive of any other remedy except as expressly provided for in the Agreement and each and every remedy shall be cumulative and shall be in addition to every other remedy given thereunder or existing at law or in equity by statute or otherwise.

14.5 FCDO Services and/or its licensors shall own and retain ownership of the IPR in all Deliverables supplied to the Customer in connection with the supply of the Services or otherwise whether it constitutes existing IPR or newly created IPR as part of the Deliverables. Except as expressly stated in this Agreement, the Customer is not granted any rights to, or in, any such IPR or any other rights or licences in respect of the Deliverables.

14.6 FCDO Services confirms that it has all the rights in relation to the Deliverables that are necessary to grant all the rights it purports to grant under, and in accordance with, this Agreement.

14.7 The Customer shall not modify or alter the IPR in any way without the prior written approval of FCDO Services.

14.8 Subject to:

(a) the Customer’s compliance with its obligations of payment under the Agreement;

(b) Clause 14.9; and

(c) the Customer executing (or otherwise accepting) such further licence agreements and other Documentation as may be provided by or on behalf of FCDO Services,
FCDO Services shall (or procure that its licensors shall) grant the Customer, within the UK only, a limited, non-exclusive, non-transferable, revocable licence to use the Documentation in relation to the Services and only for the purpose and term specified in the relevant Proposal. All rights not expressly granted by FCDO Services herein are reserved. The Customer shall not use the Documentation for any purpose other than as expressly permitted under the Agreement or in the Proposal and shall not re-supply, or engage in any business involving the supply of, access to, or use of the Documentation.

14.9 The Customer’s right to use any software supplied under the Agreement will be governed by separate licence terms. Nothing in the Agreement shall create any rights by way of licence or otherwise to any software supplied by FCDO Services to the Customer under the Agreement and the Customer agrees not to challenge FCDO Services (or FCDO Services’ licensors) ownership of such software.

14.10 Any notices served by the Parties may be delivered by email or by hand or sent by first class or equivalent, pre-paid, recorded delivery or equivalent post marked for the attention of the other Party’s relevant contact specified in the relevant Proposal. All notices under this Clause 14.10 will be deemed duly served:

(a) in the case of a notice delivered by hand, at the time of delivery;

(b) in the case of a notice sent to from within the United Kingdom by first class, pre-paid, recorded delivery, two (2) clear Working Days after the date of dispatch;

(c) in the case of a notice sent from outside the United Kingdom by registered post airmail, seven (7) Working Days (being working days in the place to which the notice is dispatched) after the date of dispatch; or

(d) in the case of an email, if sent during normal business hours of FCDO Services at the time of transmission and if sent outside normal business hours of FCDO Services then on the following Working Day.

14.11 Each Party confirms that it has not relied upon any representation not recorded in the Agreement inducing it to enter into the Agreement.

14.12 The Agreement shall not confer any rights on any person or party (other than the Parties to the Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999. No term of the Agreement is intended to confer a benefit on, or to be enforceable by, any person who is not a party to it.

14.13 Where the Agreement terminates or expires for any reason and FCDO Services provides any further Deliverables for the Customer (“Further Services”) then, in the absence of any further written agreement between the Parties, the terms of the Agreement will apply to the Further Services.

14.14 No course of dealing, nor failure to exercise, nor delay by either Party in enforcing its respective rights will prejudice or restrict the rights of that Party, and no waiver of any such rights or of any breach of any terms of the Agreement will be deemed to be a waiver of any other right or of any later breach.

14.15 This Agreement constitutes the entire agreement and understanding between the parties with respect to the subject matter hereof and supersedes any prior agreement, understanding or arrangement between the parties, whether oral or in writing.

15           FREEDOM OF INFORMATION

15.1 The Customer acknowledges that FCDO Services is subject to the requirements of the FOIA and the Environmental Information Regulations and therefore agrees that it shall assist and co-operate fully with FCDO Services to enable FCDO Services to comply with its Information disclosure obligations.

15.2 If the Customer is also subject to the requirements of the FOIA or the Environmental Information Regulations this Clause 15 may be read as if the roles were reversed.

15.3 In accordance with Clause 15.1, the Customer shall and shall procure that its sub-contractors or agents shall:

(a) transfer to FCDO Services all Requests for Information that it receives in relation to the subject matter of the Agreement as soon as practicable and in any event within two (2) Working Days of receiving a Request for Information;

(b) provide FCDO Services with a copy of all Information in its possession or power in the manner and form that FCDO Services requests as soon as practicable and in any event within five (5) Working Days (or such other period as FCDO Services may specify) of FCDO Services’ request; and

(c) provide all necessary assistance as reasonably requested by FCDO Services to enable FCDO Services to respond to the Request for Information within the time for compliance set out in Section 10 of the FOIA or Regulation 5 of the Environmental Information Regulations.

15.4 FCDO Services shall be responsible for determining in its sole and absolute discretion and notwithstanding any other provision in the Agreement or any other agreement, whether the Information is exempt from disclosure in accordance with the provisions of the FOIA or the Environmental Information Regulations and shall act in accordance with Clause 7.7 (Confidentiality and Information Disclosure) regarding any disclosure.

15.5 The Customer agrees that it or its staff, sub-contractors or agents shall not respond directly to a Request for Information unless expressly authorised to do so by FCDO Services.

16          ANTI-BRIBERY AND CORRUPTION AND OTHER CUSTOMER OBLIGATIONS

16.1 The Customer:

(a) shall not in connection with the Agreement commit a Prohibited Act; and

(b) warrants, represents and undertakes that it is not aware of any financial or other advantage being given to any person working for or engaged by FCDO Services, or that an agreement, has been reached to that effect, in connection with the execution of the Agreement, excluding any arrangement of which full details have been disclosed in writing to FCDO Services before execution of the Agreement.

16.2 The Customer shall:

(a) if requested, provide FCDO Services with any reasonable assistance, at FCDO Services’ reasonable cost, to enable FCDO Services to perform any activity required by any relevant government or agency in any relevant jurisdiction for the purpose of compliance with the Bribery Act; and

(b) certify to FCDO Services in writing (such certification to be signed by an officer of the Customer) within ten (10) calendar days of the Effective Date, and at any time when requested by FCDO Services thereafter, that all persons associated with it or other persons who are supplying goods or services shall comply with this Clause 16. The Customer shall provide such supporting evidence of compliance as FCDO Services may reasonably request.

16.3 The Customer shall have in place an anti-bribery policy (which shall be disclosed to FCDO Services on request) to prevent it from committing a Prohibited Act and shall enforce it where appropriate.

16.4 If any breach of this Clause 16 is suspected or known, the Customer must notify FCDO Services immediately if it knows or suspects that the Customer has breached Clause 16 and the Customer must respond promptly, (and in any event within five (5) Working Days) to FCDO Services’ enquiries, co-operate with any investigation, and allow FCDO Services to audit its books, records and any other relevant documentation.

16.5 If the Customer notifies FCDO Services that it suspects or knows that there may be a breach of Clause 16.1, the Customer must respond within five (5) Working Days to FCDO Services’ enquiries, co-operate with any investigation, and allow FCDO Services to audit books, records and any other relevant documentation.

16.6 The Customer warrants and agrees that is in compliance with any and all applicable laws, regulations, and mandatory guidance or code of practices, including but not limited to:

(a) anti-slavery and human trafficking laws, statutes, regulations, and codes from time to time in force including but not limited to the Modern Slavery Act 2015; and

(b) any tax or social security obligations; and

(c) any policies issued by FCDO Services.

16.7 The Customer shall notify FCDO Services immediately if any breach of Clause 16.6 by the Customer is known or suspected by the Customer.

17           SECURITY

17.1 The Customer shall, and shall procure that its sub-contractors, employees, agents and relevant third-parties as may be necessary bring the provisions relating to secrecy and security, which are included in the Agreement and the relevant Proposal into operation and to such extent as FCDO Services may direct.

17.2 The Customer shall be responsible for ensuring that its employees or any relevant persons connected with the Customer as may be deemed necessary by FCDO Services are security cleared to the level required by FCDO Services before being permitted access to any Deliverables. FCDO Services shall not be liable for any performance of its obligations which is caused by a Customer Delay in procuring the completion of required vetting and/or security clearance of its employees, staff, representatives, and/or any third-parties.

17.3 Where the Customer is a Government organisation entering into a contractual relationship with FCDO Services, including the handling of Customer assets, the Customer will be responsible for ensuring that appropriate security controls are in place to protect its assets. The Customer shall provide written guidance, detailing the minimum requirements for the safekeeping of its assets involved, in the form of a Security Aspects Letter (SAL), including where (in relation to the OFFICIAL and SECRET designations used in the UK Government Security Classifications Policy):

(a) work on assets classified as OFFICIAL is to be conducted on premises occupied by FCDO Services, or OFFICIAL assets are to be released to FCDO Services;

(b) work on Customer assets classified as OFFICIAL is to include the SENSITIVE marker;

(c) OFFICIAL-SENSITIVE or above assets are to be developed by FCDO Services under the terms on this Agreement; and

(d) work is required on Customer assets classified at SECRET or above.

17.4 Where FCDO Services engages a sub-contractor to fulfil the requirements of the contract, FCDO Services will be responsible for cascading the requirements of the customer SAL to the sub-contractor.

18           DATA PROTECTION

18.1 When in the provision of Deliverables for the Customer pursuant to the Agreement, FCDO Services is required to process Personal Data on the Customer’s behalf, the Customer shall be the Data Controller and FCDO Services the Data Processor in respect of all such Personal Data unless the Customer is itself, in relation to any such Personal Data, the Data Processor on behalf of a third-party Data Controller, in which case FCDO Services shall be a Sub-processor in respect of that Personal Data.

18.2 It shall be a prerequisite to any such processing that the Parties to the Agreement enter into a Data Processing Agreement between them in the form set out in the Schedule and in any circumstances in which either: (a) FCDO Services is the Controller and the Customer is the Processor or Sub-Processor; or (b) both Parties are independent Controllers, the Parties shall enter into a data processing agreement on terms which are substantially similar to those set out in the Schedule with the appropriate roles applied.

18.3 In the event that the Parties are in a Controller to Processer relationship in respect of Personal Data under this Agreement, the Parties shall implement the data processing agreement based on the terms set out in Part A (Controller to Processor) of the Schedule. In the event that the Parties are independent Controllers in respect of Personal Data under this Agreement, the Parties shall implement the data processing agreement based on the terms set out in Part B (Controller to Controller) of the Schedule.

18.4 FCDO Services shall not be liable for any delay in performance of its obligations under the Agreement where such delay is caused by or attributable to the Customer’s failure to enter into a data processing agreement with FCDO Services which is in substantially the same form as the template set out in the Schedule. Where requested by FCDO Services, the Customer will confirm in writing to FCDO Services its security measures in relation to the processing of Personal Data, and for the avoidance of doubt this shall also be a prerequisite to any such processing and shall be agreed by both Parties. The failure of the Customer to execute a Data Processing Agreement pursuant to Clause 18.2 where required by FCDO Services shall be, unless it is agreed by both Parties that the Deliverables can and shall continue to be provided without the processing of Personal Data, a material breach of the Agreement.

18.5 For the purposes of this Clause 18 the terms “Data Controller”, “Data Processor”, “Personal Data”, “process”, “processing” and “Sub-processor” shall have the meanings set out in the Schedule.

SCHEDULE

19              PART A – CONTROLLER TO PROCESSOR

Data processing agreement

This Data Processing Agreement is to be entered into by FCDO Services and the Customer, as defined in the Agreement, for whom FCDO Services processes Personal Data in the course of providing Services under the Agreement.

1. Definitions and Interpretation

1.1. In this Data Processing Agreement, the following definitions shall apply, unless the context does not so admit:

 

1.2 The following rules of interpretation apply in this Data Processing Agreement:

• 1.2.1 reference to any statute or statutory provision is a reference to that statute or statutory provision as from time to time amended, extended or re-enacted;
• 1.2.2 words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
• 1.2.3 clause headings shall not affect the interpretation of the provisions of this Data Processing Agreement;
• 1.2.4 any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
• 1.2.5 all references to a party or the parties include their permitted successors and assignees.

Obligations of FCDO Services

2.1. The Customer and FCDO Services acknowledge that for the purposes of the Data Protection Legislation, the Customer is:

• 2.1.1 in relation to Personal Data generated by it, the Data Controller; and
• 2.1.2 in relation to Personal Data generated by a Customer or Service Beneficiary, the Data Processor; and

FCDO Services is:

• 2.1.3 in relation to (a) above, the Data Processor; or
• 2.1.4 in relation to (b) above, a Sub-processor.

2.2. FCDO Services shall Process the Personal Data in compliance with the Data Protection Legislation and, subject to such compliance, only in accordance with the Customer’s written instructions from time to time pursuant to and for the Purposes and shall not Process the Personal Data for any purpose other than a purpose authorised by the Customer.

2.3. FCDO Services shall notify the Customer immediately if it considers at any time that any of the Customer’s instructions infringe the Data Protection Legislation.

2.4 FCDO Services shall:

• 2.4.1 at the request of the Customer, provide all reasonable assistance to the Customer in the preparation of any Data Protection Impact Assessment by the Customer prior to the commencement of any Processing. Such assistance may, at the discretion of the Customer, include:
  • (a) a systematic description of the envisaged processing operations and the purpose of the processing;
  • (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services;
  • (c) an assessment of the risks to the rights and freedoms of Data Subjects; and
  • (d) the measures envisaged to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of Personal Data.
• 2.4.2 ensure that access to the Personal Data is limited to those employees or other personnel who need access to the Personal Data to meet FCDO Services’ obligations under the Agreement or this Data Processing Agreement and for the performance of their duties;
• 2.4.3 ensure that such employees or other personnel:
  • (a) have undergone adequate training in the use, care, protection, and handling of Personal Data; and
  • (b) are subject to appropriate confidentiality undertakings with FCDO Services and are informed of the confidential nature of the Personal Data and do not publish, disclose, or divulge any of the Personal Data to any third-party save as permitted by this Data Processing Agreement;
• 2.4.4 effect and maintain all reasonable Protective Measures to prevent any Data Loss Event or Personal Data Breach and upon written request from the Customer, and will provide the Customer with a detailed written description of such Protective Measures in place. In the event of the Customer reasonably rejecting Protective Measures put in place by the FCDO Services, FCDO Services must propose alternative Protective Measures to the satisfaction of the Customer. Failure to reject shall not amount to approval by the Customer of the adequacy of the Protective Measures. Protective Measures must take account of the:
  • (a) nature of the data to be protected;
  • (b) harm that might result from a Data Loss Event;
  • (c) state of technological development; and
  • (d) cost of implementing any measures;
• 2.4.5 keep accurate and up-to-date records relating to FCDO Services’ Processing of Personal Data, and shall make available to the Customer on request such information as is reasonably necessary to demonstrate compliance with the obligations set out in this Data Processing Agreement;
• 2.4.6 always subject to full compliance with the relevant Security Requirements (as determined by FCDO Services acting reasonably but otherwise in its sole discretion), permit the Customer and/or its accredited advisors (at the expense of the Customer) to have access to any business continuity plan, and relevant records as may be reasonably required by the Customer upon reasonable notice at any time for the purposes of conducting an audit in order to verify FCDO Services’ compliance with this Data Processing Agreement subject to a maximum of one visit per annum;
• 2.4.7 at the Customer’s expense, and subject to the relevant Security Requirements provide the Customer and/or its accredited advisors with all reasonable co-operation, access, and assistance in relation to each such audit;
• 2.4.8 notify the Customer as soon as practicable where FCDO Services has received as a result of FCDO Services’ acts or omissions or purported acts or omissions a complaint, notice or other communication from a Data Subject, which relates directly or indirectly to the Processing of the Personal Data or to the Customer’s or the Service Beneficiary’s compliance with the Data Protection Legislation and provide the Customer with full co-operation and assistance in relation to any such complaint, notice or communication;
• 2.4.9 where the Customer or any Service Beneficiary is required to deal or comply with any enquiry, notice or investigation by the Information Commissioner relating to FCDO Services’ Processing of Personal Data pursuant to the Agreement, co-operate with the Customer to enable the Customer or Service Beneficiary to reasonably comply with its obligations in connection therewith;
• 2.4.10 restore or recreate in a timely manner all Personal Data, which is the subject of a Data Loss Event in breach by FCDO Services or any of FCDO Services’ personnel of this Data Processing Agreement;
• 2.4.11 only keep the Personal Data provided by the Customer or otherwise obtained in connection with the Agreement for as long as is necessary in order to comply with its contractual obligations thereunder to the Customer or as otherwise required by Law;
• 2.4.12 notify the Customer in writing of any notices or correspondence received by it relating to the Processing of any Personal Data pursuant to or supplied for the Purposes, including any Data Subject Access Requests, requests from Data Subjects for rectification or erasure of Personal Data, complaints or objections;
• 2.4.13 promptly notify the Customer in writing if any Personal Data has been Processed or disclosed in breach of this Data Processing Agreement;
• 2.4.14 promptly notify the Customer if FCDO Services suspects or becomes aware of any actual, threatened, or potential Data Loss Event or Personal Data Breach and shall ensure all such notices include full and complete details relating to such breach, in particular:
  • (a) the nature and facts of such event or breach including the categories and number of Personal Data records and, if applicable, Data Subjects concerned;
  • (b) the contact details of the Data Protection Officer or other representative duly appointed by FCDO Services from whom the Customer can obtain further information relating to such event or breach;
  • (c) in so far as they are reasonably apparent, the likely consequences or potential consequences of such event or breach; and
  • (d) the measures taken or proposed to be taken by FCDO Services to address such event or breach and to mitigate any possible adverse effects and the proposed implementation dates for such measures; and
• 2.4.15 unless prohibited by Law, on request at any time and on the expiry or termination of the Agreement at the Customer’s option and expense (i) return all Personal Data and copies of it in such format as the Customer may reasonably require, (ii) securely dispose of the Personal Data, (iii) amend the Personal Data, or (iv) transfer the Personal Data provided such transfer is in accordance with the Data Protection Legislation and otherwise in accordance with the terms of this Data Processing Agreement.

3. Obligations of the Customer

3.1 The Customer acknowledges and agrees, and shall procure that each Service Beneficiary acknowledges and agrees, that to the extent that the Customer or Service Beneficiary accesses the Services from outside of the UK, in order to carry out the Services and/or perform FCDO Services’ other obligations under the Agreement, Personal Data may be, or may be caused to be, transferred, stored, or outside the UK or the country where the Customer or the Service Beneficiary is located.

3.2 Where the provision of Personal Data from one Party to another involves transfer of such data to outside the UK and/or the EEA, if the prior written consent of the non-transferring Party has been obtained and the following conditions are fulfilled:

• 3.2.1 the destination country (and if applicable the entity receiving the Personal Data) has been recognised as adequate by the UK government is in accordance with Article 45 of the UK GDPR or DPA 2018 Section 74A and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or
• 3.2.2 the transferring Party has provided appropriate safeguards in relation to the transfer (whether in accordance with Article 46 of the UK GDPR or DPA 2018 Section 75 and/or Article 46 of the EU GDPR (where applicable)) as determined by the non-transferring Party which could include the relevant parties entering into:
  • (a) where the transfer is subject to UK GDPR:
    • (i) the UK International Data Transfer Agreement (the “IDTA”) as published by the Information Commissioner’s Office or such updated version of such IDTA as is published by the Information Commissioner’s Office under section 119A(1) of the DPA 2018 from time to time; or
    • (ii) the European Commission’s Standard Contractual Clauses per decisions 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (the “EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner’s Office from time to time; and/or
  • (b) where the transfer is subject to EU GDPR, the EU SCCs,
    as well as any additional measures determined by the Controller being implemented by the importing party;
• 3.2.3 the Data Subject has enforceable rights and effective legal remedies;
• 3.2.4 the transferring Party complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist the non-transferring Party in meeting its obligations); and
• 3.2.5 the transferring Party complies with any reasonable instructions notified to it in advance by the non-transferring Party with respect to the Processing of the Personal Data

3.2 The Customer shall:

• 3.3.1 pass to FCDO Services for Processing only such Personal Data, and then only to the extent and in such a manner:
  • (a) as is necessary for the Purposes and in accordance with the Data Protection Legislation; and
  • (b) where the Customer is acting as Data Processor, only with the express written consent of the Data Controller;
• 3.3.2 in passing any such Personal Data to FCDO Services comply with the requirement for fair, lawful (and, as applicable, transparent) data Processing as required by the Data Protection Legislation, in respect of notices to, and (where required) appropriate consent to pass their Personal Data to FCDO Services for the Purposes, from all Data Subjects as well as the Customer’s relevant third-parties including Service Beneficiaries;
• 3.3.3 in connection with the Purposes, take all appropriate Protective Measures against any potential or actual Data Loss Event or Personal Data Breach the result of the acts or omissions of the Customer or within the Customer’s control;
• 3.3.4 provide FCDO Services with such information and assistance (at no cost to FCDO Services) as FCDO Services may require in order to undertake a, or a further, Data Protection Impact Assessment where FCDO Services reasonably considers (in its sole discretion) that the type of Processing required is likely to result in a high risk to the rights and freedoms of Data Subjects;
• 3.3.5 ensure that any Personal Data passed to FCDO Services is accurate and up-to-date;
• 3.3.6 promptly provide such information and assistance as FCDO Services or the Information Commissioner or any other data protection supervisory authority may reasonably require in relation to:
  • (a) any Data Subject Access Request or any request from any Data Subject for rectification or erasure of Personal Data, or any complaint, objection to Processing, or other correspondence; or
  • (b) any approval of the Information Commissioner or other data protection supervisory authority to any Processing of Personal Data, or any request, notice investigation by such supervisory authority;
• 3.3.7 not by any act (including any instruction) or omission, cause FCDO Services to be in breach of the Data Protection Legislation;
• 3.3.8 notify FCDO Services as soon as practicable where the Customer has received a complaint, notice or communication from a Data Subject as a result of the Customer’s acts or omissions, which relates directly or indirectly to the Processing of the Personal Data by FCDO Services or to FCDO Services’ compliance with the Data Protection Legislation and provide FCDO Services (at the Customer’s expense) with full co-operation and assistance in relation to any such complaint, notice or communication; and
• 3.3.9 where FCDO Services is required to deal or comply with any enquiry, notice or investigation by the Information Commissioner relating to FCDO Services’ Processing of Personal Data pursuant to the Agreement, co-operate with and assist FCDO Services where required to enable FCDO Services to fully comply with its obligations in connection therewith.

4. Sub-processors

• 4.1. The Customer consents, and will ensure that its Service Beneficiaries consent, to FCDO Services appointing a Sub-processor provided that:
  • 4.1.1 FCDO Services shall be responsible for the acts or omissions of the Sub-processor as if the act or omission was that of FCDO Services;
  • 4.1.2 the Sub-processor’s contract with FCDO Services, in so far as it relates to Processing of the Personal Data, is on written terms that are materially the same as those set out in this Data Processing Agreement;
  • 4.1.3 FCDO Services notifies the Customer and/or Service Beneficiary in writing of the intended Sub-processor and its Processing;
  • 4.1.4 FCDO Services obtains the written consent of the Customer; and
  • 4.1.5 the Sub-processor is based in the UK only, but the Parties will discuss in good faith and agree any use of a Sub-processor to be based outside of the UK.
• 4.2. The Parties agree to take account of any guidance issued by the Information Commissioner’s Office. The Customer may upon giving FCDO Services not less than thirty (30) Working Days’ notice, amend this Data Processing Agreement to ensure that it complies with any guidance issued by the Information Commissioner’s Office.

5    Indemnities

5.1. Subject to the limitations of liability set out the Agreement, which shall apply to this indemnity and this Data Processing Agreement as if expressly set out and repeated mutatis mutandis herein, each Party (“Indemnifying Party”) shall indemnify and keep indemnified the other Party (“Indemnified Party”) from and against any loss, cost, claim, proceedings, penalty, fine or expense (including legal and other professional advisors costs and expenses) suffered or incurred by the other Party which arises out of or in connection with any failure by the Indemnifying Party (in the case of the Customer, whether the result of its own acts or omissions or those of any Service Beneficiary) to comply with its obligations under this Data Processing Agreement or otherwise under the Data Protection Legislation.

6    Term

6.1. For the avoidance of doubt, but without prejudice to any accrued rights or obligations of either Party, this Data Processing Agreement shall expire or terminate on expiry or termination for any reason of the Agreement.

20              ANNEX – DESCRIPTION OF PERSONAL DATA TO BE PROCESSED UNDER THE AGREEMENT

21              PART B – CONTROLLER TO CONTROLLER

Data processing agreement

(This Data Processing Agreement is to be entered into by FCDO Services and the Customer, as defined in the Agreement, for whom FCDO Services processes Personal Data in the course of providing Services under the Agreement)

1. Definitions and Interpretation

1.1. In this Data Processing Agreement, the following definitions shall apply, unless the context does not so admit:

 

1.2 The following rules of interpretation apply in this Data Processing Agreement:

• 1.2.1 reference to any statute or statutory provision is a reference to that statute or statutory provision as from time to time amended, extended or re-enacted;
• 1.2.2 words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
• 1.2.3 clause headings shall not affect the interpretation of the provisions of this Data Processing Agreement;
• 1.2.4 any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
• 1.2.5 all references to a party or the parties include their permitted successors and assignees.

2 Obligations of FCDO Services

2.1. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the joint control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.

2.2. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it.

2.3. Where a Party has provided Personal Data to the other Party, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require.

2.4. The Parties shall be responsible for their own compliance with Articles 13 and 14 of the UK GDPR in respect of the Processing of Personal Data for the purposes of this Contract.

2.5. The Parties shall only provide Personal Data to each other:

• 2.5.1 to the extent necessary to perform the respective obligations under this Agreement;
• 2.5.2 in compliance with the Data Protection Legislation (including by ensuring all required fair Processing information has been given to affected Data Subjects);
• 2.5.3 where the provision of Personal Data from one Party to another involves transfer of such data to outside the UK and/or the EEA, if the prior written consent of the non-transferring Party has been obtained and the following conditions are fulfilled:
  • (a) the destination country (and if applicable the entity receiving the Personal Data) has been recognised as adequate by the UK government is in accordance with Article 45 of the UK GDPR or DPA 2018 Section 74A and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or
  • (b) the transferring Party has provided appropriate safeguards in relation to the transfer (whether in accordance with Article 46 of the UK GDPR or DPA 2018 Section 75 and/or Article 46 of the EU GDPR (where applicable)) as determined by the non-transferring Party which could include the relevant parties entering into:
    • (i) where the transfer is subject to UK GDPR:
      • (A) the UK International Data Transfer Agreement (the “IDTA”) as published by the Information Commissioner’s Office or such updated version of such IDTA as is published by the Information Commissioner’s Office under section 119A(1) of the DPA 2018 from time to time; or
      • (B) the European Commission’s Standard Contractual Clauses per decisions 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (the “EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner’s Office from time to time; and/or
    • (ii) where the transfer is subject to EU GDPR, the EU SCCs,
      as well as any additional measures determined by the Controller being implemented by the importing party;
• 2.5.4 the Data Subject has enforceable rights and effective legal remedies;
• 2.5.5 the transferring Party complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist the non-transferring Party in meeting its obligations); and
• 2.5.6 the transferring Party complies with any reasonable instructions notified to it in advance by the non-transferring Party with respect to the Processing of the Personal Data.

2.6. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its Processing of Personal Data as independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the UK GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the UK GDPR.

2.7. A Party Processing Personal Data for the purposes of this Agreement shall maintain a record of its Processing activities in accordance with Article 30 of the UK GDPR and shall make the record available to the other Party upon reasonable request.

2.8. Where a Party receives a request by any Data Subject to exercise any of their rights under the Data Protection Legislation in relation to the Personal Data provided to it by the other Party, including any Service Beneficiary, pursuant to this Agreement (“the Request Recipient”):

• 2.8.1 the other Party shall provide any information and/or assistance as reasonably requested by the Request Recipient to help it respond to the request or correspondence, at the cost of the Request Recipient; or
• 2.8.2 where the request or correspondence is directed to the other party and/or relates to the other party’s Processing of the Personal Data, the Request Recipient will:
  • (a) promptly, and in any event within 5 Working Days of receipt of the request or correspondence, inform the other party that it has received the same and shall forward such request or correspondence to the other party; and
  • (b) provide any information and/or assistance as reasonably requested by the other party to help it respond to the request or correspondence in the timeframes specified by Data Protection Legislation.

2.9. Each party shall promptly notify the other Party upon it becoming aware of any Data Loss Event relating to Personal Data provided by the other party pursuant to this Agreement and shall:

• 2.9.1 do all such things as reasonably necessary to assist the other Party in mitigating the effects of the Personal Data Breach;
• 2.9.2 implement any measures necessary to restore the security of any compromised Personal Data;
• 2.9.3 collaborate with the other Party to make any required notifications to the Information Commissioner’s Office or any other regulatory authority and affected Data Subjects in accordance with the Data Protection Legislation (including the timeframes set out therein); and
• 2.9.4 not do anything which may damage the reputation of the other Party or that Party’s relationship with the relevant Data Subjects, save as required by any applicable laws.

2.10. Personal Data provided by one Party to the other Party may be used exclusively to exercise rights and obligations under this Agreement.

2.11. Personal Data shall not be retained or Processed for longer than is necessary to perform each Party’s obligations under this Agreement.

3 Indemnities

3.1. Subject to the limitations of liability set out in the Agreement, which shall apply to this indemnity and this Data Processing Agreement as if expressly set out and repeated mutatis mutandis herein, each Party (“Indemnifying Party”) shall indemnify and keep indemnified the other Party (“Indemnified Party”) from and against any loss, cost, claim, proceedings, penalty, fine or expense (including legal and other professional advisors costs and expenses) suffered or incurred by the other Party which arises out of or in connection with any failure by the Indemnifying Party (in the case of the Customer, whether the result of its own acts or omissions or those of any Service Beneficiary) to comply with its obligations under this Data Processing Agreement or otherwise under the Data Protection Legislation.

4 Terms

4.1. For the avoidance of doubt, but without prejudice to any accrued rights or obligations of either Party, this Data Processing Agreement shall expire or terminate on expiry or termination for any reason of the Agreement.

End of document